LaunchLogs Data Processing Agreement (DPA)

Last updated: November 1, 2025

This Data Processing Agreement ("DPA") is between you (the "Customer") and LaunchLogs ("LaunchLogs", "we", "us", or "our"). It forms part of our Terms of Service and governs how we process personal data on your behalf when you use LaunchLogs.

1. Key Terms (Plain English)

• Controller - That's you. You decide what data to connect, what repos to sync, and why you are processing that data.
• Processor - That's us, LaunchLogs. We process personal data only to provide you with LaunchLogs features (summaries, logs, and related services).
• Subprocessor - Third-party vendors we use to help deliver the service (for example, cloud hosting, databases, email delivery, and AI infrastructure).
• Personal Data - Any information relating to an identified or identifiable natural person, as defined under applicable data protection law.
• Services - The LaunchLogs application and related services, including commit syncing, AI summaries, daily logs, and notifications.

2. Scope of Processing

• When you connect LaunchLogs to your GitHub account and use the Services, we process personal data that you provide or that is accessible through your authorized integrations (for example: account details, repository metadata, commit messages, and collaborator identifiers).
• We process this data solely to:
  • Generate summaries and daily logs based on your commit activity,
  • Provide your LaunchLogs dashboard and public profile (if enabled), and
  • Send you notifications or email digests you have opted into.
• We do not sell your data or use it for our own independent marketing or profiling. We only process personal data to operate, maintain, and improve the Services.

3. Categories of Data & Data Subjects

The personal data we process on your behalf may include:

• Customer account data - such as your name, email address, authentication identifiers, and subscription details.
• Repository and commit data - including commit messages, branch names, repository metadata, and associated contributor identifiers (for example, GitHub usernames and emails where provided).
• Usage and technical data - such as IP address, device information, browser type, and interaction logs, used to secure and improve the Services.

The data subjects may include you (the account holder), your collaborators whose information appears in repositories you connect, and any other individuals whose personal data is contained in the content you choose to process via LaunchLogs.

4. Data Retention

• Your account-level data is retained for as long as your LaunchLogs account is active. If you close your account, we will delete or anonymize your personal data within a reasonable period, subject to any legal retention requirements.
• Daily logs, summaries, and related content may be retained for the duration of your subscription to provide historical context and features such as streaks and progress views.
• You may request deletion of your data at any time, and we will act on your request in accordance with applicable law and this DPA.

5. Subprocessors

To provide the Services, we rely on trusted subprocessors for cloud infrastructure, data storage, email delivery, and AI processing. These may include, for example, cloud hosting providers, managed databases, transactional email services, and AI model providers.

We only use subprocessors that implement appropriate technical and organizational measures to protect personal data. We enter into data protection terms with each subprocessor as required by applicable law.

We may add or replace subprocessors over time. When we do, we will update our subprocessors list or provide notice through our website or app.

6. International Data Transfers

LaunchLogs and some of our subprocessors may be located in jurisdictions outside of your own, including outside the European Economic Area (EEA) or the United Kingdom. This means personal data may be transferred internationally.

Where required, we rely on appropriate safeguards for such transfers (for example, Standard Contractual Clauses or equivalent mechanisms) and on our subprocessors’ compliance with applicable data protection laws to protect personal data during and after transfer.

7. Security Measures

We implement appropriate technical and organizational measures to protect personal data, including:

• Encryption in transit (HTTPS/TLS) for data exchanged with our Services.
• Access controls and least-privilege principles for internal systems.
• Logical separation of customer data where appropriate.
• Backups and safeguards designed to prevent accidental loss or corruption of data.
• Monitoring and logging to detect unusual or unauthorized activity.

8. Roles & Responsibilities

Your responsibilities (as Controller):

• Ensure that you have a lawful basis for processing personal data that you connect to LaunchLogs (for example, data in your repositories or commits).
• Provide appropriate information and notices to data subjects, as required by law.
• Manage and respond to data subject requests (for example, access, correction, deletion) relating to the data you control.
• Configure your use of LaunchLogs in a way that respects your legal and contractual obligations.

Our responsibilities (as Processor):

• Process personal data only on your documented instructions and as described in this DPA and our Terms of Service.
• Maintain appropriate security measures to protect personal data we process on your behalf.
• Notify you without undue delay after becoming aware of a personal data breach affecting your data, where such notification is required by law.
• Provide reasonable assistance to help you meet your own data protection obligations with respect to the data we process, to the extent technically and commercially feasible.

9. Data Subject Rights

If a data subject contacts LaunchLogs directly with a request relating to their personal data that we process on your behalf, we will, where reasonably possible, notify you and direct the data subject to contact you as the Controller.

Where required and to the extent reasonably practicable, we will assist you in fulfilling data subject rights requests (such as access, deletion, or restriction) in relation to the personal data processed via LaunchLogs.

10. Governing Law

This DPA is governed by the same governing law and jurisdiction as set out in ourTerms of Service.

By using LaunchLogs, you agree to this Data Processing Agreement.