Data Controller: Tradeco Krzysztof Cichy Address: os. Tysiąclecia 71/51 61-255 Poznań, Poland VAT ID: PL7822918532 Website: https://launchdirectories.com Email: hello@launchdirectories.com
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website LaunchDirectories. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and Polish data protection laws.
2. Legal Basis for Processing
We process your personal data based on the following legal grounds:
Consent (Art. 6(1)(a) GDPR): For analytics and marketing communications
Contract Performance (Art. 6(1)(b) GDPR): For processing payments and delivering services, including sharing your product data (name, URL, descriptions, images) with third-party directories as part of the Auto-Submit Service you purchased
Legitimate Interests (Art. 6(1)(f) GDPR): For website functionality, security, and improvement
Legal Obligation (Art. 6(1)(c) GDPR): For compliance with tax and legal requirements
3. Personal Data We Collect
3.1 Information You Provide Directly
Contact Information: Name, email address when you contact us or use our services
Payment Information: Billing details (name, email, billing address) for sponsorship and paid services. All payments are processed securely through Stripe, Inc. We do not collect or store full payment card numbers, CVV codes, or other sensitive payment card data on our servers
Communication Data: Content of communications with our support team
Service-related Data: When using our Auto-Submit Service, you provide product information via a form on our website, including: product name, website URL, slogan, short and detailed descriptions, category and tags, pricing information, product email, product country, product images and screenshots, product logo, social media profiles, and affiliate program details. This data is shared with third-party directories as part of the submission process and will be published on those external platforms
Founder Personal Data: As part of the Auto-Submit Service, you provide your name and optionally a profile picture. This is personal data processed on the basis of contract performance (Art. 6(1)(b) GDPR). By providing this information, you acknowledge and consent to it being published publicly on third-party directory websites as the author/founder of the submitted product. If a profile picture is not provided, the product image is used instead
3.2 Newsletter Subscription Data
If you subscribe to our newsletter, we collect:
Email Address: To send you the newsletter
Subscription Date: When you subscribed and confirmed your subscription
Consent Record: Proof that you opted in via double opt-in (confirmation email)
Your newsletter subscription is based on your explicit consent (Art. 6(1)(a) GDPR). You can withdraw your consent and unsubscribe at any time by clicking the "Unsubscribe" link included in every newsletter email. Upon unsubscribing, your email address is immediately deleted from our newsletter subscriber list. We use Resend as our email delivery service to send newsletter emails.
3.3 Information We Collect Automatically
Website Analytics: Page views, time spent on site, referral sources, user journey (privacy-focused, no personal identification)
Usage Data: Pages visited, features used, search queries, interaction patterns
Security Data: Server logs for security monitoring and fraud prevention
3.4 Cookies and Tracking Technologies
We use the following types of cookies:
Essential Cookies: Required for website functionality, user authentication, and security
Analytics Cookies: Privacy-focused analytics cookie (datafast_visitor_id) set by DataFast/Umami for understanding website usage. DataFast is a privacy-focused, cookie-less analytics tool that does not collect personal data or track individual users across websites
Functional Cookies: Remember your preferences and settings
Third-party Cookies: From integrated services and payment processors. Stripe uses cookies and similar technologies for payment processing, fraud prevention, and security purposes. These cookies are essential for payment functionality and security
Live Chat Cookies: Crisp live chat may set cookies for chat session management and functionality. These cookies are set when you interact with the chat widget
4. Third-Party Services and Data Sharing
4.1 Analytics and Performance
DataFast (Umami-based): Privacy-focused analytics platform used to understand website usage patterns. DataFast collects anonymized page views, referral sources, and user journeys. It may set a cookie (datafast_visitor_id) for visitor identification. Data is processed in accordance with GDPR. No personal data is shared with third parties through this service
Google Search Console: Search performance data to improve our website's visibility and user experience. No personal user data is collected through this integration
4.2 Payment Processing
We accept payments through Stripe, a leading payment processor that is fully compliant with GDPR, PCI-DSS Level 1 (the highest level of payment card industry security standards), and European data protection regulations. For customers in the European Economic Area (EEA), payments are processed by Stripe Payments Europe Limited (Ireland), which is authorized and regulated by the Central Bank of Ireland. For customers outside the EEA, payments are processed by Stripe, Inc. (United States).
