Privacy Policy

This Privacy Policy explains how LaunchStation (https://launchstation.dev) collects, uses, and protects your information when you use our automated marketing collateral platform for software releases. We are committed to being transparent about our data practices and keeping your information safe.

By using LaunchStation, you agree to the collection and use of information as described in this policy.

We collect the following information when you use LaunchStation:

• GitHub profile information - Your name, email, username, and avatar, provided via GitHub OAuth
• OAuth tokens - Encrypted tokens used to access your repositories and deployments on your behalf
• Platform connections - If you connect X for auto-publishing, we store encrypted OAuth credentials. You can disconnect at any time from your account settings.
• Project configuration - Project names, repository URLs, deployment URLs, blog subdomain preferences, publishing settings, and other settings you configure
• Brand kit (Pro tier) - Custom branding assets you upload including logos, brand colors, font preferences, custom voice model IDs, custom music tracks, and custom watermarks. These are stored in our cloud storage and deleted when you remove them from project settings or request account deletion.
• Uploaded media - Custom assets you upload such as watermark logos, intro/outro video clips, and caption fonts. These are stored in our cloud storage and deleted when you remove them from project settings or request account deletion.
• Generated content - Videos, voiceover audio, scripts, captions, screenshots, feature graphics, blog posts, social media copy, and release emails created by the service
• Third-party API keys - If you provide a Resend API key for release email delivery, it is encrypted at rest. We use it solely to send emails on your behalf.
• Authentication credentials - If your app requires login for demo recording, you may provide test credentials. These are encrypted at rest.
• API keys - Stored as cryptographic hashes (we cannot view your keys after creation)
• Usage data - Release history, asset generation status, publishing history, and timestamps
• Payment information - Processed by our payment provider. We store your customer ID and subscription status but never see or store your credit card numbers.

We use your information to:

• Provide and operate the LaunchStation service
• Generate release packages (videos, screenshots, feature graphics, blog posts, social copy, and emails) from your deployed web applications
• Fetch release and PR context from GitHub to create relevant scripts and copy
• Publish content to connected platforms (blog, X) on your behalf
• Send release emails to your customers via your Resend integration
• Host your blog at your project subdomain on launchstation.dev
• Process payments and manage subscriptions
• Send service-related notifications (e.g., release package ready, account changes)
• Diagnose technical issues and improve the service

We do not sell your personal information. We do not use your data for advertising or user profiling.

Some information is accessed temporarily during asset generation but is not permanently stored:

• Repository metadata - Release titles, descriptions, linked PRs, and changed file lists are fetched on-demand from GitHub's API to provide context for script and copy generation. We never clone your repository or access your source code.
• Deployed site content - LaunchStation visits your deployed URLs to record them, similar to a user browsing your site. We do not store snapshots of your site beyond the recorded video and selected screenshots.

We use the following third-party services to operate LaunchStation. Each service receives only the data necessary for its function:

• GitHub - Receives OAuth requests; provides your profile and repository metadata
• Stripe - Receives payment information; processes subscriptions and charges
• X - Receives OAuth tokens and social post content for auto-publishing when you connect your account
• Resend - Receives release email content for delivery to your customers, using your own Resend API key
• AI service providers - Receive site context and release metadata to generate video scripts, blog posts, social copy, and feature graphics, and script text to generate voiceover audio
• Hosting and infrastructure providers - Application hosting, database, file storage, blog hosting, and background job processing
• Error tracking and analytics providers - May capture request metadata and error context for service reliability, but not personal data. Analytics are privacy-focused and cookieless.

Each service has its own privacy policy. We encourage you to review them.

We do not sell your personal information. We may disclose your information in the following circumstances:

• Legal requirements - If required by law, subpoena, court order, or other valid legal process
• Business transfers - In connection with a merger, acquisition, or sale of assets, your data may be transferred to the successor entity. We will notify you of any such change and any choices you may have regarding your data.

Active accounts: Your data (profile, projects, generated assets, blog posts, and configuration) is retained indefinitely while your account is active.

After cancellation: If you cancel your paid subscription, your account reverts to the Free tier. Your existing projects, releases, blog posts, and generated assets remain accessible. Published blog posts remain live; social posts already published to X are not affected by cancellation.

Account deletion: If you request account deletion, all your data (profile, projects, generated assets, blog posts, API keys, platform connections, brand kit, and configuration) is permanently deleted within 30 days. Social posts already published to third-party platforms are not deleted by us — you must remove them directly from those platforms. Contact support@launchstation.dev to request deletion.

Error logs: Error tracking data is retained for up to 90 days.

We take reasonable measures to protect your data:

• All data is encrypted in transit (TLS/HTTPS)
• OAuth tokens and authentication credentials are encrypted at rest
• API keys are stored as cryptographic hashes
• Database access is controlled by security policies
• Webhook endpoints verify signatures to prevent tampering
• Platform connection credentials (X, Resend) are encrypted at rest
• We never clone your repositories or store your source code

While we strive to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

Your data is hosted in the United States. If you access LaunchStation from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

By using LaunchStation, you consent to the transfer of your data to the United States. We implement appropriate safeguards to protect your information in accordance with this Privacy Policy.

You have the right to:

• Access your data - View your profile, projects, and generated content through the dashboard
• Export your data - Download your videos, screenshots, graphics, blog posts, scripts, captions, and audio files at any time
• Delete your data - Request complete account and data deletion by contacting support@launchstation.dev
• Revoke access - Disconnect integrations (GitHub, X) from your account settings, or revoke OAuth access directly from your connected services

GDPR (EU/EEA): We process your data under the following legal bases:

• Contract performance - Processing necessary to provide the LaunchStation service you signed up for
• Legitimate interests - Service improvement, security, and fraud prevention
• Consent - GitHub OAuth authorization. You can withdraw consent by disconnecting your GitHub account or deleting your LaunchStation account.

If you are in the EEA, you also have the right to lodge a complaint with your local data protection authority.

CCPA (California): We do not sell your personal information. You have the right to know what data we collect and to request its deletion. We will not discriminate against you for exercising these rights. To exercise any of these rights, contact us at support@launchstation.dev.

LaunchStation uses only essential cookies required for authentication. We use a session cookie to keep you signed in. We do not use tracking cookies or third-party advertising cookies.

We use privacy-focused, cookieless analytics to understand usage patterns and performance. These tools do not collect personally identifiable information.

LaunchStation is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us at support@launchstation.dev and we will delete it.

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email or through a notice on the platform and update the effective date at the top of this page.

If you have questions about this Privacy Policy or how we handle your data, contact us at support@launchstation.dev.