Terms & Conditions
Last updated: April 2026
1. About Laya
Laya is an open-source, local-first desktop application that intercepts events from professional tools (such as Jira, Slack, Gmail, Outlook, GitHub, Bitbucket, GitLab, Google Calendar, Linear, Notion, and others you may connect), classifies them using large language models (LLMs), stages suggested actions, and presents them as Action Cards for your review and approval.
Laya runs entirely on your machine. There are no Laya-operated servers, no Laya accounts to create, and no telemetry or analytics data is transmitted to Laya's developers or any third party by the application itself. Laya's developers do not operate any email, messaging, code-hosting, calendar, or other platform accounts on your behalf — every ingestion connection and every outbound action uses credentials you personally provide and operates under your own identity on each platform.
2. Data Processing & Third-Party LLMs
This is the most important section to understand. To classify events, generate action suggestions, power chat, and compute semantic embeddings, Laya sends portions of your professional data to the LLM and embedding providers you configure. The specific data transmitted on any given request depends on the event type, the persona processing it, and the prompts Laya uses, but may include:
- Email subjects, bodies, and attachment metadata from your configured email providers
- Messages, thread content, reactions, and channel metadata from your configured messaging platforms
- Issue titles, descriptions, comments, labels, and status metadata from your configured project- or task-management tools
- Pull or merge request titles, descriptions, code diffs, review comments, and file paths from your configured code-hosting platforms
- Calendar event titles, descriptions, attendee information, and schedule metadata from your configured calendar providers
- Page or document titles, content, and metadata from your configured knowledge bases
- Your team member names, roles, and relationships as configured in Settings
- Any prompts, files, or context you submit through Laya's chat or workspace interfaces
- Any additional data surfaced by custom workflows you build or modify in the bundled n8n automation engine
The list above is illustrative and not exhaustive. You should assume that any content ingested from a connected platform is eligible to be transmitted to your configured LLM provider.
Laya is Local-First. Laya fully supports self-hosted LLM providers including Ollama, LM Studio, and any OpenAI-compatible endpoint. When using self-hosted models, your data does not leave your machine or local network via Laya. This is the recommended configuration.
Laya also supports cloud-hosted LLM providers such as Anthropic (Claude), OpenAI (GPT), Google (Gemini), OpenRouter, and any other OpenAI-compatible provider you configure. If you configure a cloud provider, the data described above will be transmitted to that provider's servers and will be subject to that provider's privacy policy, data-processing agreement, and terms of service.
Different LLM providers handle your data differently. Some retain inputs for abuse monitoring, some offer zero-retention or enterprise endpoints, and some may use your inputs to train or improve their models. Before configuring a cloud-hosted provider, you are responsible for reviewing that provider's current terms and selecting a plan, tier, or endpoint appropriate for the sensitivity of your data.
3. Platform Integrations & Outbound Actions
Laya connects to third-party platforms to ingest events and, with your approval, execute actions on your behalf. All outbound actions are executed exclusively through the connections you personally authorize (via OAuth or API keys you provide) and are attributed to your own account on the destination platform. Example actions include:
- Sending, replying to, or forwarding email through your configured email providers
- Posting messages, replies, or reactions through your configured messaging platforms
- Creating, updating, or commenting on issues through your configured project- or task-management tools
- Commenting on, approving, requesting changes to, or merging pull or merge requests through your configured code-hosting platforms
- Creating, updating, or cancelling events through your configured calendar providers
- Any additional action enabled by workflows you configure in the bundled n8n automation engine
You are solely responsible for the content, timing, recipients, and consequences of every outbound action executed through your connected accounts, regardless of whether that action was originally suggested by an LLM, triggered by a workflow, or produced by a coding agent.
4. Manual Approval & Automatic Execution
No action is executed without your explicit approval unless you have opted into automatic execution for a specific action type, workflow, or rule. LLM-suggested actions may contain errors, hallucinations, factual inaccuracies, incorrect recipients, or otherwise inappropriate content; you are solely responsible for reviewing every staged action before approval.
If you enable automatic execution, Laya will carry out those actions on your behalf without per-action confirmation. Automatic execution amplifies the consequences of any LLM error, misclassification, or prompt-injection attempt originating in ingested content. You accept full responsibility for all actions performed under automatic execution rules you configure.
5. Credential & API Key Handling
Laya stores your API keys and OAuth tokens in your operating system's secure credential store (macOS Keychain, Windows Credential Manager, or Linux Secret Service). Credentials are never stored in plain text on disk by Laya.
API keys are transmitted only to their respective service providers. OAuth tokens are used to authenticate with the platforms you have connected. You can revoke any connection at any time from Settings, and you are responsible for revoking credentials on the originating platform as well if you wish to fully terminate Laya's access.
6. Local Data Storage & Environment Security
All Laya data is stored locally on your machine in the ~/.laya/ directory:
- SQLite database — events, action cards, chat history, audit logs, user feedback
- ChromaDB vector store — semantic embeddings for search and entity resolution
- Logs — application logs (rotated, 10 MB max, 5 files retained)
- Configuration — settings, team definitions, rules, repository paths
You own your data. You may delete the ~/.laya/ directory at any time to remove all Laya data from your system.