Payment Methods Accepted: Credit cards, debit cards, and other payment methods supported by Stripe in your region (including Visa, Mastercard, American Express, and other major card networks). Payments can be processed in multiple currencies including USD, EUR, PLN, and other currencies supported by Stripe in your region
Payment Data Collection: When you make a payment, Stripe collects and processes payment information including card numbers, expiration dates, CVV codes, billing addresses, transaction details, and authentication data (such as 3D Secure authentication results). We do not have access to or store your full payment card details on our servers. Stripe may store your payment method information (tokenized) for future transactions if you choose to save it during checkout
Stripe's Role: Stripe acts as an independent data controller for payment processing. They process your payment data in accordance with their own Privacy Policy and Terms of Service, which comply with GDPR and European data protection laws
Data We Receive: We receive limited payment information from Stripe necessary to process your order, including transaction IDs, payment status, billing address (for invoicing), and the last four digits of your card number (for customer service purposes only)
Security Standards: All payment transactions are encrypted using industry-standard SSL/TLS encryption. Stripe maintains PCI-DSS Level 1 certification and implements additional security measures including tokenization, fraud detection, and secure data storage
GDPR Compliance: Stripe is GDPR-compliant and processes payment data in accordance with European data protection regulations. Stripe has implemented appropriate technical and organizational measures to protect your payment data
International Transfers: For EU/EEA customers, payment data is primarily processed within the European Economic Area by Stripe Payments Europe Limited. Stripe may process payment data in countries outside the EEA, but they ensure adequate safeguards are in place through Standard Contractual Clauses (SCCs), Binding Corporate Rules, and other approved mechanisms under GDPR Article 46
Sub-processors: Stripe uses sub-processors (including financial institutions, fraud detection services, and cloud infrastructure providers) to process payments. Stripe maintains a list of sub-processors and ensures they meet the same data protection standards. You can view Stripe's sub-processors at https://stripe.com/legal/sub-processors
Automated Decision-Making: Stripe uses automated fraud detection and risk assessment systems to evaluate payment transactions. This automated processing helps protect against fraudulent transactions and is necessary for payment security. You have the right to object to automated decision-making under GDPR Article 22, though this may affect your ability to complete payment transactions. If you have concerns, please contact us or Stripe
Chargeback and Dispute Handling: In the event of payment disputes or chargebacks, we may share transaction details, communication records, and service delivery evidence with Stripe and relevant financial institutions to resolve the dispute, as required by payment card network rules and regulations
Invoice and Receipt Data: We generate invoices and receipts that include your name, billing address, email address, transaction details, and service description. These documents are retained for accounting and tax purposes as required by Polish law
Payment Failure Data: If a payment fails, Stripe may retain limited transaction attempt data (without full card details) for fraud prevention and security purposes. We do not store failed payment card information
Stripe Privacy Policy: For detailed information about how Stripe processes your payment data, please review Stripe's Privacy Policy at https://stripe.com/privacy For EU customers, you can also review Stripe Payments Europe Limited's privacy notice at https://stripe.com/en-pl/privacy
Stripe Contact Information (EU): For EU/EEA customers with questions about how Stripe processes your payment data, you can contact Stripe Payments Europe Limited at privacy@stripe.com or through their Data Protection Officer. For general inquiries, visit https://support.stripe.com
Payment Data Retention: We retain payment transaction records (transaction IDs, amounts, dates) as required by Polish tax and accounting laws (typically 5-7 years). Stripe retains payment data in accordance with their own retention policies and legal obligations
Refund Processing: If a refund is processed (subject to our Terms of Service), it will be handled through Stripe and processed back to your original payment method
Your Rights Regarding Payment Data: You have the right to access, rectify, or request deletion of payment-related personal data we hold, subject to legal retention requirements. For payment data held by Stripe, you may exercise your rights by contacting Stripe directly or through us.
4.3 Customer Support
Crisp: Live chat support widget used for real-time customer communication. Crisp may collect your name, email address, and chat messages when you interact with our support team. Crisp may set cookies for chat functionality and session management. Crisp processes data in accordance with GDPR. For more information, see Crisp's privacy policy at https://crisp.chat/en/privacy/
4.4 Database and Hosting
Supabase: We use Supabase as our database and backend infrastructure provider to store and manage order data, customer information, and newsletter subscriber data. Supabase processes data in accordance with GDPR and maintains appropriate security measures. Data is hosted in the European Union. For more information, see Supabase's privacy policy at https://supabase.com/privacy
4.5 File Storage
Cloudflare R2: We use Cloudflare R2 for storing files you upload as part of the Auto-Submit Service, including product images, logos, and screenshots. Cloudflare processes data in accordance with GDPR. For more information, see Cloudflare's privacy policy at https://www.cloudflare.com/privacypolicy/
4.6 Email Delivery
Resend: We use Resend as our email delivery service for all transactional emails (order confirmations, submission reports, form links) and newsletter emails. Your email address and name are shared with Resend solely for the purpose of delivering these emails. Resend processes data in accordance with GDPR. For more information, see Resend's privacy policy at https://resend.com/legal/privacy-policy
4.7 Third-Party Forms and Widgets
Tally.so: We use Tally.so for processing free directory submission forms. When you submit a directory for free listing, Tally.so collects the data you provide (directory name, URL, email). Tally.so processes data in accordance with GDPR. For more information, see Tally's privacy policy at https://tally.so/help/privacy-policy
Senja: We use Senja to display customer testimonials on our website. Senja loads third-party scripts that may collect anonymized usage data. For more information, see Senja's privacy policy at https://senja.io/privacy
We only share personal data with third parties when necessary to provide our services, comply with legal obligations, or with your explicit consent. All third-party processors are bound by data protection agreements.
