Privacy Policy
Last Updated: April 23, 2026
What we collect and why — in plain English
Reading this full policy would take 10 minutes and still leave you guessing. Here's the complete picture in under one screen. Every claim below is verifiable against our source code (see the data-collection audit in our repo for file-level citations).
Your identity. When you make an account, we store your email and a username in AWS Cognito. Your password is hashed by Cognito — we never see or store the plain text.
Your location. When you open the 3D globe, Sky View, or "visible from here," your phone's GPS is used on the device only — the coordinate is never sent to our servers. The only times your location leaves your device are when you explicitly save a waypoint or submit a community sighting. For sightings you choose exact, fuzzed (1, 5, or 25 km random offset), or manual (you drag a pin somewhere else). If you fuzz or set a manual location, the public feed only shows the obscured coordinate; we keep the original on our server, invisible to other users, for moderation and law-enforcement response. We never request background location.
Your photos. When you submit a community sighting, your photo uploads directly to our storage. Heads up: we don't currently strip EXIF metadata from your photo. That means if your camera embedded GPS or a timestamp inside the image file itself, those can still be in the file even if you chose "fuzzed" for the sighting's location. If you care, strip EXIF in your phone's photo settings or take the photo with location tagging off. Camera frames from AR Sky View are never uploaded.
Your content. Sightings, comments, reports, and any bounding box you draw are stored exactly as you typed them. Your username is attached unless you post anonymously. Posts are soft-deleted: when you remove one it disappears from the feed and the photo is purged from the retention area after 7 days. Hard-delete on demand isn't available yet — email privacy@launchdetect.com if you need one.
Your device. Push tokens (from Apple or Google) are stored so we can send launch alerts. Browser / OS user-agent hits server logs for 90 days. We do not use your IDFA (iOS) or AAID (Android). The iOS tracking-permission string in our bundle exists because the Stripe payments framework references it; we never show the tracking prompt.
Your payments. Your card number, expiration, and CVV never touch our servers. Stripe (web) and Apple / RevenueCat (iOS in-app) tokenize payment details before anything reaches us. We store only: Stripe customer ID, tier, status, renewal date, and whether you've used a free trial. Stripe retains payment history for 7 years per US tax law.
Analytics we use. Google Analytics 4 runs on our web pages — Google receives page views, session ID, approximate IP-based location, browser / OS, referrer, and your user ID if you're signed in. No session recording. No one is replaying your clicks. Our server-side logs keep your Cognito user ID (a random UUID — not your email) alongside API calls for debugging and abuse investigation.
What we do NOT do — verified by code audit: We don't sell or rent your data. We don't share it for cross-context behavioral advertising (the CCPA term for what most "free" apps do). No ad SDKs (no AdMob / Facebook / AppLovin / IronSource / MoPub / Unity). No tracking pixels (no Meta / TikTok / Twitter / Pinterest Pixel). No device fingerprinting. No reading contacts, microphone, calendar, or keystrokes. No background location. No background camera.
Deleting your account. Account tab → Delete account → type "DELETE." We cancel your Stripe subscription, delete your RevenueCat record, disable your API keys, wipe every row about you in our database, and irreversibly delete your Cognito identity. What survives: Stripe payment history (7 years, US tax law); your Apple in-app subscription if you have one (only you can cancel that in iOS Settings → Apple ID → Subscriptions — Apple policy); soft-deleted community posts during the 7-day retention window; immutable CloudTrail audit logs for about 7 years (AWS operations, not your content).
Contact. privacy@launchdetect.com for privacy questions, security@launchdetect.com for security reports. The formal legal sections below go into every detail.
LaunchDetect, LLC ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, website, mobile applications, APIs, and related services (collectively, the "Service").
By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.
Notice at Collection (California residents)
Consistent with Cal. Civ. Code § 1798.100(b), at or before the point of collection we provide the following summary notice:
- Categories of personal information we collect: identifiers; customer records; commercial information; internet/network activity; general and (with consent) precise geolocation; professional/employment information; inferences. See §9.1 for detail.
- Sensitive personal information collected: account log-in credentials and, only with your express permission, precise geolocation. See §9.2.
- Purposes: account creation, Service delivery, payment, security, fraud prevention, support, analytics, legal compliance. See §2 and §9.4.
- Retention: see §4.2 for the retention schedule by category.
- We do not sell or share personal information (as those terms are defined under CCPA/CPRA). See §9.6.
- Your rights: know, delete, correct, opt-out, limit use of SPI, non-discrimination. See §9.8. Opt-out at Do Not Sell or Share My Personal Information or email privacy@launchdetect.com.
