Install for Free

Security at Layer

Spreadsheets hold business-critical information, so we do everything we can
to keep your data safe. To build a platform you can trust, we take meaningful measures with state-of-the-art technologies to ensure your data and privacy are protected by industry-leading features and policy frameworks.

We want to share practices we follow and our internal security policies to keep your data secure. Also, we will help you understand what we're doing to continually improve the security of your spreadsheet data.

Data and Infrastructure Encryption

All personal and spreadsheet data are encrypted in transit (using TLS 1.2 or higher) and at rest (through AES-256).

Cloud-based deployment. We use the EU-hosted Google Cloud Platform for production servers and operate in multiple zones to create robustness against outages.

All data is processed and stored at Google data centers monitored by 24/7 security, biometric scanning, and video surveillance, and are SOC 1, SOC 2, and SOC 3 certified.

CloudFlare DDoS protection and mitigation to secure website, app, and entire cloud infrastructure, ensuring the performance of legitimate traffic is not compromised.

Cybersecurity and
 Operational Security

Operational Security

Our operational security policies include policies governing IT assets, access controls, internet access policies, antivirus policies, remote access policies, and other risk mitigation measures.

We have advanced alerting and monitoring systems for both security and uptime.

Engineers are on call 24/7 in case any problems are detected. Specifics to our operational measures may be provided upon request.

Code Security

Any code gets inspected closely before releasing it. Our engineers inspect each new feature's logic, and information flows to ensure no security vulnerabilities are introduced. But because humans aren't perfect, we also write tests to confirm the application does not behave in an unexpected way.

We also run semiautomatic scanning tools, like Snyk, for new features to find any security problems.

We have fully functional automation systems implemented, which enable us to deploy changes to any of our applications in minutes. We typically deploy multiple times a week—so we are well placed to roll out a security fix quickly, should the need arise.

Third Party Components

We use third-party software to make Layer better every day. Of course, it is never as simple as using a component and then forgetting about it, so at Layer, we review and monitor our third-party components for known vulnerabilities.

Each report is analyzed and acted upon based on the criticality of the vulnerability, with a response time from one day for critical vulnerabilities to eight days for medium-risk vulnerabilities (as defined by their CVSS score).

Penetration Testing

We conduct regular penetration and vulnerability testing to proactively identify and remediate any security vulnerabilities in the Layer system.

We are independently audited by the security company X41-D-Sec.

At Layer, we have a vital interest in making sure your data is protected. Every person, team, and organization deserves and expects their data to be secure and confidential. Protecting this data is a critical responsibility we have to our users and customers, and we continue to work very hard to maintain that trust.

Ernests Layer

Ernests Karlsons

Co-Founder & CTO

Policies &
 Certifications

User Permission Management

Your files can only be accessed by you and no one else. We operate according to the principle of least privilege and conduct regular checks to ensure that Layer personnel is only granted the permissions needed to perform their job functions.

GDPR Compliance

We are fully GDPR-compliant. We work with a German-based, TÜV certified service heyData GmbH, ensuring GDPR compliance by conducting audits, employee training, and coaching.

Data Retention Policy

According to article 17 of the GDPR (EU), our physical and electronic records data retention policies ensure that no longer needed records or ones of no value are deleted at regular intervals.

Security Certifications

We are currently undergoing the process of becoming a SOC 1 and also SOC 2 Type 2 certified organisation.

Get Started in Minutes!

Layer works on top of your existing Google Sheets —
No new licenses, learning curve, or heavy implementation.