Privacy Policy

Effective date: May 12, 2026

This Privacy Policy describes how IntraLaunch (“IntraLaunch”, “we”, “us”, or “our”) collects, uses, discloses, and otherwise processes personal data in connection with the website located at intralaunch.io (the “Site”) and the early-access application at app.intralaunch.io(the “Service”).

IntraLaunch is in a pre-launch, design-partner phase. Where customers deploy the IntraLaunch platform into their own cloud environment, the processing of customer application data taking place inside that environment is governed by a separate written engagement agreement between IntraLaunch and the customer. This Policy governs the Site and the control-plane Service we operate.

1. Information We Collect

1.1 Information you provide. When you contact us, request a demo, apply for early access, or create an account, we collect the information you submit, which may include your name, work email address, employer or organisation, role, and the contents of any message you send us.

1.2 Account and configuration data. If you create an account on the Service, we collect account credentials managed via our authentication provider, organisation membership, role, and the configuration you enter when creating launchspaces and infrastructure layers (for example, cloud region, framework selections, and layer input variables).

1.3 Information collected automatically. When you visit the Site or use the Service, we automatically collect technical information including IP address, user-agent string, device and browser characteristics, pages or screens viewed, referring URL, and timestamps. We use cookies and similar technologies for session management, security, and basic analytics, as described in Section 6.

1.4 Information from third parties. We receive information from third-party services we use to operate IntraLaunch, including authentication events from Clerk, error and performance signals from our observability provider, and OAuth profile information from identity providers (such as Google, GitHub, or LinkedIn) when you sign in using them.

1.5 Information we do not collect.IntraLaunch does not, in the ordinary course, access the application runtime data, database contents, message queues, object storage, or secrets located inside a customer’s cloud environment. Those resources remain under the customer’s sole control.

2. How We Use Information

We use personal data for the following purposes:

  • To provide, operate, secure, and improve the Site and the Service;
  • To create and administer accounts and authenticate users;
  • To respond to enquiries, schedule demos, and onboard design partners;
  • To send service-related communications, including account, security, and policy notices;
  • To monitor, detect, and prevent fraud, abuse, and security incidents;
  • To produce aggregate or de-identified analytics about Site and Service usage;
  • To comply with legal obligations and enforce our Terms of Service.

3. Legal Bases for Processing

Where the EU or UK General Data Protection Regulation applies, we rely on the following legal bases: (a) performance of a contract, to provide the Service to you or to take steps at your request prior to entering into a contract; (b) legitimate interests, to operate, secure, and improve the Site and the Service, and to communicate with prospective customers, provided those interests are not overridden by your rights; (c) consent, where required, including for optional cookies and marketing communications, which you may withdraw at any time; and (d) compliance with legal obligations to which we are subject.

4. How We Share Information

We do not sell personal data, and we do not share it with third parties for their independent marketing purposes. We disclose personal data only in the circumstances described below.

4.1 Service providers and subprocessors. We engage trusted vendors to operate the Site and Service on our behalf, including a managed database provider for our control-plane data, Clerk for identity and authentication, cloud hosting providers (Microsoft Azure and Amazon Web Services), PostHog (EU region) for product analytics, an error and observability provider, and large-language-model providers used by the in-product assistant. Each subprocessor processes data under written terms imposing confidentiality and security obligations consistent with this Policy.

4.2 Legal disclosures. We may disclose personal data where required by law, court order, or other legal process, or where we believe disclosure is necessary to protect the rights, property, or safety of IntraLaunch, our users, or others.

4.3 Business transfers. If IntraLaunch is involved in a merger, acquisition, financing, reorganisation, or sale of assets, personal data may be transferred as part of that transaction, subject to standard confidentiality protections and notice obligations.

4.4 With your consent. We may disclose personal data for any other purpose with your consent or at your direction.

5. International Data Transfers

IntraLaunch is operated from the European Union. Some of our subprocessors are located in, or may process personal data in, the United States or other jurisdictions outside the European Economic Area or the United Kingdom. Where personal data is transferred outside the EEA or the UK, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses and the UK Addendum, together with supplementary measures where required.

6. Cookies and Similar Technologies

We use cookies and similar technologies in the following categories:

  • Strictly necessary. Cookies required to keep you signed in, maintain session state, protect against cross-site request forgery, and remember your interface preferences. These are set on a same-origin basis by our authentication provider and our application, and cannot be disabled without impairing functionality of the Service.
  • Product analytics. We use PostHog (EU region) to understand how visitors and users interact with the Site and the Service in aggregate, to measure feature usage, and to diagnose errors. PostHog sets a small number of first-party cookies and similar identifiers for these purposes. Analytics data is processed in the European Union. We do not use it for advertising, retargeting, or sale to third parties.

We do not use third-party advertising cookies, cross-site tracking pixels, or data brokers. You can configure your browser to refuse cookies, but doing so may impair functionality of the Service. EU and UK users have the right to object to processing based on legitimate interests at any time by contacting us using the details in Section 12.

7. Data Retention

We retain personal data for as long as your account is active or as needed to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Server logs and security telemetry are retained for a period proportionate to their purpose, generally not exceeding twelve months, unless retained longer to investigate a specific incident. On termination of your account or written request, we will delete or anonymise personal data subject to limited exceptions for backup retention and legal hold.

8. Security

IntraLaunch maintains administrative, technical, and organisational measures designed to protect personal data against unauthorised access, disclosure, alteration, and destruction. These measures include encryption in transit, access controls based on the principle of least privilege, audit logging, secret management via cloud-native key vaults, and periodic review of our security posture. No system is perfectly secure, and we cannot guarantee absolute security; we will notify affected users and relevant supervisory authorities of qualifying personal-data breaches in accordance with applicable law.

9. Your Rights

Depending on your location and applicable law, you may have the following rights with respect to personal data we hold about you:

  • The right to access and obtain a copy of your personal data;
  • The right to rectify inaccurate or incomplete personal data;
  • The right to erasure (the “right to be forgotten”);
  • The right to restrict or object to processing;
  • The right to data portability;
  • The right to withdraw consent at any time, where processing is based on consent; and
  • The right to lodge a complaint with a competent supervisory authority.

To exercise any of these rights, please contact us using the details in Section 12. We will respond within the time frame required by applicable law, typically within thirty days.

10. Children’s Privacy

The Site and the Service are intended for use by businesses and their personnel and are not directed to individuals under the age of sixteen. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will take appropriate steps to delete that information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Effective date” above and, where appropriate, provide additional notice (for example, by email to registered users or by a banner on the Site). Your continued use of the Site or the Service after the effective date of an update constitutes acceptance of the updated Policy.

12. Contact Us

For questions about this Privacy Policy, to exercise your rights, or to raise a privacy concern, please contact us at privacy@intralaunch.io. For general enquiries, write to hello@intralaunch.io.