Privacy Policy

LaunchKits exists to sell business operations software you own outright. The data we collect reflects that posture. We need your email to deliver what you bought and to log you back in. We need your purchase records to know which kits and tools belong to you. We need your saved builder configurations so the Website Builder remembers what you were working on. That is essentially the full list. We do not sell data, we do not run third-party advertising on our hub, and we do not host any user-generated content (no chat, no posts, no comments).

LaunchKits ("LaunchKits", "we", "us") is a hosted marketplace and build studio for composable business operations software. We sell production-grade modules and pre-assembled industry packages (collectively, the "Kits") that businesses install on their own infrastructure and own forever. We also operate launchkits.dev (the "Hub"), a Website Builder for designing kit deployments, and optional subscription layers (LaunchKits Pro for ongoing updates and an AI Add-on for natural-language reporting). This policy covers data we collect through the Hub and the optional subscription layers. It does not cover data you collect inside your own deployed kit, since that data lives on your infrastructure under your control.

LaunchKits is built for commercial use. By using the Hub or buying a Kit you confirm you are doing so for a business or commercial purpose, not as a consumer-grade product for personal entertainment.

Account information. Email address (the only required field, used as your account identity and the destination for magic-link sign-in), optional display name, optional GitHub username (used to pre-fill repo claims after purchase). We do not store passwords because we do not use them; sign-in is magic-link only.

Purchase records. When you buy a Kit, module, Pro plan, or AI Add-on through Lemon Squeezy, we receive an order confirmation and store the order ID, product slug, product kind, the GitHub repo URL we provisioned for you, and the purchase timestamp. We do not store credit card numbers, expiry dates, or CVV codes; payment data is handled entirely by Lemon Squeezy.

Builder configurations. When you save a build in the Website Builder, we store the configuration JSON (your selected theme, modules, sections, and content edits) under your account. You can list, open, duplicate, or delete saved builds at any time. While you are working in the Website Builder before you save, your in-progress configuration is held in your browser's local storage under the key lk-builder-state-v1; clearing your browser cache will wipe it.

AI Idea Finder and builder recommendations.If you use the AI Idea Finder on the homepage or click "Get AI Recommendation" in the Website Builder, the short text you type (typically a sentence or two describing the business you are starting) is transmitted to Anthropic to compute a kit and tool match. We do not associate this query with your account, and Anthropic processes it under their own data terms.

Operational logs. Like any web service, our infrastructure providers log basic request metadata (IP, user agent, timestamp, requested URL, response status). These logs are kept short term for debugging and abuse detection. We do not run third-party advertising or behavioral tracking on the Hub.

Cookies. A small number of essential cookies keep you signed in and remember your preferences. We do not use third-party advertising cookies. See Section 7.

We use the data we collect to operate the service: to send you a magic-link email when you ask to sign in, to confirm and provision your purchases, to grant you access to the GitHub repository you bought, to remember your saved builder configurations, to communicate with you about your account or your orders, to detect abuse, and to comply with legal obligations.

We do not use your data to train machine learning models. We do not sell, rent, or trade your personal data to third parties. We do not build advertising profiles. We do not share your purchase history with anyone outside of the subprocessors listed in Section 5.

We rely on a small set of subprocessors to deliver the service. Each one is bound by terms that restrict their use of your data to the purpose of running their part of the stack.

Lemon Squeezy handles all payment processing, tax remittance, and invoicing. When you buy through saasassassin.lemonsqueezy.com, your payment information is collected and stored by Lemon Squeezy under their privacy policy. We receive only the order metadata described in Section 3.

Supabase hosts our authentication system and the Postgres database that holds your account profile, saved builder configurations, and purchase records. Supabase is configured with row-level security so that only your account can read and write your own rows.

Resend is our outbound email provider. Magic-link sign-in emails, purchase confirmations, and any future transactional emails are dispatched through Resend from noreply@launchkits.dev. Resend stores delivery logs for a short retention period; we do not use Resend for marketing email.

Vercel hosts the Hub and runs our serverless API endpoints. Vercel logs basic request metadata as part of normal operation.

GitHub hosts the private repositories we provision for you after a purchase. To deliver a Kit or module we issue a repository invitation to your GitHub username. You accept the invitation; the repository is then yours.

Anthropic powers the optional AI Idea Finder and builder recommendation features. When you use those features, the short text of your query is transmitted to Anthropic for processing.

We may disclose data if compelled by law, court order, or valid legal request, or to protect the rights, property, or safety of LaunchKits, our customers, or the public. If you want a current subprocessor list, email privacy@launchkits.dev.

Account data and saved builder configurations are retained for as long as your account is active. If you delete a saved build, it is removed from our primary database within 30 days. Database backups are kept for up to 90 days for disaster recovery, after which they expire.

Purchase records and billing-related data are retained for as long as required by tax and accounting law in our jurisdiction (typically seven years), even after you delete your account. This is a legal obligation, not a marketing one.

If you close your account, we retain only what we need to honor refund windows, fulfill outstanding obligations, and meet legal retention rules. Everything else is deleted on a 30-day cycle.

We use a small number of essential cookies to keep you signed in (a Supabase session cookie) and remember your preferences. We do not use third-party advertising cookies on the Hub. We may use privacy-respecting analytics in the future to understand how the site is used in aggregate; if we do, we will update this policy and surface a consent banner where regulation requires one.

The Website Builder stores your in-progress build in your browser under the local-storage key lk-builder-state-v1. This data never leaves your device unless you click Save (which writes the build to your account) or Export (which generates code you download). You can clear it from your browser settings or with the Reset button in the Builder toolbar.

Depending on where you live, you may have the right to access the personal data we hold about you, correct inaccurate data, delete your data, restrict or object to processing, receive a portable copy, and withdraw consent. You can edit your display name, GitHub username, and saved builds directly from your account page. To delete your account or request a portable export of your data, email privacy@launchkits.dev.

If you are in the European Economic Area, the United Kingdom, or Switzerland, you also have the right to lodge a complaint with your local data protection authority.

We use industry-standard security practices: TLS for data in transit, encryption at rest on the database layer, magic-link auth (no password to leak), row-level security on tenant tables, scoped service-role access for server-side writes, and a strict separation between client-facing API routes and privileged database operations. No system is perfectly secure, but we treat the security of your data as a first-class concern.

If you discover a security vulnerability, please report it to security@launchkits.dev. We welcome responsible disclosure and will respond within 72 hours.

LaunchKits is operated globally. Your data may be stored or processed in countries other than your own, including the United States, where our infrastructure providers operate. When we transfer personal data out of the European Economic Area or the United Kingdom, we rely on standard contractual clauses or other lawful transfer mechanisms.

LaunchKits is sold for commercial use by businesses, agencies, and developers building production software for paying clients or operating businesses. The Hub is not designed or intended for personal use by minors. By creating an account, you confirm that you are using LaunchKits in a business or commercial capacity. If you believe a minor has created an account, contact privacy@launchkits.dev and we will close it.

We may update this Privacy Policy from time to time. Material changes will be notified by email to your account address, or by an in-app notice, at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the current version.

Privacy questions: privacy@launchkits.dev

General contact: hello@launchkits.dev