Quick links by jurisdiction: California (CCPA/CPRA) · EU / EEA / UK / Switzerland · Other US states · Canada (PIPEDA) · Brazil (LGPD) · Australia (APPs) · Japan (APPI) · Cookies · Children · HIPAA statement · Accessibility · Contact
1. Information We Collect
1.1 Information You Provide
We collect information you voluntarily provide when using the Service, including:
- Account Information: Name, email address, organization name, job title, and password when you create an account
- Profile Information: Additional details you choose to add to your profile
- Payment Information: Billing address and payment method details (processed by our payment processor)
- Communications: Information in emails, support requests, or other communications you send to us
- Survey Responses: Information you provide in response to surveys or questionnaires
1.2 Information Collected Automatically
When you use the Service, we automatically collect certain information, including:
- Usage Data: Features accessed, pages viewed, actions taken, time spent, and interaction patterns
- Device Information: Device type, operating system, browser type and version, screen resolution, and device identifiers
- Log Data: IP address, access times, referring URLs, and system activity logs
- Location Data: General geographic location based on IP address
- API Usage: API calls, endpoints accessed, request parameters, and response data
1.3 Cookies and Tracking Technologies
We use cookies, web beacons, and similar technologies to collect information and improve the Service. These include:
- Essential Cookies: Required for basic Service functionality and security
- Functional Cookies: Remember your preferences and settings
- Analytics Cookies: Help us understand how users interact with the Service
- Performance Cookies: Monitor Service performance and identify issues
You can manage cookie preferences through your browser settings. Disabling certain cookies may affect Service functionality.
1.4 Information from Third Parties
We may receive information about you from third parties, including:
- Identity verification services
- Payment processors
- Analytics providers
- Business partners and resellers
- Publicly available sources
2. How We Use Your Information
2.1 Service Provision
We use your information to:
- Create and manage your account
- Provide access to the Service and its features
- Process transactions and send related information
- Respond to your inquiries and provide customer support
- Send service-related communications and updates
2.2 Service Improvement
We use your information to:
- Analyze usage patterns and trends
- Develop new features and functionality
- Improve Service performance and user experience
- Conduct research and analytics
- Test and troubleshoot new products and features
2.3 Security and Compliance
We use your information to:
- Detect, prevent, and address fraud and security issues
- Enforce our Terms of Service and other policies
- Comply with legal obligations and respond to legal requests
- Protect the rights, property, and safety of LaunchDetect, our users, and others
2.4 Communications
We may use your information to:
- Send administrative messages and Service updates
- Provide product announcements and newsletters (with your consent)
- Send marketing communications (with your consent)
- Conduct surveys and collect feedback
3. How We Share Your Information
3.1 Service Providers
We share information with third-party service providers who perform services on our behalf, including:
- Cloud hosting and infrastructure providers
- Payment processors
- Analytics providers
- Customer support tools
- Email delivery services
These providers are contractually obligated to use your information only for the purposes of providing services to us.
3.2 Business Transfers
If we are involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your information.
3.3 Legal Requirements
We may disclose your information if required to do so by law or in response to:
- Subpoenas, court orders, or legal process
- Government requests or investigations
- Protection of our legal rights or defense against claims
- Emergency situations involving potential threats to safety
3.4 With Your Consent
We may share your information with third parties when you have given us explicit consent to do so.
3.5 Aggregated and De-Identified Data
We may share aggregated or de-identified information that cannot reasonably be used to identify you for research, analytics, or other purposes.
4. Data Retention
4.1 Retention Periods
We retain your information for as long as necessary to:
- Provide the Service and maintain your account
- Comply with legal obligations
- Resolve disputes and enforce agreements
- Support business operations and analytics
4.2 Retention Schedule
| Data Type | Retention Period |
|---|---|
| Account Information | Duration of account plus 3 years |
| Usage Logs | 2 years |
| API Access Logs | 1 year |
| Payment Records | 7 years (legal requirement) |
| Support Communications | 3 years |
| Analytics Data | 2 years (aggregated indefinitely) |
4.3 Deletion
When information is no longer needed, we securely delete or anonymize it. Some information may be retained in backups for a limited period.
4.4 Account Deletion Requests
You may delete your account at any time from the Account tab in the web app or the mobile app drawer. On confirmation, we immediately and irreversibly:
- Delete your identity record from our authentication provider (Amazon Cognito), ending your ability to sign in.
- Delete your account rows, subscription metadata, API keys, saved locations, and profile data from our primary database.
- Cancel any active subscription with our payment processor (Stripe) so no further charges occur.
