# Data Flows (/docs/trust/data-flows)



## End-user event flow (SDK → storage → CAPI) [#end-user-event-flow-sdk--storage--capi]

```
End user's device (your app)
  │ (Layers SDK)
  ▼
in.layers.com/l/events  (managed edge)
  │
  ▼
Layers SDK ingest
  │  ├─ IP: dropped after geo-IP region resolution
  │  ├─ email / phone: normalized + SHA-256 hashed in process
  │  ├─ UA: parsed; raw UA not persisted
  │  └─ async enqueue
  │
  ▼
Async processing  →  durable event store
                  │
                  ▼
                 CAPI relay
                  ├──→ Meta Graph API (`layers_{event}`)
                  ├──→ TikTok Business API (standard events)
                  └──→ Apple Search Ads (attribution token, when applicable)
```

Data classification in this flow:

* **Never persisted**: IP, raw email, raw phone, raw UA.
* **Persisted hashed**: `email_sha256`, `phone_sha256` if you sent them.
* **Persisted plaintext**: `user_id` (the id **you** assign —
  recommend it doesn't carry PII), properties JSON, event name,
  timestamp, app id, device os/model.

## Customer / workspace data [#customer--workspace-data]

```
Web app / Mobile / VSCode webview
  │
  ▼
Layers partner API
  │
  ▼
Primary database (US, tenant-isolated)
  ├─ organizations
  ├─ projects
  ├─ project_layers
  ├─ members, roles
  ├─ ads_content, project_ads_content
  ├─ content_containers
  └─ sdk_events (see above)
```

All tenant tables are protected by row-level security. The frontend
never talks directly to the database — every query goes through the
partner API with the org / project context enforced server-side.

## Content generation [#content-generation]

```
User: "generate a Reel about our latest product"
  │
  ▼
Layers partner API  →  Workflow orchestrator  →  Sandboxed agent
                                                    │
                                                    ▼
                                                Model provider (see
                                                AI / LLM data handling)
                                                    │
                                                    ▼
                                                Generated media
                                                    │
                                                    ▼
                                                Object storage (US)
                                                    │
                                                    ▼
                                                content_containers row
```

Data classification:

* **Prompt** (sent to model providers): brand brief, product info,
  previous-creative references. No end-user PII from `sdk_events`.
* **Output**: video / image / copy, stored in object storage.
* **Metadata**: `content_containers` row linking the output to the
  project.

See [AI / LLM data handling](/docs/trust/ai-llm) for which provider
sees what.