Contents
1. Who we are
LaunchAudit (we, us, our) is a software product that helps Amazon sellers analyze and improve their product listings. Our website is www.launchaudit.ai. We are the data controller for the personal information we collect through the Service.
2. Information we collect
Information you provide directly
- Account information. Your email address and password (we never see plaintext passwords โ they're stored as one-way hashes by our authentication provider).
- Product information. Product names, descriptions, ASINs, categories, brand status, and marketplace selections you enter into our forms to generate reports.
- Payment information. When you buy a report or subscribe, our payment processor (Stripe) collects your billing details. We never see or store your full card number โ we only see a customer ID, the last four digits of your card, billing address country, and subscription status.
- Communications. If you email us or reply to a transactional email, we keep that correspondence so we can respond and improve the service.
Information we collect automatically
- Usage data. Which features you use, what reports you generate, when, and from what general region. We use this to understand which parts of the product are working and which aren't.
- Technical data. Your IP address, browser type, operating system, referring URL, and timestamps. This is used for security (rate-limiting, fraud detection, bot defense), debugging, and basic analytics.
- Cookies and similar technologies. See section 5.
Information we receive from third parties
- Public Amazon listing data. When you submit an ASIN for a Listing Audit, we fetch the publicly available product page from Amazon (via our scraping partner ScrapingBee or, as fallback, a direct fetch). We process this content to generate your audit. We do not retrieve any private seller data, account credentials, or backend Seller Central information.
- Authentication and payment events. Our auth provider (Supabase) and payment processor (Stripe) send us webhook events about your account โ sign-ups, sign-ins, successful payments, cancellations โ so we can keep your account state in sync.
3. How we use your information
We use the information we collect to:
- Provide the Service โ generate Launch Plans and Listing Audits, run free previews, manage credits and subscriptions.
- Process payments and prevent fraud through Stripe.
- Send transactional emails (account confirmation, payment receipts, subscription notices, report-ready notifications, and the optional founder note in your welcome email).
- Respond to support requests and feature feedback.
- Detect and prevent abuse โ bots hitting our free preview, rate-limit violations, prompt-injection attempts, fraudulent payments, account enumeration.
- Improve the product โ anonymized or aggregated usage trends shape what we build next.
- Comply with legal obligations (tax records, fraud investigations, court orders).
We do not sell your personal information to third parties, and we do not use your product information or generated reports to train external AI models on your behalf.
4. Service providers we share with
We rely on a small number of trusted vendors to operate. Each receives only the data needed to do their part of the job. Their privacy practices are governed by their own policies, linked below.
| Provider | What it does | Data they receive | Privacy |
|---|---|---|---|
| Stripe | Payment processing, subscription billing, customer records | Email, billing details, payment method, subscription state | Policy |
| Supabase | Database hosting, authentication, file storage | Email, password hash, account state, generated reports, credit balances | Policy |
| Anthropic | AI generation (Claude models) for report content | Your product name, description, and Amazon listing data, sent at the moment a report is generated; not retained for training per Anthropic's API terms | Policy |
| ScrapingBee | Fetches public Amazon listing pages for Listing Audits | The ASIN you submitted; the public Amazon URL | Policy |
| Resend | Transactional email delivery (auth, receipts, report-ready notices) | Email address, message content | Policy |
| Cloudflare | Bot defense (Turnstile) on free-preview signup | IP address, user-agent, browser challenge metadata | Policy |
| Netlify | Web hosting, serverless function execution | Request logs, IP, headers | Policy |
| Sentry | Error tracking and crash reporting | Error messages, stack traces, IP, browser context (no payment or password data) | Policy |
| Google Analytics | Aggregate website traffic and usage analytics | Anonymized IP, page views, referrers, device type | Policy |
We do not share your information for advertising purposes, and we do not enable cross-site advertising trackers.
5. Cookies and tracking
We use a small set of cookies and similar technologies:
- Authentication cookies. Set by Supabase to keep you signed in. Required for the service to work.
- Analytics cookies. Set by Google Analytics. We use IP-anonymization. You can opt out at the browser level (e.g. Google Analytics Opt-Out add-on) or by blocking third-party scripts.
- Bot-defense challenge tokens. Set by Cloudflare Turnstile when you trigger a free-preview generation as an anonymous user. Used once and discarded.
- Local storage. We use your browser's local storage to remember your form inputs across page reloads and to cache Launch Month promo email so the discount auto-applies at checkout. This data lives only on your device.
6. How long we keep your data
- Account data โ kept while your account is active. If you ask us to close your account, we soft-delete immediately and hard-delete the personal data within 30 days, except where law requires us to retain financial records longer.
- Generated reports โ kept for 30 days from generation, after which they expire and are deleted from our database.
- Payment records โ kept by Stripe and by us for as long as required by tax and fraud-prevention law (typically 7 years in the United States).
- Server logs โ purged on a rolling basis, typically within 30 days unless retained for active fraud or security investigation.
7. Your rights and choices
Depending on where you live, you may have rights under laws like the GDPR (EU/UK), CCPA/CPRA (California), and similar regimes. We honor these requests for everyone, regardless of jurisdiction. You can:
- Access the personal data we hold about you.
- Correct data that is inaccurate or out of date.
- Delete your account and the personal data attached to it.
- Export your reports and account information in a machine-readable format.
- Object to or restrict certain types of processing.
- Withdraw consent for any processing we do based on consent (e.g. marketing emails).
- Lodge a complaint with your local data protection authority.
To make any of these requests, email info@launchaudit.ai from the address on your account. We respond within 30 days.
8. International users
LaunchAudit is operated from the United States. If you access the Service from outside the U.S., your information will be transferred to, stored in, and processed in the United States and any other country where our service providers operate. By using the Service, you consent to that transfer. Our processors (Stripe, Supabase, Anthropic, etc.) maintain appropriate safeguards under the EU Standard Contractual Clauses and equivalent mechanisms.
9. Children's privacy
LaunchAudit is not directed to people under 18, and we do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us information, email us and we will delete it.
10. Security
We take security seriously. Concrete measures include:
- HTTPS/TLS on every page; HSTS enforced.
- Passwords stored as one-way hashes (handled by Supabase Auth).
- Card data never touches our servers โ Stripe handles all of it on hosted checkout pages.
- Email confirmation required for new accounts.
- Server-side rate-limiting, prompt-injection filtering, output sanitization, and bot defense (Cloudflare Turnstile).
- Secrets stored in environment variables, never in source code.
- Optimistic locks on credit operations to prevent double-spend.
No system is perfect. If you find a security issue, please report it to info@launchaudit.ai and we will respond promptly.
11. Changes to this policy
If we make material changes, we'll post the updated policy on this page and update the "Last updated" date at the top. For significant changes, we'll also email active users.
12. Contact us
Questions, concerns, or requests about this policy or your personal data:
- Email: info@launchaudit.ai
- Web: www.launchaudit.ai