Privacy Policy

Last Updated: January 19, 2026
GDPR Compliant

This Privacy Policy explains how Layer6 Systems ("we", "us", or "our") collects, uses, and protects your personal data.

Layer6 Systems is a trading name of Donal Lang, a sole trader registered in the United Kingdom.

We respect your privacy. We are a "data controller" for the information you provide to open an account (billing/contact), and a "data processor" for the content you store on our infrastructure.

1. The Data We Collect

  • Identity Data: Name, username, or similar identifier.
  • Contact Data: Billing address, email address, and telephone number.
  • Financial Data: We do not store credit card numbers. All payment data is handled securely by our payment processor (Stripe). We only retain the last 4 digits and transaction history for tax purposes.
  • Technical Data: IP address, browser type, and OS details when you access our console or API.
  • Usage Data: Bandwidth consumed, storage quotas, and API request logs.

2. How We Use Your Data

We only use your data when the law allows us to, specifically for:

  • Performance of Contract: Provisioning your S3 bucket or managed server.
  • Billing: Calculating usage-based fees (e.g., GB stored) and processing payments.
  • Legal Obligation: Complying with UK tax laws (HMRC).
  • System Security: Monitoring for DDoS attacks, abuse, or unauthorized access.

3. Data Residency & Infrastructure

Our primary physical infrastructure is located in Manchester, United Kingdom. We are a independent provider using private hardware, not a reseller of public cloud space.

For S3 Storage & Hosting Customers: Your data is stored on encrypted-at-rest ZFS storage pools. While we perform automated offsite backups, you (the Customer) act as the Data Controller for any personal data you upload.

4. Third-Party Processors

We share strictly necessary data with the following trusted providers:

Provider Purpose Location
Stripe Payment Processing Global (UK & USA)
Cloudflare DDoS Protection & DNS Global Edge Network
Backblaze B2 Encrypted Off-site Backups EU (Netherlands)

5. Data Retention

We retain customer billing data for 6 years as required by HMRC for tax purposes.

Service Data: Upon account termination, your S3 buckets and VM data are permanently deleted from our primary storage within 30 days. Encrypted backups may remain in rotation for up to 90 days before being overwritten.

6. Your Legal Rights (UK GDPR)

You have the right to:

  • Request access to your personal data.
  • Request correction or erasure of your data.
  • Object to processing or request restriction of processing.

Contact for Privacy: privacy@layer6.co.uk

ICO Registration: Pending

© 2026 Layer6 Systems.

Trading style of Donal Lang.

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO). We would, however, appreciate the chance to deal with your concerns before you approach the ICO.