Subprocessors

Last Updated:

LaunchDS uses carefully selected third-party service providers (subprocessors) to help deliver and improve our services. This page lists all subprocessors who may process personal data on behalf of LaunchDS.

All subprocessors are bound by Data Processing Agreements (DPAs) that meet GDPR requirements and include appropriate technical and organizational security measures.

Last Updated: October 2025
Notice Period: We will provide at least 30 days' notice before adding or replacing subprocessors.

Current Subprocessors

Stripe Inc.

Purpose

Payment processing and subscription management

Location

United States (EU-U.S. Data Privacy Framework certified)

Data Processed

Payment card details, billing information, transaction data

Safeguards

EU Standard Contractual Clauses, EU-U.S. DPF

Supabase (via AWS)

Purpose

Database hosting, authentication, and backend infrastructure

Location

United States, EU regions available

Data Processed

Account data, user content, application data

Safeguards

EU Standard Contractual Clauses, AWS compliance certifications

Cloudflare Inc.

Purpose

Content delivery network (CDN) and DDoS protection

Location

United States (global network)

Data Processed

IP addresses, request logs, security analytics

Safeguards

EU Standard Contractual Clauses, EU-U.S. DPF

Google Workspace

Purpose

Internal communication and file management

Location

United States (EU-U.S. Data Privacy Framework certified)

Data Processed

Internal business communications, documents

Safeguards

EU Standard Contractual Clauses, EU-U.S. DPF

Plausible Analytics

Purpose

Privacy-focused website analytics

Location

European Union

Data Processed

Anonymized usage statistics, no personal identifiers

Safeguards

EU-based, GDPR compliant by design

Vercel Inc.

Purpose

Web hosting and edge network

Location

United States (global edge network)

Data Processed

Web traffic data, application logs

Safeguards

EU Standard Contractual Clauses

Data Transfer Mechanisms

When personal data is transferred outside the European Economic Area (EEA), we ensure adequate protection through:

  • EU Standard Contractual Clauses (SCCs) – Approved contract terms that ensure GDPR-level protection
  • EU-U.S. Data Privacy Framework – For certified U.S. organizations (Stripe, Google, Cloudflare)
  • Adequacy Decisions – For countries deemed adequate by the European Commission
  • Transfer Impact Assessments – Regular evaluation of data protection risks in third countries

Objecting to Subprocessors

If you have a legitimate objection to our use of a specific subprocessor, you may:

  1. Contact us at Launch.DS.LLC@gmail.com within 30 days of notification
  2. Provide detailed reasons for your objection
  3. We will work with you to find an alternative solution or, if necessary, allow you to terminate the service

Notification of Changes

We will notify customers of any changes to our list of subprocessors through:

  • Email notification to account administrators
  • In-app notifications
  • Updates to this page with a new "Last Updated" date

We provide at least 30 days' advance notice before engaging a new subprocessor or making significant changes to existing arrangements.

Security and Compliance

All subprocessors are required to:

  • Implement appropriate technical and organizational measures
  • Process data only on documented instructions from LaunchDS
  • Ensure confidentiality of personnel processing personal data
  • Assist with data subject rights requests
  • Notify LaunchDS of any data breaches without undue delay
  • Delete or return data upon termination of services
  • Provide evidence of compliance through audits and certifications

Questions About Subprocessors?

If you have questions about our subprocessors or data processing practices:

Email: Launch.DS.LLC@gmail.com