Security at Layer
Spreadsheets hold business-critical information, so we do everything we can
to keep your data safe. To build a platform you can trust, we take meaningful measures with state-of-the-art technologies to ensure your data and privacy are protected by industry-leading features and policy frameworks.
We want to share practices we follow and our internal security policies to keep your data secure. Also, we will help you understand what we're doing to continually improve the security of your spreadsheet data.
Cybersecurity and Operational Security
Operational Security
Our operational security policies include policies governing IT assets, access controls, internet access policies, antivirus policies, remote access policies, and other risk mitigation measures.
We have advanced alerting and monitoring systems for both security and uptime.
Engineers are on call 24/7 in case any problems are detected. Specifics to our operational measures may be provided upon request.
Code Security
Any code gets inspected closely before releasing it. Our engineers inspect each new feature's logic, and information flows to ensure no security vulnerabilities are introduced. But because humans aren't perfect, we also write tests to confirm the application does not behave in an unexpected way.
We also run semiautomatic scanning tools, like Snyk, for new features to find any security problems.
We have fully functional automation systems implemented, which enable us to deploy changes to any of our applications in minutes. We typically deploy multiple times a week—so we are well placed to roll out a security fix quickly, should the need arise.
Third Party Components
We use third-party software to make Layer better every day. Of course, it is never as simple as using a component and then forgetting about it, so at Layer, we review and monitor our third-party components for known vulnerabilities.
Each report is analyzed and acted upon based on the criticality of the vulnerability, with a response time from one day for critical vulnerabilities to eight days for medium-risk vulnerabilities (as defined by their CVSS score).
Penetration Testing
We conduct regular penetration and vulnerability testing to proactively identify and remediate any security vulnerabilities in the Layer system.
We are independently audited by the security company X41-D-Sec.
“At Layer, we have a vital interest in making sure your data is protected. Every person, team, and organization deserves and expects their data to be secure and confidential. Protecting this data is a critical responsibility we have to our users and customers, and we continue to work very hard to maintain that trust.”
Ernests Karlsons
Co-Founder & CTO
Policies & Certifications
User Permission Management
Your files can only be accessed by you and no one else. We operate according to the principle of least privilege and conduct regular checks to ensure that Layer personnel is only granted the permissions needed to perform their job functions.
GDPR Compliance
We are fully GDPR-compliant. We work with a German-based, TÜV certified service heyData GmbH, ensuring GDPR compliance by conducting audits, employee training, and coaching.
Data Retention Policy
According to article 17 of the GDPR (EU), our physical and electronic records data retention policies ensure that no longer needed records or ones of no value are deleted at regular intervals.
Security Certifications
We are currently undergoing the process of becoming a SOC 1 and also SOC 2 Type 2 certified organisation.
Frequently Asked Questions
Get Started in Minutes!
Layer works on top of your existing Google Sheets —
No new licenses, learning curve, or heavy implementation.