This Privacy Policy describes how AfterLaunch ("we," "us," or "our") collects, uses, and shares information when you use our service at afterlaunch.io (the "Service").
AfterLaunch is operated by AfterLaunch Technologies, with its principal place of business at D-704, Neelkanth Business Park, Nathani Road, Vidyavihar West, Mumbai 400086, India.
Email address: Required to deliver insights, briefs, and account access.
Business URL: The domain you submit so we can analyze it.
Account credentials: If you create an account, we store your email and a hashed password (we never see your actual password).
Voice samples: Writing samples you optionally provide so generated content matches your style.
Custom prompts: Any custom AI search queries you add (paid tier feature).
Communications: Any messages you send us by email or other means.
2.2 Information collected automatically
Usage data: Pages you visit, features you use, time spent, errors encountered.
Device information: Browser type, operating system, IP address (for security and rate limiting).
Cookies: Essential cookies for authentication and session management. We don't use advertising or tracking cookies.
2.3 Information generated by the Service
AI-generated content: Briefs, action drafts, snapshots, and SEO articles we generate for you.
Monitoring data: Information we observe about your business across the channels we monitor (AI search engines, Reddit, Hacker News, your competitors' public pages, etc.).
Engagement data: Whether you opened emails, clicked actions, marked actions complete.
2.4 Information from Google accounts you connect
Connecting an analytics account is optional. If you choose to connect your Google Analytics or Google Search Console account, you authorise AfterLaunch to access that account on a read-only basis through Google's official OAuth consent flow. We request only the minimum scopes needed:
Google Analytics (scope: analytics.readonly): we read the traffic and engagement metrics for the property you select, such as sessions, users, and conversions.
Google Search Console (scope: webmasters.readonly): we read the search performance data for the site you select, such as clicks, impressions, queries, and average position.
We use this Google data for one purpose: to show you, inside your own AfterLaunch dashboard, whether the growth recommendations we make are working (we call this your outcome and movement data). We never write to, modify, or delete anything in your Google account. We do not use this data for advertising, we do not use it to train any AI or machine-learning model, and we do not sell, rent, or transfer it.
You can disconnect at any time from Settings then Connections, or by revoking access directly at https://myaccount.google.com/permissions. When you disconnect, we stop fetching new data and delete the stored access tokens.
3. How we use information
We use information to:
Provide the Service (generate snapshots, deliver briefs, monitor channels you've opted into)
Show you results from accounts you connect (read your Google Analytics and Search Console stats to display your outcome and movement data)
Improve the Service (understand which features work, fix bugs, calibrate AI quality)
Communicate with you (send transactional emails, respond to support inquiries)
Process payments (when you upgrade to a paid plan)
Maintain security (detect abuse, prevent fraud)
Comply with legal obligations
4. AI processing: important
The Service uses third-party AI providers (Anthropic, OpenAI, Google, Perplexity) to generate content and analyze data. When you use the Service:
Your inputs may be sent to these AI providers for processing
These providers do NOT train their models on your data (we use API tiers that exclude data from training, per their published terms)
Outputs are returned to us, persisted in our database, and made available to you
We rely on these providers' privacy practices for the AI processing portion. Their policies are available at:
Service providers: We use third-party services to operate (hosting via Vercel, database via Supabase, email via Resend, AI via Anthropic/OpenAI/Google/Perplexity, payments via Dodo Payments). They process data on our behalf under their own privacy obligations. Dodo Payments acts as merchant of record for AfterLaunch subscriptions, which means they handle VAT, GST, and other applicable taxes on our behalf.
Legal compliance: If required by law, regulation, court order, or to protect rights and safety.
Business transfers: If we're acquired or merge with another company, your information may transfer (we'd notify you).
We do NOT:
Sell your personal information to anyone
Share your information with advertisers
Use your data to train external AI models
Transfer, sell, or share the data we read from your connected Google accounts, except as needed to provide the feature to you or where required by law
6. Data retention
Account data: Retained while your account is active and for 90 days after deletion.
Connected-account data (Google Analytics, Search Console): Retained while the connection is active. Access tokens are encrypted at rest and deleted when you disconnect or close your account.
Generated content (briefs, snapshots, articles): Retained while your account is active. Deleted with your account.
Email logs and engagement data: Retained for 90 days.
Server logs and security data: Retained for 30 days.
Payment records: Retained as required by law (typically 7 years for tax compliance).
7. Your rights
Depending on where you live, you may have rights to:
Access: Request a copy of your data
Correction: Update inaccurate data
Deletion: Request deletion of your data
Portability: Receive your data in a machine-readable format
Object: Object to specific processing
Withdraw consent: Where processing is based on consent
For EU/UK users, these rights are guaranteed under GDPR. For California users, under CCPA. For other regions, similar rights may apply under local law.
To exercise any right, email [email protected]. We'll respond within 30 days.
8. Data security
We use industry-standard practices:
TLS encryption in transit
Encryption at rest for databases
Access controls limiting who can read sensitive data
Regular security review of our infrastructure
No system is perfectly secure. If we discover a security incident affecting your data, we'll notify you and authorities as required by law.
9. International data transfers
We're based in India. Our infrastructure providers may store and process data in countries including the United States, India, and the European Union.
For EU/UK users: We rely on Standard Contractual Clauses or equivalent legal mechanisms for data transfers outside the EU/UK.
10. Children's privacy
The Service is for business use by adults. We do not knowingly collect information from anyone under 18. If you believe we have, contact us and we'll delete it.
11. Cookies
We use essential cookies only:
Session cookies for authentication
Security cookies (CSRF tokens, etc.)
Functional cookies (preferences)
We do NOT use:
Advertising cookies
Third-party analytics cookies
Behavioral tracking cookies
You can disable cookies in your browser, but the Service won't work properly without essential cookies.
12. Changes to this policy
We may update this Privacy Policy. Material changes will be communicated via email and a notice on the Service at least 14 days before taking effect. Continued use after changes constitutes acceptance.
Address: D-704, Neelkanth Business Park, Nathani Road, Vidyavihar West, Mumbai 400086, India
For EU/UK users: You can lodge a complaint with your local data protection authority. EU representative (if required): TBD if needed for GDPR Article 27 compliance.