Privacy Policy

Last updated: April 2026

Who we are

LaunchKitty is a website health check platform for small businesses, operated from Lancashire, England. When we say “we”, “us”, or “our” in this policy, we mean LaunchKitty.

Data controller: LaunchKitty
Contact: admin@launchkitty.com

What data we collect and why

We collect different types of data depending on how you use our platform. Here is exactly what we collect, why we collect it, and our lawful basis for processing it under UK GDPR.

Account information

When you purchase a report or subscribe to monitoring, we collect your name, email address, and payment information. Your payment details are processed directly by Stripe — we never see, store, or have access to your full card number. We collect this data to deliver the service you have purchased (lawful basis: contract performance, UK GDPR Article 6(1)(b)).

Website scan data

When you submit a URL for scanning, we fetch the publicly accessible HTML of that page. This is the same information available to any web browser visiting that URL. We analyse it to detect security issues, compliance gaps, SEO problems, and other website health indicators. We do not access password-protected content, admin areas, or private data. We process this data to deliver our scanning service (lawful basis: contract performance).

Analytics data

We use Google Analytics 4 to understand how visitors use our website. This data is anonymised and aggregated. Google Analytics only loads after you consent via our cookie banner. If you do not consent, no analytics data is collected. We process this data to improve our website and services (lawful basis: consent, UK GDPR Article 6(1)(a)).

Cookie data

Our website uses cookies. See the “Cookies” section below for full details of what cookies we use and how to control them.

Contact and support data

If you email us, we store your email address and the content of your message so we can respond and provide support (lawful basis: legitimate interest, UK GDPR Article 6(1)(f)).

How we use your data

We use your data for the following specific purposes and no others:

To generate and deliver website health check reports. To create and manage your account. To process payments via Stripe. To send login credentials and report notifications. To send weekly rescan notifications if you are a monitoring subscriber. To respond to your support enquiries. To improve our scanning accuracy and platform. To comply with legal obligations.

We do not sell your data. We do not share your data with advertisers. We do not use your data for profiling or automated decision-making.

Third-party services

We use the following third-party services to operate our platform:

Stripe (stripe.com) processes all payments. Stripe is PCI DSS Level 1 certified. Their privacy policy is available at stripe.com/privacy. When you make a payment, your card details go directly to Stripe — they never pass through our servers.

Google Analytics 4 (analytics.google.com) helps us understand website usage. It only loads after you consent via our cookie banner. We have configured it with IP anonymisation enabled. Google’s privacy policy is available at policies.google.com/privacy.

CookieYes (cookieyes.com) manages our cookie consent banner. Their privacy policy is available at cookieyes.com/privacy-policy.

Namecheap (namecheap.com) provides our web hosting. Your data is stored on servers managed by Namecheap.

Cookies

Cookies are small text files stored on your device when you visit a website. We use the following categories of cookies:

Essential cookies: These are required for the website to function. They include session cookies that keep you logged in and security cookies. You cannot opt out of these as the website would not work without them. Lawful basis: legitimate interest.

Analytics cookies: These help us understand how visitors use our website. We use Google Analytics 4, which sets cookies to distinguish users and track page views. These cookies are only set after you consent via our cookie banner. Lawful basis: consent.

We do not use marketing or advertising cookies.

You can manage your cookie preferences at any time by clicking the cookie settings link in the footer of any page, or by adjusting your browser settings. Under PECR (Privacy and Electronic Communications Regulations), we are required to obtain your consent before setting non-essential cookies, which is why we show a consent banner on your first visit.

Data retention

We keep your data for different periods depending on its type:

Account data: Retained while your account is active. If you delete your account or ask us to delete your data, we remove it within 30 days.

Single report scan data: Retained for 90 days after delivery, then automatically deleted.

Monitoring subscriber scan data: Retained for 12 months from the scan date, or until your subscription ends (whichever is later), then automatically deleted.

Payment records: Retained for 7 years as required by UK tax law (HMRC).

Support emails: Retained for 12 months after the last communication, then deleted.

Analytics data: Google Analytics data is automatically deleted after 14 months.

International data transfers

Some of our third-party services (Stripe, Google Analytics) process data in the United States. These transfers are protected by the EU-US Data Privacy Framework and standard contractual clauses. We only use services that provide adequate safeguards for international data transfers as required by UK GDPR.

Your rights (UK and EU users)

Under UK GDPR, you have the following rights:

Right of access (Article 15): You can request a copy of all personal data we hold about you.

Right to rectification (Article 16): You can ask us to correct inaccurate data or complete incomplete data.

Right to erasure (Article 17): You can ask us to delete your personal data. We will do so unless we have a legal obligation to retain it.

Right to restrict processing (Article 18): You can ask us to limit how we use your data in certain circumstances.

Right to data portability (Article 20): You can request your data in a structured, commonly used, machine-readable format.

Right to object (Article 21): You can object to processing based on legitimate interest.

Right to withdraw consent (Article 7): Where we process data based on consent (e.g. analytics cookies), you can withdraw consent at any time via the cookie settings in our footer.

To exercise any of these rights, email admin@launchkitty.com. We will respond within one month as required by UK GDPR.

Your rights (US users)

If you are a resident of California, Virginia, Colorado, Connecticut, or other US states with privacy legislation, you have additional rights:

California (CCPA/CPRA): You have the right to know what personal information we collect, request deletion, and opt out of the sale or sharing of your data. We do not sell personal information.

Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA): You have the right to access, correct, delete, and obtain a copy of your data. You can opt out of targeted advertising and profiling. We do not engage in either.

To exercise any of these rights, email admin@launchkitty.com.

Children’s privacy

LaunchKitty is a business tool and is not directed at children under 16. We do not knowingly collect data from anyone under 16. If we learn that we have collected data from a child under 16, we will delete it immediately.

Security

We take the security of your data seriously. Measures we have in place include: HTTPS encryption on all pages, security headers (HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy), PCI DSS compliant payment processing via Stripe, hashed and salted passwords, restricted access to customer data, and regular security reviews.

No system is completely secure. If you discover a security vulnerability, please report it to admin@launchkitty.com.

Complaints

If you are unhappy with how we handle your data, please contact us first at admin@launchkitty.com and we will do our best to resolve your concern.

You also have the right to complain to the Information Commissioner’s Office (ICO), the UK’s data protection regulator:

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
ico.org.uk
Helpline: 0303 123 1113

Changes to this policy

We may update this policy from time to time. If we make significant changes, we will notify you by email (if you have an account) or by placing a notice on our website. The “Last updated” date at the top of this page shows when this policy was last revised.