Layer App Security

SOC 2 Compliance

Layer has partnered with Vanta to pursue a Service Organization Controls audit (SOC 2 Type II). We are currently in audit in the Type II observation window.


Layer uses industry-tested and accepted standards for encryption.

→ All data stored at rest is encrypted using AES-256 bit encryption.
→ All communication to and from Layer is encrypted using TLS 1.3 to encrypt network traffic between users’ devices and Layer.
→ All files are saved with AES256 encryption in our private cloud, and employee access is restricted.


Layer works with several companies & their tools that help us build & maintain our product. These tools have been carefully chosen based on their support and security practices.

Layer Subprocessors

ISO/IEC 27001 Certification

Layer has partnered with Vanta to pursue ISO/IEC 27001 certification. We plan on being ready to audit in late 2023.

Product Security

Within Layer, permissions can be managed at the company level and at the project level.

Company permissions are managed by a designated owner of the organization in Layer. These permissions determine who can be added to projects within your organization.

Project permissions are managed by a designated owner of any Layer project. These permissions determine who can access project-level data with controls over read and write access. Project owners can also invite users outside of their organization as collaborators on a single project with similar read and write access roles.

Visit Layer’s product documentation for more information on Company and Project permissions.

How to report an issue:

If you believe you have discovered a security-related issue, please contact us at