Privacy Policy
Last updated: 9 April 2026
Launchli GmbH ("Launchli", "we", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and safeguard your personal data when you use the Launchli platform, in compliance with the Swiss Federal Act on Data Protection (nFADP) and the EU General Data Protection Regulation (GDPR).
1. Data Controller
The data controller responsible for the processing of your personal data is Launchli GmbH, Zurich, Switzerland. You can reach our data protection team at privacy@launchli.app.
2. Data Collected
We collect the following categories of personal data:
Account data
- Name, email address, and password (hashed) when you register
- Organization name and team membership information
- Billing details (processed and stored by Stripe; we do not store full credit card numbers)
Brand and campaign data
- Brand profiles, descriptions, voice attributes, and target audience information you provide
- Campaign parameters, generated content, and deliverable exports
- Documents and materials you upload for brand analysis
Technical and usage data
- IP address, browser type, device information, and operating system
- Pages visited, features used, timestamps, and session duration
- Error logs and performance data (no personal content included)
3. Legal Basis for Processing
We process your personal data on the following legal bases under nFADP and GDPR:
- Contract performance — to provide you with the Launchli platform and its features (Art. 6(1)(b) GDPR)
- Legitimate interest — to improve the Service, prevent fraud, and ensure security (Art. 6(1)(f) GDPR)
- Legal obligation — to comply with Swiss tax, accounting, and regulatory requirements (Art. 6(1)(c) GDPR)
- Consent — for optional analytics and marketing communications, which you can withdraw at any time (Art. 6(1)(a) GDPR)
4. Data Storage
All primary data is stored on Supabase infrastructure located in the European Union (EU). Data is encrypted at rest using AES-256 encryption and in transit using TLS 1.2 or higher.
We implement strict access controls, row-level security (RLS) policies, and multi-tenant isolation to ensure your data is protected and accessible only to authorized members of your organization.
5. Data Retention Periods
We retain your data only as long as necessary for the purposes described in this policy:
- Account data — retained for the duration of your account. Deleted within 30 days of account closure.
- Brand and campaign data — retained for the duration of your account. Deleted within 30 days of account closure.
- Usage and access logs — retained for 90 days, then automatically purged.
- Billing and invoicing records — retained for 10 years after the transaction, as required by Swiss commercial law (OR Art. 958f).
6. Third-Party Processors
We share your data with the following third-party service providers, each bound by data processing agreements:
| Processor | Purpose | Data location |
|---|---|---|
| Supabase | Database, authentication, file storage | EU (Frankfurt) |
| Anthropic | AI content generation (Claude API) | US (no-training header applied) |
| Voyage AI | Text embeddings for RAG search | US |
| Vercel | Application hosting and edge functions | EU / Global edge |
| Stripe | Payment processing and billing | EU / US |
7. AI No-Training Commitment
Launchli includes the "anthropic-beta: no-training" header on every API call to Anthropic. Your data is never used to train AI models.
All data sent to Anthropic's Claude API for content generation is processed solely for providing you with the requested output. Anthropic does not use data submitted via API with the no-training header to train or improve their models.
Your brand data, campaign content, and business information remain yours. We do not use your content to train any AI model, build datasets, or share with other customers.
9. Your Rights
Under nFADP and GDPR, you have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — correct inaccurate or incomplete data
- Right to erasure — request deletion of your personal data ("right to be forgotten")
- Right to data portability — receive your data in a structured, machine-readable format
- Right to restriction — restrict processing of your personal data in certain circumstances
- Right to object — object to processing based on legitimate interest
To exercise any of these rights, contact us at privacy@launchli.app. We will respond within 30 days. You also have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or a relevant EU supervisory authority.
10. Children's Privacy
Launchli is a business tool designed for professional use. We do not knowingly collect personal data from individuals under the age of 16. If we discover that we have collected data from a minor, we will promptly delete it.
11. International Data Transfers
Certain processors (Anthropic, Voyage AI, Stripe) may process data in the United States. These transfers are protected by Standard Contractual Clauses (SCCs) and the Swiss-U.S. Data Privacy Framework, as applicable.
We ensure that all international data transfers provide an adequate level of data protection consistent with nFADP and GDPR requirements.
12. Policy Updates
We may update this Privacy Policy from time to time. Material changes will be communicated via email notification or an in-app banner at least 14 days before they take effect. Your continued use of Launchli after the effective date constitutes acceptance of the updated policy.
13. Contact & Data Protection Officer
For any privacy-related questions, requests, or concerns, please contact our data protection team:
Email: privacy@launchli.app