The following data is retained after account deletion because we are legally required to keep it, or because it is necessary to establish or defend legal claims:
- Payment and invoice records held at Stripe, Inc. — including name, email, billing postal code, country, invoice history, and payment method last-4 digits — are retained for seven (7) years to comply with U.S. federal tax recordkeeping obligations (26 U.S.C. §6001; IRS Rev. Proc. 98-25), state sales-tax audit requirements, and PCI-DSS Requirement 3.1. These records are held by Stripe under its own data controller obligations and are not accessible to you after account deletion.
- Security and audit logs containing request timestamps, IP addresses, and access events are retained for up to two (2) years for fraud prevention and security incident investigation.
- Aggregated, anonymized analytics that cannot be linked back to you may be retained indefinitely.
If you are a resident of the EEA, UK, or Switzerland and exercise your right to erasure under GDPR Art. 17 / UK GDPR Art. 17, the exceptions in Art. 17(3)(b) (compliance with a legal obligation) and Art. 17(3)(e) (establishment, exercise, or defense of legal claims) apply to the retained data listed above. California residents exercising the right to delete under CCPA/CPRA §1798.105 are subject to the parallel exceptions at §1798.105(d)(1), (d)(4), and (d)(8).
5. Data Security
5.1 Security Measures
We implement technical and organizational measures to protect your information, including:
- Encryption: AES-256 encryption at rest and TLS 1.3 for data in transit
- Access Controls: Role-based access control and principle of least privilege
- Authentication: Multi-factor authentication for sensitive operations
- Monitoring: Continuous security monitoring and audit logging
- Infrastructure: Secure cloud infrastructure with network segmentation
- Personnel: Security training and background checks for employees
5.2 Compliance
Our security practices are designed to align with:
- CMMC 2.0 Level 2 requirements
- FedRAMP security controls
- SOC 2 Type II standards (certification in progress)
- Industry best practices
5.3 Incident Response
In the event of a data breach, we will notify affected users and relevant authorities as required by law. We maintain incident response procedures to quickly address security events.
6. Your Rights and Choices
6.1 Access and Portability
You have the right to:
- Access the personal information we hold about you
- Request a copy of your data in a portable format
- Review and update your account information
6.2 Correction and Deletion
You have the right to:
- Correct inaccurate personal information
- Request deletion of your personal information
- Close your account
Some information may be retained as required by law or for legitimate business purposes.
6.3 Communication Preferences
You can:
- Opt out of marketing communications at any time
- Manage notification preferences in your account settings
- Unsubscribe from emails using the link provided
Note that you cannot opt out of service-related communications necessary for your account.
6.4 Cookie Preferences
You can manage cookies through your browser settings or our cookie preference center. Note that disabling certain cookies may affect Service functionality.
6.5 Do Not Track
Some browsers offer "Do Not Track" signals. We currently do not respond to DNT signals, but you can manage tracking through cookie preferences.
7. International Data Transfers
7.1 Data Location
Your information is primarily processed and stored in the United States. By using the Service, you consent to the transfer of your information to the United States.
7.2 Transfer Safeguards
For transfers from the European Economic Area, United Kingdom, or Switzerland, we rely on:
- Standard Contractual Clauses approved by the European Commission
- Other legally recognized transfer mechanisms
8. Children's Privacy (Summary)
The Service is not intended for individuals under 18 years of age (16 in the EEA/UK/Switzerland). We do not knowingly collect personal information from children. See §19 for detailed COPPA and GDPR Article 8 procedures, including parental rights.
9. California Privacy Rights (CCPA/CPRA)
This section applies to California residents under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, "CCPA/CPRA"). Terms used in this section have the meanings given to them in the CCPA/CPRA.
9.1 Categories of Personal Information Collected
In the preceding 12 months, we have collected the following categories of personal information from California consumers:
- Identifiers (e.g., name, email address, IP address, account username, device identifiers)
- Customer Records (e.g., billing address, payment card information processed by our payment processor)
- Commercial Information (e.g., subscription tier, transaction history, API usage records)
- Internet or Other Electronic Network Activity (e.g., browsing history within the Service, search queries, interaction data, referring URL)
- Geolocation Data (general geographic location derived from IP address; precise location only if you expressly grant the mobile application access to your device location to show nearby launch visibility)
- Professional or Employment Information (e.g., job title, organization)
- Inferences drawn from the above for personalization and Service improvement (we do not create profiles used for legal or similarly significant automated decisions)
9.2 Sensitive Personal Information
Under CPRA, "Sensitive Personal Information" ("SPI") includes categories such as precise geolocation, account log-in credentials, and contents of non-public communications. We collect the following SPI:
- Account log-in credentials (email + password hash, for authentication only)
- Precise geolocation (only in the mobile application and only with your express permission, used solely to compute launch visibility from your location; retained only in memory on-device unless you opt into saved locations)
We use SPI only for the purposes of providing the Service you requested, authentication, security, fraud prevention, and compliance with law. We do not use or disclose SPI for purposes beyond those permitted under Cal. Civ. Code § 1798.121.
