# Trust Center (/docs/trust/overview)



This section is for security and privacy questions about the Layers
platform itself: who processes your data, how, where, and under what
contractual terms.

<Callout type="info">
  Commercial security terms (signed DPA, custom retention, security
  questionnaires) are negotiated at contract time. Email
  [legal@layers.com](mailto:legal@layers.com) to start that
  conversation.
</Callout>

## In this section [#in-this-section]

* [Sub-processors](/docs/trust/subprocessors) — every vendor that
  touches your data.
* [Data flows](/docs/trust/data-flows) — where PII enters, lives, and
  leaves.
* [SDK PII inventory](/docs/trust/sdk-pii) — what the SDK can collect.
* [AI / LLM data handling](/docs/trust/ai-llm) — what goes to the
  model providers.
* [DPA](/docs/trust/dpa) — contractual framework.
* [DSAR](/docs/trust/dsar) — data-subject rights and how to exercise
  them.
* [Security practices](/docs/trust/security) — encryption, access
  controls, disclosure.
* [Certifications](/docs/trust/certifications) — current compliance
  scope.
* [AUP](/docs/trust/aup) — what you can and can't do on Layers.
* [Vault & credentials](/docs/trust/vault) — how we store third-party
  tokens.
* [Incidents](/docs/trust/incidents) — incident response policy.

## Contacts [#contacts]

* **Security issues / vulnerability disclosure**: [security@layers.com](mailto:security@layers.com).
* **Privacy / data protection**: [dpo@layers.com](mailto:dpo@layers.com).
* **Legal, DPA, compliance paperwork**: [legal@layers.com](mailto:legal@layers.com).