Legal

Privacy Policy

Effective Date: June 24, 2026

Last Updated: June 24, 2026

Entity: Interlace Systems LLC, a Colorado single-member limited liability company

Service: 3LAY at https://3lay.app

This Privacy Policy describes how Interlace Systems LLC (“Interlace,” “we,” “us,” or “our”) processes personal information when you use 3LAYand related Interlace Web Services delivery infrastructure (collectively, the “Service”). For rules governing use of the Service, see our Terms of Service.

1. Introduction and Scope

3LAY is a marketing infrastructure product operated by Interlace Systems LLC. The Service includes account management, sovereign inbox, outbound campaigns, analytics, API access, optional SMS features, VIBEZ sensory themes, and delivery through Interlace Web Services (“IWS”).

By accessing or using the Service, you acknowledge this Privacy Policy. If you do not agree, do not use the Service.

2. Roles: Controller vs. Processor

2.1 When We Act as Controller

We are the data controller for personal information we collect about you and your team members when you register, authenticate, pay for subscriptions, contact support, or interact with3LAY as a customer.

2.2 When You Act as Controller

When you upload contact lists, send email or SMS, or otherwise transmit personal information about your recipients through the Service, you are the data controller (or authorized processor on behalf of your organization) for that recipient data. We process recipient data solely as your processor to deliver messages, provide analytics, maintain suppressions, and comply with applicable law.

You are responsible for obtaining all required consents, providing required notices, and honoring data-subject rights for your recipients. Our Terms of Service incorporate your obligations as controller.

3. Information We Collect

3.1 Information You Provide

  • Account registration data (email address, username, display name, organization name)
  • Authentication data (hashed passwords, passkeys, OAuth identifiers from Google when enabled)
  • Phone numbers when you opt in to SMS verification or send SMS campaigns
  • Billing and subscription data processed through Stripe (payment method metadata, invoices)
  • Domain and DNS configuration for sender domains you verify
  • Email and SMS content, templates, campaign metadata, and audience lists you upload
  • API keys, webhook endpoints, and integration configuration
  • Support communications, abuse reports, and feedback
  • Wallet addresses when you use optional blockchain or Crypto Boost features

3.2 Information Collected Automatically

  • Device and browser information (user agent, operating system, language)
  • Log data (IP address, timestamps, pages viewed, API request metadata)
  • Delivery and engagement events (sends, bounces, complaints, opens, clicks where tracked)
  • Session and authentication cookies (see Section 8)
  • Usage analytics for product improvement and fraud prevention

3.3 Information From Third Parties

  • Payment status and subscription events from Stripe
  • DNS and deliverability signals from infrastructure providers (e.g., Cloudflare, postal/SES)
  • Identity verification data from Interlace authentication services when you use SSO
  • Public blockchain data associated with wallet addresses you connect

4. How We Use Information

  • Provide, operate, maintain, and improve the Service
  • Authenticate users and secure accounts
  • Process subscriptions, usage metering, credits, and overage billing
  • Transmit email and SMS on your instructions
  • Maintain suppression lists, bounce handling, and abuse prevention
  • Generate analytics, send logs, and deliverability reports
  • Provision and verify custom sender domains and DNS records
  • Send administrative, transactional, and security communications
  • Deliver one-time passcodes (OTP) and other transactional SMS you request
  • Investigate abuse, enforce Terms, and comply with legal obligations
  • Facilitate optional VIBEZ themes and cross-app Interlace integrations
  • Process optional blockchain transactions and gas sponsorship when you enable those features

5. How We Share Information

We do not sell your personal information. We do not sell recipient lists or use your audience data for our own marketing.

We may share information in these circumstances:

  • Service providers: Vendors that help us operate the Service, including Stripe (payments), Vercel (hosting), Cloudflare (DNS and security), AWS (email/SMS infrastructure), database and storage providers, and authentication partners
  • At your direction: Recipients, mailbox providers, and carriers when you send messages; webhook endpoints you configure
  • Legal requirements: When required by law, subpoena, court order, or to protect rights, safety, and integrity of the Service
  • Business transfers: In connection with merger, acquisition, financing, or sale of assets, subject to confidentiality obligations
  • With consent: When you explicitly authorize sharing
  • Aggregated or de-identified data: That cannot reasonably identify you or your recipients

6. Messaging and Recipient Data

When you send email or SMS through 3LAY, we process recipient addresses, message content, and delivery metadata to complete transmission. We may retain send logs, bounce and complaint events, and suppression records for deliverability, legal compliance, and dispute resolution.

