Launchspy
Start free trial

Legal

Privacy Policy

Last updated: May 5, 2026

1. Who we are

LaunchSpy (“we”, “our”, “us”) is a competitive-intelligence service for online creators and infopreneurs. The service is operated by AML BEEYARD SAS, a French simplified joint-stock company registered under SIREN 933 214 249, with its registered office at 96 Rue Paradis, 13006 Marseille, France. This policy explains how we collect, use, share, and protect personal data, in compliance with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and Meta Platform Terms.

2. Data we collect

We collect the following categories of data:

Account & identification data

  • Name, email address, password (hashed)
  • Profile picture, if you sign in with a social provider
  • Plan tier and subscription status

Payment data

  • Billing address, country, and VAT number where applicable
  • Payment-method tokens and transaction history (held by Stripe — we never store full card numbers)

Usage & product data

  • Pages visited, features used, search queries inside the app
  • Saved creators, ads, boards, alerts, and watchlists you create
  • Browser settings and preferences

Technical data

  • IP address, approximate geolocation derived from IP
  • Browser type, operating system, device type
  • Cookies, session identifiers, and security tokens

3. Public-source data & the Meta Ads Library

LaunchSpy aggregates publicly available information from the Meta Ads Library, public creator pages (Gumroad, Skool, Whop, Hotmart, etc.), and public landing pages advertised by creators. This data includes:

  • Advertiser page name and creative content (image, video, copy, CTA)
  • Ad delivery dates, targeting countries, and aggregate EU reach published under the EU Digital Services Act
  • Estimated spend ranges where Meta publishes them (political & issue ads only)
  • Backend-platform fingerprints inferred from HTML on public landing pages

This information is publicly accessible through the Meta Ads Library and the creators’ own websites, and does not contain personal data of Facebook, Instagram, or any platform’s end users.

4. How we use your data

We process personal data to:

  • provide, maintain, and improve the Service;
  • manage your account, subscription, and billing;
  • send transactional emails (alerts, password resets, invoices);
  • send product updates and marketing emails (with your consent — opt-out at any time);
  • detect and prevent fraud, abuse, and security incidents;
  • comply with legal obligations (tax, accounting, court orders).

Public-source data — strict data minimization

Public-source data (Meta Ads Library, public landing pages) is used only for:

  • competitive intelligence — letting our users analyze creator strategies;
  • aggregate market analysis — trends, pricing benchmarks, platform distribution;
  • creative research — letting marketers find inspiration from public ads.

We commit to never:

  • identify private individuals from public-source data;
  • build advertising profiles of end users;
  • retarget individuals across platforms;
  • sell personal data to third parties.

5. Legal bases (GDPR Article 6)

  • Performance of a contract — to deliver the Service you subscribed to;
  • Consent — for non-essential cookies and marketing emails;
  • Legitimate interest — to improve our product, detect fraud, and operate aggregate analytics from public sources;
  • Legal obligation — to retain invoices, comply with tax and accounting law.

6. Sub-processors & data sharing

We share personal data only with vetted sub-processors that act on our instructions:

  • Stripe Inc. (USA / Ireland) — payments, billing
  • Supabase Inc. (USA, EU region) — authentication and database
  • Vercel Inc. (USA) — application hosting
  • Cloudflare R2 (USA) — media (ad creatives, screenshots) storage and CDN
  • Resend (USA) — transactional and marketing email delivery
  • Meta Platforms Ireland — Meta Ads Library API access (read-only, public data)

International transfers outside the European Economic Area are protected by the European Commission’s Standard Contractual Clauses and by additional safeguards where applicable.

We do not sell or rent personal data.

7. Cookies & tracking

We use a small number of cookies:

  • Strictly necessary — authentication, CSRF protection, theme preference. No consent needed.
  • Analytics — aggregated, IP-anonymized usage analytics. Set only after consent in supported regions.

We do not use third-party advertising cookies or cross-site retargeting.

8. Data retention

  • Account data — retained while your account is active and for 30 days after deletion (then permanently erased, except records we must legally keep).
  • Billing records — retained for 10 years to comply with French commercial and tax law.
  • Public-source data — refreshed continuously; historical snapshots retained for trend analysis up to 24 months.
  • Server logs — 90 days max.

