How Layne handles your data.

About this service

Layne is a private, invite-only audition-tracking tool for working actors. It is not a public product. You bring your own Gmail account and casting-platform credentials, and the application organizes your auditions in one place.

What data we access

When you connect your Gmail account, Layne requests permission to read messages from a small allowlist of casting-platform senders (Casting Networks, Actors Access, Casting Frontier, Casting.com, etc.) and to manage labels for organizing those messages. The application does not read mail outside that allowlist. We use Google’s push-notification service to be notified when new mail arrives so we don’t need to poll your inbox.

We store the parsed contents of those casting emails (project name, casting director, role, rate, deadlines, body text), and we store the OAuth refresh token so the connection stays alive between sessions. Refresh tokens and platform credentials are encrypted at rest using AES-256-GCM.

How we use Google user data

Gmail data is used solely to populate your audition list and surface scoring, deadlines, and notifications inside Layne. It is never sold, never used for advertising, never used to train AI models, and never shared with third parties except as needed to provide the service (see “Service providers” below). Use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Service providers

Layne relies on a small number of vendors to operate: Supabase (database and authentication), Vercel (web hosting), Railway (background worker hosting), Anthropic (AI scoring of audition fit), and Twilio (SMS notifications about high-priority auditions). Casting-email content may pass through these providers as part of normal operation. None of them use the data for purposes beyond delivering the service.

Retention and deletion

Audition data is retained while your account is active so the application can compute history (e.g. how many times you’ve auditioned for a given casting director). You can disconnect Gmail at any time from the settings page, which revokes our refresh token and stops further sync. To delete your account and all associated data, email the address below and we will purge it within seven days.

Security

Data in transit is protected with TLS. Data at rest is stored in Supabase Postgres with row-level security so you can only see your own rows. Sensitive credentials (Gmail refresh tokens, casting-platform passwords) are encrypted with a server-side key before being written to the database.

Contact

Questions, deletion requests, or anything else: ccmacmini@gmail.com.