MediaLayer

Legal

Privacy Notice

Last updated: May 6, 2026

This notice describes what data MediaLayer processes when you use the website at medialayer.ai or the matching API at api.medialayer.ai (directly or via RapidAPI). It is written for the operational reality of the service rather than as a jurisdiction-specific legal document.

1. What we process

  • URLs you submit. When you call the matching API, you provide source_url and target_url. Our backend downloads each URL, extracts features, and computes a similarity score. Once the response is returned, the downloaded bytes are deleted from temporary storage.
  • Inputs to the website playground. When you use the playground at medialayer.ai/playground, your URLs are forwarded to the matching API server-side. No backend API keys are exposed to your browser.
  • Operational metadata. For every request to the API and the playground we record: timestamp, endpoint, source and target hostnames (not the full URL — never the path or query string), HTTP status, error code if any, processing time, and a hashed identifier derived from your IP address and User-Agent.

2. IP and User-Agent hashing

We do not store raw IP addresses in application logs. Identifiers used for rate limiting and abuse detection are produced by SHA-256 hashing the IP and User-Agent together. This makes the value useful for tying together a session without persisting personally identifying network data.

3. Media files

We do not store the media files you submit beyond the few seconds required to compute a match. Files are downloaded to a temporary directory, opened by the matching algorithm, and then deleted before the response returns. We do not retain copies for analytics, training, or any other purpose.

4. How we use it

We use the operational metadata above to:

  • Enforce rate limits and detect abuse of the demo.
  • Debug failing requests when you report an issue.
  • Measure latency, throughput, and error rates.
  • Plan capacity. Aggregate counts may be retained beyond the log retention window described below.

5. What we do not do

  • We do not log full source_url or target_url values. Hostnames only — so signed-URL tokens, query parameters, and paths never enter logs.
  • We do not sell, rent, or share your data with advertising networks or data brokers.
  • We do not use submitted media to train or fine-tune any model.

6. Third parties

  • RapidAPI. Production access to the API is distributed via RapidAPI. RapidAPI has its own privacy notice that applies to your interactions with the marketplace, your account, and your API key.
  • Hosting providers. The website and the matching backend run on commercial hosting providers, which may collect operational telemetry per their own terms.

7. Data retention

  • Submitted media bytes: deleted at the end of each request.
  • Application logs (hashed identifier, hostname, status, timing): retained up to 30 days for operational purposes, then deleted.
  • Aggregate counters: retained indefinitely as anonymized metrics.

8. Your rights

You may request access to or deletion of any data we hold about you at support@medialayer.ai. We will respond within a reasonable timeframe and in accordance with applicable law.

9. Contact

Privacy questions: support@medialayer.ai.