Privacy Policy

Last updated: June 25, 2026

Who we are

LaunchPanda is operated by Welsenes Brothers V.O.F., registered at Nieuwe Prinsengracht 92-2, 1018VW Amsterdam, The Netherlands (KVK 77647157, VAT NL861078937B01). When we say “we”, “us”, or “LaunchPanda”, we mean this entity.

What data we collect

We collect the minimum data needed to provide the service:

  • Account information. When you sign in with Google we receive your name, email address, and profile picture. We use this to identify your account and send transactional email.
  • Startup Profile data. The product information you enter (tool name, tagline, descriptions, website URL, category, pricing model, founder name, X handle, logo URL). Stored to pre-fill directory submissions and to submit on your behalf when you buy Auto Launch.
  • Submission progress. Which directories you have marked as completed, the submission state recorded per directory, and the launch order snapshot. Stored to track your progress and keep your profile's history accurate.
  • Payment data. When you buy Pro, Auto Launch, or a Featured slot, Stripe collects your billing address, VAT ID (if applicable), and payment method. We never see or store your card details. We store the Stripe customer ID, the Stripe session ID, and the order metadata so we can reconcile payments and grant entitlements.
  • Email activity. When we send you transactional or marketing email through Resend, we store the send timestamp, the recipient address, the message ID, and the delivery status. Used for deduplication, debugging, and compliance with your opt-out preferences.
  • Marketing preferences. A marketingOptOut flag on your profile and a per-account unsubscribe token. Used to respect opt-outs across devices without requiring sign-in.
  • Feedback. If you submit feedback via the in-app widget, we store your message, the page URL, and your user ID (if signed in).
  • Waitlist + referral data. If you join a waitlist we store your email. If you arrive through a partner referral link (e.g. ?ref=verifieddr), we set a first-party cookie (lp_ref) for up to 30 days and attach the partner identifier to any subsequent Stripe checkout so revenue can be attributed correctly. The cookie value is the partner's short slug, nothing else.
  • Analytics. We use DataFast for product analytics. It sets first-party cookies (datafast_visitor_id, datafast_session_id) to count unique visitors and sessions. No personal data is sent.

How Auto Launch shares your data with third parties

When you purchase Auto Launch, you instruct us to submit your product information to 40 to 50 vetted directories on your behalf. We send the profile fields you provided (name, description, website URL, logo, category, pricing model, X handle) to a fixed set of partner APIs:

  • VibeCodingList, partner-API submission. Their team emails you a claim link separately.
  • EasyLaunch, partner-API submission to easylaunch.dev.
  • EasyDoFollow, partner-API submission to easydofollow.dev.
  • LemonLaunch, partner-API submission.
  • The remaining directories in your profile's blueprint. For each, we either submit via their public form or coordinate with the directory operator directly. The exact list is visible inside your /launched page after purchase.

Each directory has its own privacy policy. Once your product is listed on a directory, that directory's terms govern the data on its site. We do not control how individual directories store or display the information you provided.

Legal basis for processing (GDPR)

We process your personal data based on:

  • Contract performance. Processing your account data, Startup Profile information, and payment data is necessary to provide the service you signed up for.
  • Legitimate interest. We process usage data to improve the service, fix bugs, prevent abuse, and personalize directory recommendations.
  • Legal obligation. Payment records are retained by Stripe and reflected on our side to meet Dutch tax and accounting rules.
  • Consent. For non-transactional marketing email (lifecycle nudges, product announcements, weekly digests). You can withdraw consent at any time by clicking unsubscribe in any email we send, or by visiting your account settings.

Where your data is stored

Your data is stored on servers operated by our third-party providers. These servers may be located outside the European Economic Area (EEA), primarily in the United States.

  • Convex, database and backend functions. Servers in the United States.
  • Vercel, frontend hosting and serverless functions. Global edge network with primary infrastructure in the United States.
  • Stripe, payment processing and invoice generation. Stripe Inc. is based in the United States; for EU customers payments are processed by Stripe Payments Europe.
  • Resend, transactional and marketing email delivery. Servers in the United States.
  • DataFast, product analytics. Servers as per DataFast's privacy notice.
  • Google, OAuth authentication only.

Where data is transferred outside the EEA, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards as provided by our service providers to ensure an adequate level of data protection.

How we store your data

Your data is stored in our database (hosted on Convex) and is encrypted in transit (HTTPS/TLS) and at rest. Authentication tokens are stored securely in your browser's local storage. Stripe handles all card data and is PCI DSS Level 1 certified.

Data retention

We retain your data for as long as your account is active.

  • Account + profile data. Retained until you request account deletion.
  • Submission progress. Retained until you reset progress or delete your account.
  • Feedback. Retained for up to 2 years for product improvement, then deleted.
  • Payment + invoice records. Retained by us and by Stripe for 7 years to satisfy Dutch tax law (Algemene wet inzake rijksbelastingen art. 52). These cannot be deleted on request.
  • Email send logs. Retained for 24 months for dedup, deliverability, and abuse prevention.
  • Marketing opt-out token. Retained permanently even after account deletion. Required to honor your opt-out if your email reappears in any future signup.

How we use your data

  • To operate and improve LaunchPanda
  • To pre-fill directory submissions and submit on your behalf when you purchase Auto Launch
  • To process payments, calculate VAT, and issue invoices
  • To send transactional email (welcome, order confirmation, Auto Launch progress reports, badge install reminders, testimonial requests)
  • To send marketing email (lifecycle nudges, product updates, weekly digests), unless you have opted out
  • To personalize directory recommendations based on your product's category, stage, and existing backlinks
  • To attribute revenue to partners who referred you, where applicable
  • To prevent fraud, abuse, and rate-limit violations

What we never do

  • We never sell your personal data to third parties
  • We never share your data outside the directories you signed up to be submitted to
  • We never use your data for cross-site advertising or profiling
  • We never store your payment card details, all payment processing is handled by Stripe
  • We never email you marketing content if you have opted out

Cookies

We use first-party cookies for authentication, session management, referral attribution (lp_ref), and analytics (datafast_visitor_id, datafast_session_id). We do not use third-party advertising cookies, retargeting pixels, or social tracking. The DataFast cookies do not contain personal data.

Your rights (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation:

  • Access. Request a copy of all personal data we hold about you.
  • Rectification. Update or correct your personal data through your account settings or by contacting us.
  • Erasure. Request deletion of your account and all associated data (payment + invoice records excepted, see retention).
  • Data portability. Request your data in a machine-readable format.
  • Object. Object to processing based on legitimate interest.
  • Withdraw consent. Unsubscribe from marketing email at any time using the link in any email we send.

To exercise any of these rights, contact us using the address below. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority. In the Netherlands this is the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

Children

LaunchPanda is intended for adults and businesses. We do not knowingly collect data from anyone under 16. If you believe a child has provided us data, contact us and we will delete it.

Changes to this policy

We may update this privacy policy from time to time. If we make significant changes we will notify you by email or by placing a notice on the site. Your continued use of the service after changes constitutes acceptance of the updated policy.

Contact

For privacy questions, data access requests, or to exercise your GDPR rights:

  • Welsenes Brothers V.O.F.
  • Nieuwe Prinsengracht 92-2, 1018VW Amsterdam, The Netherlands
  • Email: welsenes.brothers@gmail.com