Privacy Policy

DanielLaunches (“we”, “us”) is operated by D. Smidstrup Holding ApS (CVR 45751937), trading as Random Code, Havnegade 12, 3. 1, 5000 Odense C, Denmark. Contact us at daniel@danielsmidstrup.com. We are the data controller for your personal data under the EU General Data Protection Regulation (GDPR).

• Account data: your name and email, plus the sign-in identity from your chosen provider (email, Google, or X). If you sign in with Google or X we receive your basic profile - your id, handle or email, and display name - returned by their OAuth flow.
• Launch data you provide: the launches you create, their status (live, building, slowed, pivoted, relaunched, left at the station), roadmap entries, links, and any notes or updates you publish.
• Tracker data: the launch metrics you choose to track - real visitor counts, traffic sources, and growth trends. Our built-in tracker is cookieless and stores no personal identifiers about your visitors. No vanity metrics, no hidden inflation.
• Usage data: the actions you take in the app, so we can operate the service and enforce plan limits.
• Payment data: handled by Stripe. We never see your card number - we receive only the minimum needed for support, such as your email, plan, and payment status.

• To run your launches, roadmap, and tracker.
• To show your real growth on your dashboard and your public launch page.
• To enforce plan limits and bill correctly.
• To send transactional emails (receipts, security notices, plan changes).

We do not sell your data. We do not share it for advertising. We do not inflate, fake, or hide your numbers, and we do not train external AI models on your content.

• Contract performance (Art. 6(1)(b)): to deliver the service you signed up for.
• Legitimate interests (Art. 6(1)(f)): to keep the service secure, prevent abuse, and bill accurately.
• Consent (Art. 6(1)(a)): for any future marketing emails, only after you opt in. Service and billing emails are not marketing.

Your data is stored in the EU. We deploy on Vercel's EU edge, and any database we add runs in an EU region (Supabase, eu-west, Dublin, Ireland). We do not transfer your personal data outside the EEA for primary storage.

A few processors operate under EU adequacy decisions or Standard Contractual Clauses:

• Stripe (United States) - processes subscription payments and calculates VAT. We never receive your card number.
• Google and X (United States) - only if you choose to sign in with them, to verify who you are via OAuth.

• Hosting: Vercel (EU edge).
• Database (when added): Supabase, EU region (eu-west).
• Payments: Stripe (billing, payment processing, VAT).
• Transactional email: Resend (EU region).
• Product analytics: Vercel Analytics (cookieless, no personal data).

Strictly necessary only: a session cookie to keep you signed in and a small set of preference cookies (such as theme). These fall under the ePrivacy exemption.

Our launch tracker is cookieless, our product analytics is cookieless, and we set no third-party advertising cookies.

Account, launch, and tracker data is retained while your account is active.

When you ask us to delete your account, we erase your personal data within 30 days. Your launches, roadmap entries, notes, and sign-in tokens are deleted. Your account record and profile are stripped of every identifier so the remaining data cannot be linked back to you. Billing and invoice records are kept only as long as tax law requires (typically 5 years in Denmark).

Under GDPR you can:

• Access the personal data we hold about you.
• Correct data that is inaccurate.
• Delete your account, with the cascade described above.
• Export your data in a machine-readable format.
• Restrict or object to certain processing, and withdraw consent for anything consent-based.

To exercise these rights, email daniel@danielsmidstrup.com. We aim to respond within 30 days. You also have the right to complain to your local data protection authority (in Denmark: Datatilsynet).

DanielLaunches is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has signed up, contact us and we will delete the account.

We may update this policy. Material changes will be posted here with an updated date and announced by email or in-app banner with at least 30 days notice.

D. Smidstrup Holding ApS - daniel@danielsmidstrup.com. Need a Data Processing Agreement? Email the same address and we will provide one on request.