Privacy Policy

Data minimization

We collect only what is necessary to provide service, comply with the law, and protect against fraud. We do not sell data, we do not run third-party advertising trackers on our own sites, and we delete data we no longer need.

What we collect

Information you provide:

• Account: name, email, billing address, phone (optional), password (stored as bcrypt hash).
• Payment: credit-card details are processed by Stripe — we never see the full card number. Cryptocurrency payments are on-chain; we see the sending address and amount only.
• Support: anything you share in a support ticket.
• Domain registration: ICANN requires name, address, email, phone for WHOIS. We include free WHOIS privacy by default to hide this from public lookup.

Collected automatically:

• Server logs: IP, request URL, timestamp, user agent (retained 30 days for abuse/security, then deleted).
• Dashboard activity: login times, actions taken (retained 90 days).
• Resource usage: CPU, RAM, bandwidth consumption (for billing and capacity planning).

What we do NOT collect: cross-site browsing, advertising cookies, Google Analytics / Facebook Pixel / similar trackers, or the content of the sites you host (beyond automated malware scans on plans where that is explicitly enabled).

How we use data

• Provide service: provisioning, authentication, billing.
• Communicate: account notices, invoices, security alerts, and optional product updates (you can unsubscribe from non-essential emails).
• Security: detect and prevent fraud, abuse, and unauthorized access.
• Legal compliance: respond to valid legal process and tax/accounting obligations.
• Improve service: aggregated, anonymized patterns inform capacity planning.

We do not use your data to target ads, train AI models, or sell to third parties.

How we share data

We share data only in these specific circumstances:

1. Service providers: Stripe (card processing), BTCPay Server (self-hosted crypto — no third party), domain registries (ICANN requirement), email-delivery providers, off-site encrypted backup storage.
2. Legal process: we respond to valid court orders, warrants, and subpoenas; we do not hand over data on informal requests.
3. Business transfer: if LaunchPad Host is acquired, customer data may transfer as part of the business, with notice to you.
4. Your consent: any other sharing requires your explicit permission.

Data retention

• Active account data — retained while your account is active.
• Server logs — 30 days.
• Activity logs — 90 days.
• Billing records — 7 years (tax/accounting compliance).
• Terminated account data — 14 days after termination, then permanently deleted (except billing records).
• Backups — follow your plan's retention schedule; deleted on schedule.

Your rights

Under GDPR, CCPA, and similar laws you have the right to access, correct, delete, export, restrict processing of, or object to processing of your personal data, and to withdraw consent for marketing communications. Email privacy@launchpadhost.com — we respond within 30 days. You may also lodge a complaint with a data-protection authority.

International transfers & security

Primary infrastructure is located in the European Union. Data is protected by TLS 1.3 in transit, LUKS encryption at rest, AES-256 for backups, MFA on admin access, and regular security audits. In the event of a data breach affecting your personal data, we will notify you within 72 hours of discovery and notify authorities as required by law.

Cookies and tracking

• Essential cookies — session management, CSRF protection, login state (cannot be disabled).
• Functional cookies — remember dashboard preferences.
• No third-party advertising cookies. Ever.

Law-enforcement requests

We respond only to requests backed by valid legal process, that are narrow and specific, and where we are legally obligated to comply. We publish an annual transparency report summarizing requests received, rejected, and fulfilled.

Changes and contact

Material changes to this policy will be announced at least 30 days in advance via email and dashboard. Questions: privacy@launchpadhost.com. Data-Protection Officer (GDPR): dpo@launchpadhost.com.