9. Meta data deletion request

In compliance with Meta Platform Terms and the GDPR, any user or advertiser may request that we delete data we have indexed from the Meta Ads Library or any public source about them.

  • By email — write to privacy@launchspy.io
  • Processing time — within 7 business days
  • Confirmation — email confirmation once deletion is complete

10. Your rights

Depending on your jurisdiction (EU/EEA, UK, California, others), you have the right to:

  • access — obtain a copy of the personal data we hold about you;
  • rectify — correct inaccurate or incomplete data;
  • erase — request deletion of your data (subject to legal retention duties);
  • port — receive your data in a machine-readable format;
  • object & restrict — object to or limit certain processing;
  • withdraw consent — at any time, without affecting the lawfulness of prior processing;
  • opt out of “sale” or “sharing” (CCPA) — although we do not sell personal data.

To exercise any of these rights, email privacy@launchspy.io. You also have the right to lodge a complaint with the French data-protection authority (CNIL) or your local supervisory authority.

11. Children’s privacy

The Service is intended for users aged 18 and over. We do not knowingly collect personal data from children under 18. If you believe we have, contact us and we will delete it.

12. Security

We protect personal data with TLS 1.2+ encryption in transit, encryption at rest on managed databases, role-based access controls, audited backups, and least-privilege service tokens. No system is perfectly secure, but we work hard to make ours close to it. If you discover a vulnerability, please disclose it to security@launchspy.io.

13. Compliance with Meta policies

LaunchSpy operates in strict compliance with:

  • Meta Platform Terms
  • Meta Developer Policies
  • EU Digital Services Act (DSA) ad-transparency rules

14. Chrome Extension privacy

The official LaunchSpy Chrome extension (available on the Chrome Web Store) lets you save creators, ads, and funnels you discover while browsing. The sections below detail exactly what data the extension touches, where it goes, and how to remove it.

Permissions used

  • activeTab: read the page content only when you click the LaunchSpy icon — never in the background.
  • storage: persist authentication tokens and your local preferences in the browser’s extension storage.
  • tabs: detect when you navigate to a supported site so the save button can appear.
  • host_permissions: limited to the Meta Ads Library, public creator pages on Facebook / Instagram / LinkedIn / X / TikTok / YouTube, and the platforms LaunchSpy tracks (Skool, Gumroad, Whop, Systeme.io, Kajabi, ClickFunnels, GoHighLevel). The full list is published in the extension’s manifest and visible during install.

What the extension collects

When you click Save on a creator, funnel, or ad, the extension reads the public content of the page you’re on and sends to LaunchSpy:

  • the public page URL, title, and HTML metadata;
  • the creator name, advertiser ID, or page handle (where applicable);
  • the ad creative URL and copy text on the Meta Ads Library;
  • the funnel landing-page URL and detected platform fingerprints;
  • your LaunchSpy account ID, used solely to attribute the save to your library.

The extension does not collect:

  • your browsing history or pages you didn’t explicitly save;
  • form inputs, passwords, or anything you type;
  • analytics, telemetry, or behavioural tracking data.

Where the data is stored

  • Locally in the browser (extension storage): your auth token, user preferences, and a small cache of recent saves.
  • LaunchSpy servers: saved creators, funnels, and ads, sent via app.launchspy.io/api and persisted in our Supabase database under per-user Row Level Security (RLS).

Data sharing

Extension-collected data is not sold, not used for advertising, and not used to train AI models. It is only shared with the same sub-processors listed in section 6 (Supabase for storage, Vercel for hosting).

Your control

  • Logout from the popup clears all locally stored auth and cached data.
  • Disable the extension in chrome://extensionsstops all reads — saved data on our servers stays untouched.
  • Uninstall the extension wipes all local storage automatically.
  • Account deletion (request via privacy@launchspy.io) erases all server-side data created via the extension, alongside the rest of your account.

15. Changes to this policy

We may update this policy as the Service evolves. Material changes will be announced by email or in-app notice at least 14 days in advance. The “Last updated” date at the top of this page indicates the effective version.

16. Contact

Privacy questions and rights requests: privacy@launchspy.io
Data Protection Officer: dpo@launchspy.io
General support: support@launchspy.io

← Back to home
TermsRefund PolicySupport