Because Laya stores sensitive event content, credentials, and n8n workflow data on disk, the security of that data ultimately depends on the security of your machine. You are responsible for maintaining full-disk encryption, operating-system updates, user-account access controls, endpoint protection, and physical security for any device on which you run Laya.
7. Automation Engine (n8n)
Laya bundles n8n, an open-source workflow automation tool, which runs as a local process on your machine (port 45678). n8n handles event ingestion from connected platforms and executes approved outbound actions. n8n's data and encrypted credentials are stored locally in ~/.laya/n8n/.
You may create, modify, import, or disable n8n workflows beyond those bundled with Laya. Any custom workflows you configure are your own responsibility. n8n is distributed under its own licenses and is not a product of Laya.
8. Coding Agents
Laya can optionally integrate with coding agents (such as Claude Code, Gemini CLI, or OpenAI Codex CLI) to execute development tasks on your behalf. When enabled, these agents operate in your local development environment and may:
- Read and modify files within your configured repositories
- Execute arbitrary shell commands on your machine with the privileges of your user account
- Install dependencies, run build scripts, run tests, and invoke other tooling
- Transmit source code, file contents, and command output to their respective LLM providers
Coding agents carry significant risk. A misinterpreted instruction, erroneous LLM output, or prompt-injection attempt can result in deleted or corrupted files, credential exposure, unintended git history rewrites, or unwanted changes to your environment. You are solely responsible for reviewing agent-proposed changes, sandboxing agent environments appropriately, and maintaining backups.
9. Telemetry & Analytics
Laya itself does not collect, transmit, or share any usage analytics, telemetry, crash reports, or diagnostic data with Laya's developers or any third party.
Laya bundles several open-source third-party components that may emit anonymous telemetry to their respective maintainers by default. Laya makes a best-effort attempt to disable telemetry in every bundled third-party component that offers an opt-out. However, this cannot be guaranteed. If you require an absolute guarantee that no network traffic leaves your machine beyond what you explicitly authorize, we recommend running Laya with an outbound firewall.
10. Cost & Billing
Laya itself is free and open-source. However, using cloud-hosted LLM, embedding, or platform providers incurs costs billed directly by those providers to your account. Laya provides cost estimation and budget controls in Settings, but these are approximations and do not constitute billing guarantees.
11. Compliance With Third-Party Platforms
You are responsible for complying with the terms of service, acceptable-use policies, data-processing agreements, and API rate limits of every platform you connect to Laya. Laya does not monitor or enforce these policies on your behalf.
You are also responsible for ensuring that your use of Laya with a given platform is permitted by your employer, organization, or any applicable data-sharing, confidentiality, or regulatory agreement covering the content on that platform.
12. Your Responsibilities
- Ensure you have the right to process data from your connected platforms through LLMs
- Comply with your organization's data-handling, privacy, and acceptable-use policies
- Review the privacy policies of any LLM or platform provider you configure
- Review all staged actions before approving execution
- Secure your machine, as Laya stores sensitive data locally
- Comply with applicable laws regarding automated communications and data processing
- Maintain appropriate backups of any data you cannot afford to lose
13. Disclaimer of Warranties
LAYA IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, ACCURACY, AND UNINTERRUPTED OPERATION.
LLM-generated suggestions, classifications, summaries, and staged actions may be inaccurate, incomplete, biased, or inappropriate. You are solely responsible for reviewing all suggestions before approval.
14. Limitation of Liability
IN NO EVENT SHALL THE AUTHORS, COPYRIGHT HOLDERS, CONTRIBUTORS, OR MAINTAINERS OF LAYA BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, LOSS OF USE, DATA, OR PROFITS, BUSINESS INTERRUPTION, REPUTATIONAL HARM, OR REGULATORY PENALTIES) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
15. Indemnification
To the fullest extent permitted by applicable law, you agree to indemnify, defend, and hold harmless Laya's authors, copyright holders, contributors, and maintainers from and against any claim, demand, loss, liability, damage, fine, penalty, or expense arising out of or related to your use of Laya or your violation of these terms.
16. Age, Authority & Acceptance
By installing, configuring, or using Laya, you represent that you are at least the age of majority in your jurisdiction and that you have the legal capacity to accept these terms. If you are using Laya on behalf of an employer or organization, you further represent that you have the authority to bind that organization to these terms.
If you do not agree with any part of these terms, you must not install or use Laya.
17. Software Updates & Changes to These Terms
Laya may be updated from time to time. Updates may modify data formats, adjust pipeline or prompt behavior, add or remove supported platforms, and revise these terms. Continued use of Laya after an update constitutes acceptance of the then-current terms.
18. Severability & Entire Agreement
If any provision of these terms is found to be invalid or unenforceable, the remaining provisions will continue in full force and effect. These terms, together with the Apache License 2.0 under which Laya is distributed, constitute the entire agreement between you and Laya's contributors regarding your use of the software.
19. Open Source
Laya is open-source software licensed under the Apache License 2.0. You may inspect, modify, and redistribute the source code subject to the license terms. The full license text is available in the LICENSE file in the GitHub repository.