9.3 Sources of Personal Information
We collect the categories listed in §9.1 from: (a) you directly when you register, subscribe, or contact us; (b) your device and browser automatically as you use the Service; (c) third-party service providers acting on our behalf (payment, analytics, authentication); and (d) publicly available sources.
9.4 Business or Commercial Purposes
We use the categories of personal information listed above to: operate, maintain, and secure the Service; process payments and manage subscriptions; communicate with you about your account; comply with legal obligations; detect and prevent fraud; and improve the Service. See §2 for additional detail.
9.5 Disclosure of Personal Information
We disclose the categories listed in §9.1 to the following categories of recipients for a business purpose: (a) cloud infrastructure and hosting providers; (b) payment processors; (c) authentication and identity providers; (d) analytics and error-monitoring providers; (e) customer support providers; (f) professional advisors (legal, accounting, auditors); and (g) governmental or regulatory authorities as required by law. A current list of subprocessors is maintained in §11 of this Policy.
9.6 Sale or Sharing of Personal Information
We do not sell your personal information and we do not share your personal information for cross-context behavioral advertising as those terms are defined under CCPA/CPRA. We have not sold or shared personal information in the preceding 12 months and do not have actual knowledge of selling or sharing personal information of consumers under 16 years of age.
9.7 Retention
We retain each category of personal information for no longer than is reasonably necessary for the purposes described in §9.4 and §4. See §4.2 for our retention schedule by category.
9.8 Your CCPA/CPRA Rights
Subject to verification, California residents have the following rights:
- Right to Know — request the categories and specific pieces of personal information we have collected about you, the sources, purposes, and categories of third parties to whom it was disclosed, in the preceding 12 months (or longer if you request).
- Right to Delete — request deletion of personal information we collected from you, subject to legal exceptions.
- Right to Correct — request correction of inaccurate personal information we maintain about you.
- Right to Opt-Out of Sale or Sharing — even though we do not sell or share personal information, you may exercise this right at any time by contacting us at privacy@launchdetect.com or by clicking the "Do Not Sell or Share My Personal Information" link in our site footer.
- Right to Limit Use and Disclosure of SPI — request that we limit use and disclosure of SPI to those uses permitted under CCPA/CPRA § 1798.121(a). We do not use SPI for purposes beyond those permitted uses and do not offer a narrower option.
- Right to Non-Discrimination — we will not discriminate against you for exercising any of these rights, including by denying service, charging different prices, or providing a lower quality of service.
9.9 Do Not Sell or Share My Personal Information
California residents may request that we not sell or share their personal information. Because we do not sell or share personal information, no affirmative action is required; however, you may confirm this preference by emailing privacy@launchdetect.com with the subject line "Do Not Sell or Share My Personal Information" or by submitting a request through the Do Not Sell or Share link in our site footer.
9.9a Global Privacy Control (GPC) and Opt-Out Preference Signals
We recognize the Global Privacy Control ("GPC") signal (globalprivacycontrol.org) and other opt-out preference signals as a valid request under Cal. Civ. Code § 1798.135(b) and analogous laws in Colorado, Connecticut, Texas, and other states that require honoring such signals. When our web properties detect a GPC signal from a visiting browser, we treat it as a request to opt out of the sale or sharing of personal information from that browser for the duration of the signal. Because we do not sell or share personal information, the practical effect is that no further action is required, but we log honoring of the signal in our CCPA/CPRA records of compliance.
9.9b CCPA/CPRA Metrics Disclosure
Pursuant to 11 CCR § 7102, businesses that buy, receive, sell, or share the personal information of 10,000,000 or more California consumers in a calendar year must compile and publish request metrics. LaunchDetect processes personal information of fewer than 10,000,000 California consumers annually and is not currently subject to this disclosure obligation; nevertheless, we maintain internal records of verified consumer requests and responses.
9.10 Exercising Your Rights
To exercise any of these rights, email privacy@launchdetect.com or write to the address in §13. We will verify your identity before processing requests using information already in our records (email on file, account authentication). You may designate an authorized agent in writing; we will require verification of the agent's authorization and proof of the consumer's identity. We will respond to verifiable consumer requests within 45 days and may extend that period by an additional 45 days with notice to you.
9.11 Shine the Light
California Civil Code § 1798.83 permits California residents to request information about a business's disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.
