Privacy Policy
Effective date: June 3, 2026
LaunchMerlin is operated by Barak Laniado, based in Israel ("LaunchMerlin", "we", "us"). This policy explains what we collect when you use the service at this site and our application, why we collect it, who processes it, and the choices you have.
We keep this short and plain. If anything is unclear, write to us at inquiries@launchmerlin.com.
1. Information we collect
We collect only what we need to run the product:
- •Account data: your email address (used for passwordless magic-link sign-in).
- •Profile data you choose to add: display name, company name, website, and font preference.
- •Launch content: the product idea and target audience you enter, the Launch Brief, and the assets generated from it (landing copy, email sequence, pricing, onboarding, and any edits you save).
- •Your AI key (optional, BYOK): if you add your own xAI API key, it is encrypted at rest with AES-256-GCM. We never display your full key again after entry and never log it.
- •License data: your plan tier and remaining welcome grant, and the redemption record if you redeem a code.
- •Basic usage analytics: privacy-friendly, aggregate page analytics (via Vercel Analytics). We do not build advertising profiles.
We do not collect or store payment card numbers. Purchases are handled by the marketplace or payment provider you buy through (see "Service providers" below).
2. How we use your information
- •To provide the service: generate your Launch Brief and assets, save your work, and let you sign in.
- •To operate your account and apply your license and welcome grant correctly.
- •To send you essential service emails (such as sign-in links).
- •To maintain security, prevent abuse, and debug problems.
- •To understand aggregate usage so we can improve the product.
We do not sell your personal data, and we do not use your launch content to train our own models.
3. AI generation and your content
LaunchMerlin generates content using xAI's models. When you generate a brief or assets, the relevant inputs (your product idea, audience, and Launch Brief) are sent to xAI's API to produce the output. Those requests run either on our key (during your one-time welcome grant) or on your own key if you use BYOK. Your use of the generated output is yours; xAI processes the request under its own terms and privacy policy.
4. Service providers (sub-processors)
We rely on a small set of trusted providers to run LaunchMerlin:
- •Supabase - database, authentication, and storage (your account and launches, protected by row-level security).
- •Vercel - application hosting and privacy-friendly analytics.
- •Resend - delivery of transactional emails such as sign-in links.
- •xAI - AI generation of your brief and assets.
- •AppSumo - if and when LaunchMerlin is offered there, for distribution and license-code redemption.
- •Our payment provider / Merchant of Record - for direct purchases, which processes payment and tax on our behalf. We receive a record of the purchase, not your card details.
5. Data retention
We keep your account and launch content for as long as your account is active so the product keeps working for you. You can ask us to delete your account and associated data at any time (see "Your rights"). We may retain limited records where required for legal, accounting, or fraud-prevention purposes.
6. Security
We protect your data with row-level security so each account can only access its own rows, encryption in transit, and encryption at rest for sensitive secrets such as your BYOK key (AES-256-GCM). No system is perfectly secure, but we work to keep your data safe and to limit who and what can access it.
7. Your rights
You can access, correct, export, or delete your personal data. Much of this is available directly in the app (your profile and launches). For anything else, including account deletion, email us at inquiries@launchmerlin.com and we will action your request.
8. International users
LaunchMerlin is operated from Israel and your data may be processed in Israel and in the regions where our service providers operate. If you are in the EEA, the UK, or California, you have additional rights under the GDPR or CCPA (such as access, deletion, and objection). We honor these requests at inquiries@launchmerlin.com. We do not sell personal information.
9. Cookies
We use only the cookies needed to keep you signed in and to run the service. Our analytics are designed to be privacy-friendly and do not rely on advertising cookies.
10. Children
LaunchMerlin is intended for people aged 18 and over and is not directed to children. We do not knowingly collect data from children.
11. Changes to this policy
We may update this policy as the product evolves. If we make a material change, we will update the effective date above and, where appropriate, notify you. Continued use after an update means you accept the revised policy.
12. Contact
Privacy and general inquiries: inquiries@launchmerlin.com. Product support: support@launchmerlin.com. Operator: Barak Laniado, Israel.