Privacy Policy
Last updated: June 2026
What we collect
We collect the minimum data required to deliver our services. Specifically:
- Scan data: When you run a free scan, we record the target URL and the scan results (scores, findings, dimension breakdowns). We scan only your publicly reachable URL — we never access your source code.
- Email address: If you provide an email (to receive your scan score, a report link, or to subscribe to Code Care), we store that email alongside your scan or subscription record.
- Subscription and billing data: For paid products (Launch Readiness Audit, Starter, Builder, Pro, DFY Technical Setup, Growth Retainer, Scale Retainer), we record your subscription status, tier, and payment reference. Payment processing is handled entirely by Dodo Payments — we never see or store your card number, bank details, or CVV.
- Usage data: Session tokens (short-lived, stored in your browser only), subscriber dashboard activity (scans run, findings reviewed), and API usage logs (no PII in logs).
- Waitlist entries: If you join a waitlist (e.g., Business OS), we store your email and the product you expressed interest in.
How we use it
- To deliver scan results and audit reports to you
- To send you a magic link to access your subscriber dashboard
- To manage your subscription, including renewal notifications and cancellation processing
- To send weekly or daily digests (Code Care subscribers only, per your tier)
- To notify you of P0 findings that require immediate attention
- To contact you regarding your waitlist position when a product opens
We do not sell your data. We do not share your email with third parties for marketing purposes.
Our products and data scope
| Product | Data collected | Retention |
|---|
| Free Scan | Target URL, scan results, email (optional) | 30 days |
| Launch Readiness Audit ($499) | URL, scan results, email, audit report | 90 days post delivery |
| Starter / Builder / Pro subscriptions | Email, subscription status, scan history, findings | Duration + 30 days post-churn |
| DFY Technical Setup | Email, project scope, repo access (read-only, temporary) | Repo access revoked on delivery; data 90 days |
| Growth Retainer / Scale Retainer | Email, subscription status, ongoing scan history, CTO session logs | Duration + 30 days post-churn |
| Business OS (waitlist) | Email, product interest | Until access granted or you unsubscribe |
Third-party processors
We use the following third-party services to operate. Each is a data processor acting on our instructions:
- Dodo Payments — payment processing. Handles all card/bank data. We receive only a payment reference ID.
- Google Analytics 4 — aggregate site usage measurement. Configured without advertising features. No cross-site tracking. See Google's privacy policy.
- Sentry — application error tracking. Error reports may include request paths and stack traces. No scan results or customer data is included in error payloads.
- Resend / Amazon SES — transactional email delivery (scan scores, magic links, report notifications, digest emails).
- Anthropic API — AI-generated report summaries. We pass anonymized scan finding data to generate executive summaries. No PII is included in prompts.
- Upstash Redis — distributed rate limiting. Stores only IP-derived tokens, not email addresses or scan content.
Scan data and source code
We scan only publicly reachable URLs. We do not require access to your source code for the free scan or the Launch Readiness Audit. For DFY Technical Setup and Code Care subscriptions, we may request read-only access to your repository via GitHub App. This access:
- Is scoped to specific repositories you explicitly grant
- Is used only to run security, reliability, performance, and monitoring checks
- Is revoked by you at any time via your GitHub settings
- Is never shared with other customers. Customer code is never cross-referenced between accounts.
Customer code is deleted 30 days after subscription termination.
Cookies
We use first-party session cookies (necessary for dashboard authentication) and Google Analytics 4 cookies (aggregate analytics only). No advertising, retargeting, or third-party tracking cookies are set.
Data retention
- Free scan results: 30 days from scan completion, then permanently deleted
- Paid audit reports: 90 days from delivery
- Active subscription data: retained for the subscription duration plus 30 days post-churn
- Waitlist entries: retained until you request removal or receive access
- API and error logs: 30 days rolling, no PII
Your rights
You may request any of the following at any time by emailing info@launchreadycode.com:
- Access: a copy of all data we hold about you
- Deletion: permanent deletion of your email, scan data, and any associated records
- Correction: correction of inaccurate data
- Portability: export of your scan history and findings in JSON format
We will action requests within 5 business days.
Security
We apply security-by-default to our own platform — the same standards we assess in customer audits. This includes HTTPS-only delivery, security headers (CSP, HSTS, X-Frame-Options), secrets managed via environment variables (never in code), and rate limiting on all public endpoints. We do not store API keys, GitHub tokens, or payment credentials in our database.
Changes to this policy
We will update the "last updated" date at the top of this page when we make material changes. For significant changes affecting subscriber data handling, we will notify active subscribers via email.
Contact
For privacy questions or data requests, contact us at info@launchreadycode.com or visit launchreadycode.com.