9.12 Minors
The Service is not directed to individuals under 18, and we do not knowingly sell or share personal information of consumers under 16 years of age. See §8 for additional information about children's privacy.
10. European, UK, and Swiss Privacy Rights (GDPR / UK GDPR / FADP)
This section applies to individuals in the European Economic Area ("EEA"), the United Kingdom, and Switzerland under the General Data Protection Regulation (EU 2016/679) ("GDPR"), the UK General Data Protection Regulation and Data Protection Act 2018 ("UK GDPR"), and the Swiss Federal Act on Data Protection ("FADP"), respectively.
10.1 Controller
The controller of your personal data is LaunchDetect, LLC (see §13 for contact details). For inquiries under GDPR, UK GDPR, or FADP, contact privacy@launchdetect.com.
10.2 EU / EEA Representative
If we are required to designate a representative in the EEA under Article 27 GDPR, our representative is: <EU Representative – to be appointed – name, address, and contact details will be published here>. Until a representative is appointed, individuals in the EEA may contact privacy@launchdetect.com.
10.3 UK Representative
If we are required to designate a UK representative under Article 27 UK GDPR, our representative is: <UK Representative – to be appointed – name, address, and contact details will be published here>. Until a representative is appointed, individuals in the UK may contact privacy@launchdetect.com.
10.4 Your Rights
- Right of Access (Art. 15) — obtain confirmation that we process your data and a copy of it.
- Right to Rectification (Art. 16) — correct inaccurate or incomplete data.
- Right to Erasure / "Right to be Forgotten" (Art. 17) — request deletion, subject to legal exceptions.
- Right to Restriction (Art. 18) — request that we limit processing of your data.
- Right to Data Portability (Art. 20) — receive your data in a structured, commonly used, machine-readable format.
- Right to Object (Art. 21) — object to processing based on legitimate interests or for direct marketing at any time.
- Right to Withdraw Consent (Art. 7(3)) — where we rely on consent, withdraw it at any time without affecting prior lawful processing.
- Rights Related to Automated Decision-Making (Art. 22) — not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects. We do not make such decisions.
- Right to Lodge a Complaint — file a complaint with your local supervisory authority (see §10.7).
10.5 Legal Bases for Processing (Art. 6 GDPR)
We process personal data under the following lawful bases, by purpose:
- Performance of a Contract (Art. 6(1)(b)): account registration, authentication, subscription management, payment processing, Service delivery, and customer support.
- Legitimate Interests (Art. 6(1)(f)): Service security, fraud prevention, debugging and error reporting, aggregate analytics, service improvement, and direct communications to existing customers about our own similar services. A balancing test is performed where required; you may object at any time under §10.4.
- Consent (Art. 6(1)(a)): non-essential cookies, optional marketing communications, push notifications, and precise geolocation on mobile.
- Legal Obligation (Art. 6(1)(c)): tax records, records required by financial-services regulators, and responses to lawful requests by competent authorities.
- Vital or Public Interest (Art. 6(1)(d)–(e)): does not ordinarily apply to our Service.
Where we process Sensitive Personal Information (GDPR "special categories" under Art. 9), we do so only under an applicable condition in Art. 9(2), typically your explicit consent.
10.6 International Data Transfers (EU → US)
Where we transfer personal data outside the EEA, UK, or Switzerland — including to the United States where our cloud infrastructure is hosted — we rely on appropriate safeguards under Chapter V GDPR. Depending on the recipient, these safeguards include:
- EU Standard Contractual Clauses (Commission Implementing Decision 2021/914).
- UK International Data Transfer Agreement and/or the UK Addendum to the EU SCCs.
- Swiss FADP-compliant data transfer mechanisms.
- EU–US Data Privacy Framework, where the recipient is self-certified (e.g., certain sub-processors).
- Derogations under Article 49, where applicable.
Where required, we conduct Transfer Impact Assessments and implement supplementary measures (encryption in transit and at rest, access controls, pseudonymization). Copies of the relevant safeguards are available on request.
10.7 Supervisory Authorities
You have the right to lodge a complaint with your local supervisory authority:
- EEA: your national Data Protection Authority. A list is maintained at edpb.europa.eu.
- United Kingdom: Information Commissioner's Office (ICO), ico.org.uk.
- Switzerland: Federal Data Protection and Information Commissioner (FDPIC), edoeb.admin.ch.
We invite you to contact us first at privacy@launchdetect.com so we can try to resolve any concerns directly.
10.8 Retention in the EEA/UK/Switzerland
Retention periods follow §4 of this Policy. Where we process data under consent, we delete it upon withdrawal of consent, subject to legal retention obligations.