5. How We Use Your Personal Data
We use your personal data for the following purposes:
Service Delivery: Processing Auto-Submit Service, Platform Submissions, and Advertising Services
Communication: Responding to inquiries and delivering service-related emails (submission reports, account credentials)
Newsletter: Sending periodic newsletter emails with updates about new directories, SEO tips, and LaunchDirectories news -only with your explicit consent via double opt-in
Website Improvement: Analyzing usage patterns to improve user experience and website functionality
Security: Protecting against fraud, unauthorized access, and maintaining system security
Legal Compliance: Meeting tax obligations, legal requirements, and regulatory compliance
Business Operations: Managing directory database, processing payments, and maintaining service quality
6. Data Retention
We retain personal data only as long as necessary for the purposes outlined in this policy:
Contact Data: Until you withdraw consent or request deletion
Newsletter Data: Your email address is stored until you unsubscribe. Upon unsubscribing, your data is deleted immediately from our subscriber list
Payment Data: Transaction records (transaction IDs, amounts, dates, billing information) are retained as required by Polish tax and accounting laws (typically 5-7 years). Payment card details are not stored by us and are processed directly by Stripe in accordance with their retention policies and PCI-DSS requirements
Analytics Data: Anonymized data retained for statistical analysis
Communication Records: 3 years for customer service quality and legal purposes
Security Logs: 1 year for security monitoring and incident response
Service Reports: Client submission reports are retained indefinitely to provide ongoing access. Clients may request deletion of their reports by contacting us at hello@launchdirectories.com
Product Form Data: Product information you provide via the submission form (name, descriptions, images, logo, founder details, etc.) is retained on our servers for up to 360 days after service completion to allow for any follow-up or support requests. After this period, the data is deleted from our systems
Directory Account Data: Credentials for accounts created on behalf of clients during the Auto-Submit Service are shared with the client upon service completion. We do not retain copies of directory account passwords after delivery
Product Data on External Directories: Product information submitted to third-party directories (name, descriptions, images, URL) is stored and controlled by those external platforms. We have no ability to modify or delete data held by third-party directories. These platforms may have their own data practices, including indexing your listings in search engines, sharing data with third parties, or using it for their own purposes. We are not responsible for how external directories handle your data after submission. To remove listings, you must contact those directories directly using the account credentials provided to you
7. Your Rights Under GDPR and Polish Law
As a data subject, you have the following rights:
Right of Access (Art. 15 GDPR): Request information about your personal data we process
Right of Rectification (Art. 16 GDPR): Request correction of inaccurate or incomplete data
Right of Erasure (Art. 17 GDPR): Request deletion of your personal data ("right to be forgotten")
Right to Restrict Processing (Art. 18 GDPR): Request limitation of data processing
Right to Data Portability (Art. 20 GDPR): Request transfer of your data to another service
Right to Object (Art. 21 GDPR): Object to processing based on legitimate interests
Right to Object to Automated Decision-Making (Art. 22 GDPR): Object to automated processing, including automated fraud detection used in payment processing. Note that objecting to automated fraud detection may affect your ability to complete payment transactions
Right to Withdraw Consent: Withdraw consent for processing at any time
Right to File a Complaint: Lodge a complaint with the Polish Data Protection Authority (UODO - Urząd Ochrony Danych Osobowych) at https://uodo.gov.pl or with your local data protection authority in your EU member state
To exercise these rights, contact us at hello@launchdirectories.com. We will respond within 30 days as required by law.
8. International Data Transfers
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place:
Adequacy Decisions: Transfers to countries with adequate data protection levels
Standard Contractual Clauses: EU-approved contracts for data protection
Certification Schemes: Providers certified under privacy frameworks
Binding Corporate Rules: For multinational service providers
9. Data Security
We implement appropriate technical and organizational measures to protect your personal data:
Encryption: Data encrypted in transit and at rest
Access Controls: Strict access controls and authentication
Regular Updates: Security patches and system updates
Monitoring: Continuous monitoring for security threats
Incident Response: Procedures for data breach response
Staff Training: Regular training on data protection best practices
10. Data Breach Notification
In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will:
Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
Inform affected individuals without undue delay if there is a high risk to their rights and freedoms
Provide clear information about the nature of the breach and steps being taken to address it
Implement immediate measures to contain the breach and prevent further unauthorized access
11. Age Requirements and Children's Privacy
Age Requirements: Our services have different age requirements:
Paid Services (Auto-Submit, Advertising): You must be at least 18 years old to use these services
Free Services (Platform Submissions, Directory Database): You must be at least 13 years old with parental consent
We do not knowingly collect personal data from children under 13. If we become aware that we have collected personal data from a child under 13 without verification of parental consent, we will take steps to delete that information.
If you are a parent or guardian and believe your child has provided us with personal data, please contact us at hello@launchdirectories.com.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:
Update the "Last Updated" date at the top of this policy
Notify users of significant changes through email or prominent website notice
Provide a clear summary of changes made
Give users reasonable time to review changes before they take effect
13. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: hello@launchdirectories.com
Website: https://launchdirectories.com
Response Time: We aim to respond to all privacy-related inquiries within 30 days