You must not upload or transmit sensitive categories of data (health, financial account numbers, government IDs, children’s data) through the Service unless you have a lawful basis and appropriate safeguards. We may suspend accounts that process prohibited data types.

Spam complaints and hard bounces may automatically add addresses to your suppression list to protect sender reputation and comply with industry standards.

7. Data Retention

We retain account and billing data for as long as your account is active and as needed to provide the Service. After termination, we may retain certain records for fraud prevention, billing disputes, legal compliance, and enforcement for a commercially reasonable period.

Message logs and analytics may be retained according to your plan limits and our archival policies. You may request deletion of account data subject to legal exceptions.

Blockchain transaction data associated with optional features is public and immutable; we cannot delete on-chain records.

8. Cookies and Similar Technologies

  • Essential cookies: Authentication, session management, and security
  • Preference cookies: Theme selections, VIBEZ settings, and UI state
  • Analytics cookies: Usage measurement to improve the Service

You can control cookies through browser settings. Disabling essential cookies may prevent sign-in or console access.

9. SMS and Text Messaging

When you provide a phone number and consent to verification or transactional SMS, we may send one-time codes and account alerts. Message and data rates may apply.

  • Marketing SMS requires separate opt-in and compliant unsubscribe handling
  • Reply STOP to opt out where supported; reply HELP for assistance
  • Contact privacy@interlace.systems for SMS privacy questions

SMS delivery may be provided by third-party carriers and aggregators under their own policies.

10. Data Security

We implement commercially reasonable safeguards, including:

  • Encryption in transit (TLS)
  • Encryption at rest for sensitive credentials and secrets
  • Role-based access controls and API key scoping
  • Webhook signature verification and idempotent processing
  • Monitoring for abuse, credential stuffing, and anomalous sending patterns

No system is perfectly secure. You are responsible for safeguarding API keys, webhook secrets, and account credentials.

11. International Data Transfers

The Service is operated from the United States. If you access the Service from outside the U.S., your information may be transferred to, stored in, and processed in the U.S. and other countries where our providers operate. By using the Service, you consent to such transfers.

Where required, we implement appropriate safeguards for cross-border transfers (such as Standard Contractual Clauses) for enterprise customers upon request.

12. Your Rights and Choices

Depending on your jurisdiction, you may have the right to:

  • Access personal information we hold about you
  • Correct inaccurate information
  • Delete information, subject to legal and operational exceptions
  • Restrict or object to certain processing
  • Data portability
  • Withdraw consent where processing is consent-based
  • Opt out of sale or targeted advertising (we do not sell personal data)

To exercise rights regarding your 3LAY account, contact privacy@interlace.systems. We will verify your request before responding.

Recipient requests: If you received a message from a 3LAY customer and want to exercise privacy rights, contact the sender first. We may assist senders in fulfilling lawful requests but generally cannot delete data controlled by our customers without their instruction.

13. U.S. State Privacy Laws

13.1 Colorado Privacy Act

As a Colorado entity, we comply with the Colorado Privacy Act (CPA). Colorado residents may exercise applicable rights by contacting privacy@interlace.systems. We do not sell personal data.

13.2 California and Other States

Residents of California, Virginia, Connecticut, and other states with comprehensive privacy laws may have additional rights. We honor applicable requests in accordance with law.

14. Children’s Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, contactprivacy@interlace.systems and we will take steps to delete it.

Commercial messaging to minors may be restricted by law. You must not use the Service to contact children without lawful authority and parental consent where required.

15. Third-Party Links and Services

The Service may link to third-party sites (Stripe checkout, Interlace Systems, blockchain explorers, documentation). We are not responsible for their privacy practices. Review their policies before providing information.

16. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated “Last Updated” date and, where appropriate, notified via email or in-product notice. Continued use after changes constitutes acceptance.

17. Contact Us

Interlace Systems LLC

3560 Summer Breeze Dr, Colorado Springs, CO 80918, USA

Privacy: privacy@interlace.systems

Legal: legal@interlace.systems

Abuse: abuse@interlace.systems

Website: https://3lay.app

State of Incorporation: Colorado, USA

This Privacy Policy is provided for transparency and operational clarity. It does not constitute legal advice. Consult qualified counsel for compliance questions specific to your use case.