10.9 No Sale of Personal Data
We do not sell personal data and do not engage in cross-context behavioral advertising.
10.10 EU–US Data Privacy Framework
As of the date of this Policy, LaunchDetect, LLC is not self-certified under the EU–US Data Privacy Framework, the UK Extension to the EU–US DPF, or the Swiss–US DPF. International transfers are governed by the Standard Contractual Clauses, UK IDTA, and Swiss-compliant mechanisms described in §10.6. Certain of our subprocessors (e.g., Amazon Web Services, Google LLC) are DPF self-certified; we rely on layered safeguards (SCCs + DPF + supplementary measures) where those subprocessors participate.
10.11 Conformity with the EU Digital Content Directive (Dir. 2019/770)
Where you receive digital content or digital services from us as a consumer in the EU or EEA, we will provide the Service in conformity with the contract under the criteria set out in Articles 7 and 8 of Directive (EU) 2019/770. Updates, including security updates, will be provided for the period during which consumers may reasonably expect them based on the type and purpose of the Service. Information about remedies for lack of conformity is set out in our Terms of Service.
11. Subprocessors
We use the following categories of third-party service providers ("subprocessors") to operate the Service. Each subprocessor is bound by written contractual obligations to process personal data only on our instructions and to implement appropriate technical and organizational security measures.
| Subprocessor | Purpose | Location |
|---|---|---|
| Amazon Web Services, Inc. | Cloud infrastructure, storage, compute, CDN (CloudFront) | United States (us-east-2); global CDN edge |
| Amazon Cognito | Authentication, identity, session management | United States |
| Stripe, Inc. | Payment processing, billing, tax computation. Retains payment records for 7 years after account deletion per U.S. tax law (see §4.4). | United States; Stripe subprocessors global |
| Apple Inc. (APNs) | iOS push notification delivery | United States |
| Google LLC (Firebase Cloud Messaging) | Android push notification delivery | United States |
| PostHog Inc. | Product analytics (first-party; no cross-site tracking) | United States / EU |
| Cesium GS, Inc. (Cesium Ion) | Globe tiling and imagery | United States |
| Google Fonts (Google LLC) | Web typography (anonymized requests) | Global |
We will update this list when material changes occur. A current version is available on request at privacy@launchdetect.com.
12. Mobile Application Disclosures
The LaunchDetect mobile application is distributed through the Apple App Store and the Google Play Store. Additional disclosures apply to mobile users:
12.1 Apple App Store
- The app is provided in accordance with the Apple App Store Review Guidelines, including Guideline 5.1 (Privacy).
- We publish an App Privacy metadata set ("privacy nutrition label") in App Store Connect describing the data we collect, how it is linked to your identity, and whether it is used to track you across apps or websites owned by other companies.
- App Tracking Transparency (ATT): We do not use the Apple AdSupport / IDFA framework and we do not track you across apps or websites owned by other companies within the meaning of Apple's ATT framework.
- Precise Location: If you grant location permission to the mobile app, your device's precise location is used solely on-device to compute which launches and satellites are visible from your position. We do not upload precise location to our servers unless you expressly save a location.
- Push Notifications: If you opt in to push notifications, your device token is stored securely and used solely to deliver notifications you requested via Apple Push Notification service (APNs).
- Account and Subscription Management: The iOS application operates as a "reader" application under Apple's App Store Review Guideline 3.1.3(a). Account creation, subscription purchase, and subscription management occur outside the app on launchdetect.com. Subscriptions are processed by Stripe and are not processed through Apple In-App Purchase.
12.2 Google Play Store
- The app is provided in accordance with the Google Play Developer Program Policies, including the Data Safety section we publish in the Play Console.
- Permissions requested (e.g., location, notifications) are described in the Data Safety disclosures and are used only for the purposes stated in this Policy.
- If you grant location permission, your location is handled as described in §12.1.
12.3 Mobile Device Identifiers
We may collect device identifiers such as the Apple IDFV (Identifier for Vendor) and the Android App Set ID to associate activity to a single installation for debugging and fraud prevention. We do not use the IDFA and do not combine device identifiers with data from other companies for advertising purposes.
13. Additional State Privacy Rights (US)
Residents of U.S. states with comprehensive privacy laws — including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Florida (FDBR), Oregon (OCPA), Montana (MTCDPA), Iowa (ICDPA), Tennessee (TIPA), Indiana (ICDPA), Delaware (DPDPA), New Jersey (NJDPA), New Hampshire (NHPA), Minnesota (MCDPA), Maryland (MODPA), and others that enter into effect from time to time — have rights substantively similar to the California rights described in §9, including the right to access, delete, correct, and opt out of targeted advertising, sale, and certain profiling. We honor these rights on a nationwide basis. To exercise your rights, contact privacy@launchdetect.com.
