Privacy Policy
Last updated: June 13, 2025
1. Who We Are
LaunchFamily Inc. ("LaunchFamily," "we," "us," or "our") is a Delaware corporation headquartered at 2515 S Imperial Pl, Ontario, CA 91761. We develop and operate LaunchFamily and the LaunchLife Marketplace, platforms designed to support parents, families, and individuals through personalized tools, expert content, verified provider connections, and AI-driven assistance.
2. Scope of this Policy
This Privacy Policy explains how we collect, use, disclose, and retain your personal information when you use our website, mobile app, marketplace platform, expert portal, and related services (collectively, the "Service"). It applies to all users of our Service and supplements any region- or state-specific notices that may apply (e.g., California, EEA, UK).
3. Key Principles
- Data minimization: We collect only what we need.
- Explicit consent: We never pre-check consent boxes. You must affirmatively opt in to SMS, marketing, or sharing children's data.
- No sale of data: We do not sell your personal data, including SMS opt-in data or children's information.
- SMS data: We do not share or sell opt-in SMS information or originator consent data. This information is never shared with third parties and complies with TCPA and CTIA requirements.
- Parental control: Children under 13 cannot register. Only verified parents or guardians may create child profiles.
- Security by design: We use encryption in transit and at rest, access controls, and 24/7 monitoring to safeguard your data.
4. What Information We Collect
We collect personal data either directly from you, from your device, or from third-party services you authorize. This includes:
| Category | Examples | Legal Basis / Purpose |
|---|---|---|
| Account Data | Name, email, password, profile photo, phone number | Contract performance |
| Family Data | Household structure, roles, child names (limited data) | Contract performance; legitimate interest |
| Content & Activity | Tasks, messages, notes, AI-generated content, preferences | Contract performance |
| Marketplace Activity | Bookings, consultations, messages with providers, reviews | Contract performance |
| Usage Data | Log files, IP, browser type, analytics events | Legitimate interest (security, diagnostics) |
| SMS Consent Logs | Opt-in checkbox state, timestamp, IP, STOP/HELP logs | Legal obligation (TCPA/CTIA), compliance |
| Payment Data | Tokenized card info (via Stripe) | Contract performance; legal obligation |
| Device & App Info | OS version, device ID, language, push token | Legitimate interest (performance, security) |
| Location Data | City or region derived from IP | Legitimate interest (security, regional features) |
We do not collect:
- Biometric identifiers
- Full personal identifiers of children (e.g., photos, locations)
5. How We Use Your Information
- Create and manage your account
- Deliver personalized parenting tools and suggestions
- Connect you with verified providers in the marketplace
- Process bookings, consultations, and payments
- Facilitate messaging between clients and providers
- Store family tasks, content, and plans
- Send transactional communications (e.g., password resets, booking confirmations, alerts)
- Authenticate identity and manage security
- Conduct analytics, monitor performance, debug errors
- Comply with legal requirements (e.g., SMS consent logs)
- Train and improve our AI systems using anonymized data
- Respond to your support inquiries
For details about how we handle SMS consent and delivery, see our SMS & A2P Messaging Terms. We do not use your data to serve third-party advertising. We do not allow human review of your AI-generated content unless explicitly authorized by you (e.g., during support).
6. Third-Party Services and Subprocessors
We use vetted vendors (subprocessors) that help us operate the Service securely and efficiently:
- OpenAI LLC (AI services)
- Amazon Web Services (hosting and infrastructure)
- Stripe (payment processing)
- Segment (customer data platform)
- Twilio (SMS and communications)
- Google / Microsoft OAuth & Calendar APIs (authentication and calendar integration)
- Spoonacular (meal planning data)
- Mixpanel (analytics)
- Sentry (error monitoring)
- DataDog (infrastructure monitoring)
7. Cookies and Tracking Technologies
We use cookies to remember your session, track usage, and improve the product. You may disable cookies in your browser settings, but functionality may be limited. For details, see our Cookie Policy.
8. Retention Schedule
| Data Type | Retention Period |
|---|---|
| Account records | 7 years after account deletion |
| Chat logs & AI content | 2 years (unless deleted earlier by user) |
| Bookings and marketplace activity | 7 years (legal and tax compliance) |
| Consent and SMS logs | 2 years |
| System logs | 1 year |
| Encrypted backups | 30 days |
| Aggregated/anonymized data | Indefinite |
9. International Data Transfers
If you're in the EEA/UK, we use Standard Contractual Clauses (SCCs) (2021/914/EU) and the UK Addendum. These apply automatically when you access LaunchFamily from those regions.
10. Your Rights
You may request to:
- Access, correct, or delete your data
- Opt out of non-essential uses (e.g., analytics)
- Request data portability
- Appeal a denied request
To exercise these rights, email privacy@launchfamily.com.
11. Children's Privacy
- Children cannot register directly
- Parents may create limited profiles
- No collection of photos, location, or biometric data from children
- We comply with COPPA
12. Google API & OAuth Use
LaunchFamily affirms that our use of Google user data complies with the Limited Use of user data requirement.
- We only access calendar and authentication data for user-requested features
- We do not share this data with third parties or use it for advertising
- We do not use any raw or derived data from Google Workspace APIs or Photos APIs to train, develop, or improve generalized AI or machine learning models
- We adhere to the Google API Services User Data Policy, including the Limited Use requirements for Google Workspace APIs and the Limited Use requirements for the Google Photos API
13. HIPAA Disclaimer
We are not a medical provider and do not sign Business Associate Agreements (BAAs). We do not store or process Protected Health Information (PHI) under HIPAA.
14. Security
We use TLS 1.2+, AES-256 encryption in transit and at rest, IAM controls, audit logging, and yearly penetration testing. No system is 100% secure, but we continuously monitor and improve protections.
15. Changes to this Policy
We'll email or notify you in-app 30 days before any material changes take effect. You can always review the "Last updated" date above.