Legal
Last updated 5 June 2026
Draft — pending legal review. This policy is a good-faith working draft and not yet reviewed by a qualified attorney. Do not treat it as final legal advice. It is intended to be compatible with South Africa's POPIA and the EU GDPR.
LaunchPad ("we", "us") is a deployment and database-management platform. For the personal data of people who sign up for and use LaunchPad, we act as the data controller. For data inside the applications and databases you deploy with LaunchPad, you are the controller and we act as your processor.
We process account and operational data to provide the service (performance of a contract), security and audit data for our legitimate interest in keeping accounts safe and meeting our security obligations, and any optional analytics only with your consent. Under POPIA, processing is justified by consent, contractual necessity, and our legitimate interests as set out above.
LaunchPad relies on a small set of sub-processors (cloud servers, backup storage, error monitoring, and email delivery). Some of these are located outside South Africa and the EU, including the United States. See our Sub-processors page for the current list, their locations, and what each one handles.
Retention windows differ by data type — for example, security audit logs are kept longer than transient deploy logs. Our internal Data Retention Policy documents the specifics. When you delete your account we permanently remove your account and associated infrastructure records, and our backup-storage integration removes the related objects.
You can access, correct, export, or delete your personal data at any time. The Settings → Danger zone screen lets you export a JSON copy of your account and permanently delete your account without contacting support. POPIA and GDPR data-subject requests can also be sent to the contact below.
Passwords are hashed, integration credentials and SSH keys are encrypted at rest, and access to sensitive actions is gated behind step-up authentication and an audit trail. No system is perfectly secure; our breach-response process is documented internally.
Privacy questions and data-subject requests: privacy@launchpad.example.
Draft — pending legal review. Before public launch, counsel must finalise this policy, name and register the Information Officer with the Information Regulator, and confirm the POPIA s72 cross-border transfer basis for US-hosted sub-processors. Configure the displayed details via LAUNCH_PAD_PRIVACY_CONTACT_EMAIL and LAUNCH_PAD_INFORMATION_OFFICER.