13.1 Nevada (NRS 603A.300 et seq.)
Nevada residents may submit a verified request that LaunchDetect not sell any "covered information" about them to third-party licensees. LaunchDetect does not sell covered information within the meaning of the Nevada statute. Nevada residents may confirm this opt-out by emailing privacy@launchdetect.com with the subject line "Nevada opt-out."
13.2 Virginia, Colorado, Connecticut, Texas Universal Opt-Out Mechanism
Effective dates for universal opt-out mechanism ("UOOM") honoring vary by state (e.g., Colorado CPA effective July 1, 2024; Connecticut CTDPA effective Jan 1, 2025; Texas TDPSA effective Jan 1, 2025). We honor GPC as described in §9.9a and apply the same treatment to residents of all states where UOOM honoring is required.
13.3 Washington "My Health My Data" Act
Washington State's My Health My Data Act (RCW 19.373) regulates "consumer health data." LaunchDetect does not collect or process consumer health data within the meaning of that statute. If this changes, we will publish an updated Consumer Health Data Privacy Policy.
14. Canada (PIPEDA / Provincial Laws)
For individuals in Canada, we comply with the Personal Information Protection and Electronic Documents Act ("PIPEDA") and substantially similar provincial laws (Alberta PIPA, British Columbia PIPA, Québec Law 25). You have the right to access, correct, and withdraw consent to the processing of your personal information. For inquiries, contact privacy@launchdetect.com. You may also file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca or your applicable provincial commissioner. Québec residents may contact our privacy officer at privacy@launchdetect.com.
15. Brazil (LGPD)
For individuals in Brazil, we process personal data in accordance with the Lei Geral de Proteção de Dados (Law No. 13,709/2018, "LGPD"). You have the rights set forth in Art. 18 LGPD, including confirmation of processing, access, correction, anonymization, portability, deletion, information about sharing, and revocation of consent. Our Data Protection Officer ("Encarregado") can be reached at privacy@launchdetect.com. You may also file a complaint with the Autoridade Nacional de Proteção de Dados ("ANPD").
16. Australia (Privacy Act / Australian Privacy Principles)
For individuals in Australia, we handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles ("APPs"). You may access and correct your personal information and lodge a complaint with the Office of the Australian Information Commissioner ("OAIC") at oaic.gov.au. We may transfer personal information overseas as described in §10.6. We take reasonable steps to ensure recipients handle personal information consistent with the APPs.
17. Japan (APPI) and Other APAC Jurisdictions
For individuals in Japan, we handle personal information in accordance with the Act on the Protection of Personal Information ("APPI"). You may request disclosure, correction, suspension of use, and deletion under Chapter IV APPI. For inquiries, contact privacy@launchdetect.com. Cross-border transfers of personal information from Japan rely on obtaining consent, the equivalent-protection standard, or the APPI's accountability mechanism. Similar equivalent accommodations are made for residents of Korea (PIPA), Singapore (PDPA), Thailand (PDPA), and other APAC jurisdictions on request.
18. Cookies Policy
This section provides detail about cookies and similar technologies used by the Service. Where required by law (primarily in the EU/EEA/UK), we obtain your consent before setting non-essential cookies via our consent management interface.
| Name / Family | Category | Purpose | Provider | Duration |
|---|---|---|---|---|
| ld_id_token, ld_access_token, ld_refresh_token | Strictly necessary | Authentication and session management (stored in localStorage, not transmitted as HTTP cookies) | First-party (LaunchDetect) | Persistent (cleared on sign-out) |
| ld_theme, ld_lang, ld_ar_buffer_km, ld_layer_*, ld_preferences | Functional / preference | Remember theme (dark/light), language, map layer toggles, UI preferences | First-party | Persistent (up to 2 years) |
| ph_* (PostHog) | Analytics (non-essential) | First-party product analytics: feature usage, funnel, error rates | PostHog Inc. | 365 days |
| __stripe_* | Strictly necessary | Fraud prevention and payment processing on billing pages | Stripe, Inc. | Up to 1 year |
| cesium-ion-* | Strictly necessary | Cesium globe tile authentication and CDN caching | Cesium GS, Inc. | Session to 30 days |
You can block or delete cookies through your browser settings. Disabling strictly-necessary cookies will impair Service functionality. EU/EEA/UK visitors may withdraw consent to non-essential cookies at any time through our cookie preference center or by clearing site data.
