GDPR Compliance Policy
Last Updated:
Entity Information
Entity: LaunchDS LLC
Address: 94 County Route 18, Lake Clear, NY 12945, USA
Contact Email: Launch.DS.LLC@gmail.com
DPO Email: Launch.DS.LLC@gmail.com
Applicable Law: General Data Protection Regulation (EU) 2016/679, UK GDPR, and relevant EU/EEA data protection laws
1. Introduction
LaunchDS is committed to protecting the privacy and security of all personal data processed through our SaaS platform. We provide AI-driven tools that assist dropshippers in identifying high-demand, high-return products, managing listings, and automating marketing and logistics.
This GDPR Compliance Policy explains how we collect, use, store, protect, and disclose personal data, and outlines the rights of individuals under the GDPR.
2. Scope
This Policy applies to all processing of personal data by LaunchDS in the context of:
- Our website and platform (launchds.tech and subdomains)
- Customer accounts, subscriptions, and billing
- Vendor and partner management
- Analytics, marketing, and AI optimization
- Employment, contractors, and support interactions
3. Roles Under the GDPR
LaunchDS may act as:
Data Controller
When we determine the purposes and means of processing personal data (e.g., user registration, payments, marketing).
Data Processor
When we process data on behalf of customers (e.g., their end-user or sales data).
4. Legal Bases for Processing
We process personal data only when a lawful basis under Article 6 GDPR applies:
| Legal Basis | When It Applies |
|---|---|
| Consent (Art. 6(1)(a)) | When users opt in for newsletters, cookies, or marketing communications. |
| Contractual Necessity (Art. 6(1)(b)) | When processing is required to provide our SaaS service, manage subscriptions, and fulfill support requests. |
| Legal Obligation (Art. 6(1)(c)) | To comply with tax, accounting, and regulatory duties. |
| Legitimate Interests (Art. 6(1)(f)) | For fraud prevention, service improvement, and cybersecurity. Interests are balanced against user rights. |
We only process special categories of data (Art. 9) if the user explicitly provides it and gives explicit consent, though such data is not normally required or requested by LaunchDS.
5. Categories of Personal Data Processed
| Category | Examples | Purpose |
|---|---|---|
| Account Data | Name, email, username, password | Account setup, login, authentication |
| Billing Data | Payment details (tokenized), VAT ID, billing address | Payment processing, invoicing |
| Business Data | Store name, website, product lists, preferences | Service functionality and AI training |
| Technical Data | IP address, browser type, cookies, device ID | Security, analytics, debugging |
| Support Data | Messages, attachments, support history | Troubleshooting and customer service |
| Marketing Data | Opt-in preferences, campaign performance | Personalized marketing and updates |
Sensitive data (e.g., health, biometric, political beliefs) is not intentionally collected.
6. Purpose of Processing
We process data to:
- Deliver and maintain the LaunchDS platform
- Authenticate users and manage subscriptions
- Process payments securely
- Detect and prevent fraud or unauthorized use
- Provide customer support and technical assistance
- Improve and train AI models (using anonymized data)
- Comply with legal and tax requirements
- Send administrative, transactional, or consented marketing communications
7. Data Minimization and Accuracy
LaunchDS ensures that all data collected is:
- Adequate, relevant, and limited to what is necessary (Art. 5(1)(c))
- Accurate and up to date (Art. 5(1)(d))
Users can access and correct information anytime via their account or by emailing Launch.DS.LLC@gmail.com.
8. Data Retention
| Data Type | Retention Period |
|---|---|
| Account & Billing Data | Up to 7 years (for accounting/tax compliance) |
| Usage & Technical Logs | 12–18 months |
| Support Tickets | 24 months after closure |
| Marketing Data | Until consent is withdrawn |
| Backups | Rotated and purged within 90 days |
After expiry, personal data is securely deleted or anonymized.
9. Data Sharing and Sub-Processors
We only share data with trusted partners under GDPR-compliant Data Processing Agreements (DPAs). All subprocessors are vetted for security, compliance, and reliability.
Core subprocessors include:
- Stripe, PayPal – Payment processing (EU–U.S. Data Privacy Framework)
- Supabase (AWS) – Hosting and infrastructure (SCCs in place)
- Cloudflare – CDN and DDoS protection
- Google Workspace – Internal communication and file management
- Plausible Analytics – Privacy-focused analytics (no cookies or personal identifiers)
A complete list of subprocessors and updates is maintained at: launchds.tech/legal/subprocessors
10. International Data Transfers
Where data leaves the EU/EEA, LaunchDS ensures adequate protection using:
- Adequacy Decisions (countries approved by the European Commission)
- EU Standard Contractual Clauses (SCCs) with all U.S. and third-country subprocessors
- EU–U.S. Data Privacy Framework participation for certified entities (e.g., Stripe, Google)
- Transfer Impact Assessments (TIAs) to evaluate third-country data access risks
11. Security Measures (Art. 32 GDPR)
LaunchDS applies technical and organizational measures (TOMs) proportional to risk:
Encryption
AES-256 at rest, TLS 1.3 in transit
Access Control
Role-based permissions, MFA for all admins
Audit Logging
Every access or modification logged
Backups
Encrypted daily backups in multiple regions
Network Security
Firewalls, DDoS mitigation, IP whitelisting
Incident Response
24/7 monitoring, predefined breach response plan
12. Data Subject Rights
Under Articles 12–23 GDPR, all individuals have the following rights regarding their personal data:
Right to Access (Art. 15)
Obtain a copy of personal data and details of processing.
Right to Rectification (Art. 16)
Correct inaccurate or incomplete information.
Right to Erasure (Art. 17)
Request deletion of data ("Right to be Forgotten").
Right to Restrict Processing (Art. 18)
Pause processing under certain conditions.
Right to Data Portability (Art. 20)
Receive data in a structured, machine-readable format.
Right to Object (Art. 21)
Object to processing based on legitimate interests or marketing.
Right to Withdraw Consent (Art. 7(3))
Withdraw consent at any time without affecting prior processing.
Right Not to Be Subject to Automated Decisions (Art. 22)
Opt-out of automated profiling or decision-making that produces legal effects.
You can exercise these rights by contacting Launch.DS.LLC@gmail.com. We will respond within 30 days, extendable by another 30 days for complex cases.
13. Data Breach Notification Procedure
In the event of a data breach:
- LaunchDS will immediately investigate and contain the incident
- Notify the relevant Supervisory Authority within 72 hours (per Art. 33)
- Notify affected individuals without undue delay if the breach is likely to cause risk
- Maintain incident logs and corrective actions for at least five years
14. Children's Data
Our platform is not intended for children under 16 years of age. We do not knowingly collect or process children's data. If a parent or guardian believes a child has provided data, contact Launch.DS.LLC@gmail.com for prompt deletion.
15. Supervisory Authority
Individuals have the right to lodge complaints with a supervisory authority in their country of residence. LaunchDS's primary supervisory authority (for EU operations) is:
Data Protection Commission (DPC)
21 Fitzwilliam Square South, Dublin 2, Ireland
Website: www.dataprotection.ie
16. Contact Information
Data Protection Officer
LaunchDS LLC
Email: Launch.DS.LLC@gmail.com
Summary
LaunchDS ensures GDPR compliance through:
- Transparent privacy practices
- Contractual safeguards with all processors
- Strong encryption and security controls
- User rights and consent management
- Regular audits and documentation
- Dedicated DPO oversight
We take privacy seriously — it's built into every part of our AI and SaaS platform.