← Back to home

Privacy Policy

Last updated June 29, 2026

This policy explains what LaunchPal collects when you scan a site, why we collect it, and who processes it on our behalf. We keep the data we hold to a minimum and never sell it.

1. Who we are

LaunchPal (“we”, “us”) operates the launch-readiness scanner at launchpal.dev. If you have any privacy question, email us at support@launchpal.dev.

2. What we collect

When you run a scan

  • The domain or URL you submit.
  • Your IP address, used only to enforce rate limits and prevent abuse.
  • A Cloudflare Turnstile token, processed by Cloudflare to confirm you’re not a bot. We do not store it long-term.
  • Technical findings about the site you scanned (e.g. response headers, TLS configuration). Detailed evidence is stored server-side only and is never exposed on public or shared pages.

When you log in

  • Your email address, and — if you use Google sign-in — the basic profile your provider returns. Authentication is handled by Supabase.
  • The scans you choose to claim or run while signed in, linked to your account so you can revisit them.

Cookies

We use a small number of essential cookies — see the Cookies section below.

3. What we do not do

  • We do not sell or rent your data to anyone.
  • We do not store full copies of the pages we scan long-term.
  • We do not expose scan evidence on public shares — shared cards show only a score and status, never the underlying findings.
  • We do not run advertising or third-party tracking pixels.

4. Scan data & retention

Anonymous scan results are short-lived: they are cached for about 24 hours and then automatically removed by a scheduled cleanup job. If you start ownership verification for a domain but don’t finish, that pending record is deleted within about 48 hours.

Scans you run or claim while signed in are kept with your account so you can view your history, and are removed when you delete the account or ask us to remove them. Detailed finding evidence is always stored server-side only.

The AI Fix Pack (.md) is generated on demand for the signed-in owner of a scan. It contains your scan’s findings and evidence, so it is never available to anonymous visitors.

5. Third parties we use

We rely on a small set of service providers to run LaunchPal. Each processes data only as needed to provide its part of the service:

  • Supabase — database and authentication (stores your account and scan history).
  • Google — OAuth sign-in, if you choose “Continue with Google”.
  • Resend — transactional email (sign-in links, password resets, confirmations).
  • Cloudflare — Turnstile bot protection, plus hosting of our site (Pages), API (Workers) and static assets such as our logo (R2).

6. Cookies

We use only essential cookies — there is no advertising or analytics tracking. Specifically:

  • A language preference cookie (NEXT_LOCALE) so the site stays in your chosen language.
  • A sign-in session cookie (set by Supabase) when you log in.
  • A bot-protection cookie that Cloudflare Turnstile may set during a scan.
  • A small flag in your browser’s local storage that remembers your cookie choice so we don’t ask again.

Because these cookies are required for the service to work, choosing “Essential only” keeps all of them — it simply confirms we won’t add anything beyond the essentials.

7. Your rights

You can ask us to delete your account and associated data at any time by emailing support@launchpal.dev. Depending on where you live, you may also have the right to access, correct, or export your data — contact us and we’ll help.

8. Children

LaunchPal is not directed at children under 13, and we do not knowingly collect data from them.

9. Changes to this policy

We may update this policy as the product evolves. When we do, we’ll change the “Last updated” date at the top of this page.

10. Contact

Questions about privacy? Email support@launchpal.dev.