19. Children's Privacy
19.1 General
The Service is not directed to children under 18 years of age (16 in the EEA/UK/Switzerland). We do not knowingly collect personal information from anyone under these ages. If we learn that we have collected personal information from a child, we will delete that information promptly.
19.2 Parental Rights Under COPPA (United States)
Although the Service is not directed to children under 13 and we do not knowingly collect personal information from children under 13, if a parent or legal guardian learns that we have collected personal information from a child under 13 without verifiable parental consent, they may contact us at privacy@launchdetect.com to request: (a) confirmation of whether we have collected personal information from the child; (b) a copy of the personal information; (c) deletion of the personal information; and (d) that we no longer collect or use the child's personal information.
If we subsequently introduce features directed to children under 13, we will implement verifiable parental consent methods consistent with 16 CFR § 312.5(b), which may include: (i) signed consent forms returned by mail, fax, or electronic scan; (ii) use of a credit card, debit card, or other online payment system providing notification to the primary account holder; (iii) toll-free telephone number staffed by trained personnel; (iv) video-conference; (v) government-issued identification verification; or (vi) a knowledge-based authentication question.
19.3 GDPR — Age of Consent to Information Society Services
Under Article 8 GDPR, consent by a child in relation to information society services is lawful where the child is at least 16 years old (or the lower age of 13–16 set by the relevant EU Member State). We do not knowingly offer the Service to children below the applicable age of consent without verifiable parental authorization.
20. HIPAA and Health Data
LaunchDetect is not a "covered entity" or "business associate" within the meaning of the Health Insurance Portability and Accountability Act (HIPAA) and implementing regulations. We do not intentionally collect protected health information ("PHI") or consumer health data within the meaning of state consumer health data laws (including Washington's My Health My Data Act, Nevada SB 370, and Connecticut SB 3). Please do not submit PHI through the Service. If you inadvertently submit PHI, we will take commercially reasonable steps to delete it.
21. Accessibility
LaunchDetect endeavors to make the Service accessible to users with disabilities and targets conformance with the Web Content Accessibility Guidelines (WCAG) 2.1 Level AA. If you encounter accessibility barriers or need an alternative means of accessing content, please contact accessibility@launchdetect.com. We commit to working with users to provide information, services, and content through an alternative means consistent with applicable law (e.g., Title III of the ADA, EU Directive 2016/2102, UK Equality Act 2010, Section 508 for US federal customers).
22. Biometric, Genetic, and Neural Data
We do not collect, process, or store biometric identifiers or biometric information (as defined under the Illinois Biometric Information Privacy Act ("BIPA"), Texas Capture or Use of Biometric Identifier Act, Washington RCW 19.375, or other biometric-privacy laws), genetic information (as defined under GINA), or neural data (as defined under Colorado HB 24-1058 or California SB 1223). If we introduce such processing in the future, we will provide notice and obtain any required consent before doing so.
23. Third-Party Links and Services
The Service may contain links to third-party websites or services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you access.
24. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy on our website
- Updating the "Last Updated" date
- Sending an email notification for significant changes
Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.
25. Contact Us
For questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
LaunchDetect, LLC
Email: privacy@launchdetect.com
General Inquiries: info@launchdetect.com
For data protection inquiries from the European Economic Area or United Kingdom, you may contact our representative when appointed (see §10.2 and §10.3). Until a representative is appointed, contact privacy@launchdetect.com.
26. Additional Information
26.1 Analytics
We use first-party analytics (PostHog) to understand how users interact with the Service. Analytics data is used in aggregate form to improve the Service. We do not use analytics providers that engage in cross-site or cross-app tracking for advertising.
26.2 Social Features
The Service may include social features or integrations. Your use of these features is subject to the privacy policies of the respective social platforms.
26.3 Business Accounts
If you use the Service through an organization's account, that organization may have access to your usage data and may be able to manage your account. Please consult your organization's privacy policies for more information.
26.4 Security Contact / Responsible Disclosure
If you believe you have discovered a security vulnerability, please report it to security@launchdetect.com. We will acknowledge receipt within 72 hours and work with you in good faith to validate and remediate.
26.5 Automated Decision-Making and Profiling
We do not make decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you within the meaning of Art. 22 GDPR. Any automation used internally (e.g., fraud-scoring heuristics, rate-limit enforcement) operates under meaningful human oversight.
26.6 Do-Not-Track Browser Signals
Most browsers include a "Do Not Track" ("DNT") setting. We currently respond to GPC signals as described in §9.9a but do not separately respond to DNT because there is no industry-standard interpretation of DNT.
26.7 Supersession
This Privacy Policy supersedes all prior versions. We will maintain archived prior versions on request.