Privacy Policy

1. Information We Collect

When you use Launch Arcade we may collect the following:

• Account information — email address, username, hashed password, optional avatar, and any profile data returned by Google or Discord if you sign in with one of those providers.
• Payment information — processed by Stripe. We store your subscription tier, billing status, and Stripe customer ID, but never your full card details.
• Usage data — apps you unlock, play counts, ratings, reviews, favorites, creators you follow, and search queries you submit on the catalog.
• Creator information — bio, PayPal email for payouts, app submissions (including the source code, assets, screenshots, and cover images you upload), and review correspondence.
• Content you create — messages you send to our support assistant, prompts you submit to our AI app generator (Forge), the apps generated from those prompts, reports you file against apps, and share cards and snapshots you create from apps.
• Stored credentials — if you save your own Anthropic API key for Forge, we encrypt it (AES-256-GCM) at rest and decrypt it only to forward your generation requests to Anthropic.
• Analytics events — page views, signup and subscription events, and app interactions (unlocks, plays, favorites, ratings, snapshot creation, share-card creation, etc.). Events are linked to a per-browser identifier (the la_anon cookie) and are stitched to your account once you sign in.
• Session metadata — first landing page, referrer, UTM parameters, a truncated browser user-agent string, and a session ID.
• Daily challenge data — submitted scores and grids. If you play daily challenges without an account, a random ID stored in your browser tracks your streaks.
• Push notification subscriptions — if you turn on Daily Challenge reminders, we store the push subscription your browser issues (a push-service endpoint URL and its encryption keys) and your browser’s user-agent string, so we can deliver the reminder to that device.
• Technical data — IP address (used for rate limiting and stored alongside analytics events), browser type, device information, and standard server logs.

2. How We Use Your Information

• Provide and maintain your account and subscription, and enforce tier limits.
• Process payments, calculate creator revenue share, and issue payouts.
• Display ratings, reviews, leaderboards, creator profiles, and other public surfaces described in section 3.
• Power AI-driven features (support chat, app generation) as described in section 4.
• Send transactional emails (account confirmations, password resets, billing notifications, security alerts, creator submission updates).
• Send marketing emails only to users who have opted in (see section 6).
• Understand product usage via first-party analytics so we can prioritize what to build.
• Detect abuse, prevent fraud, and rate-limit suspicious traffic.
• Improve the platform and fix bugs.

3. Information You Share Publicly

Some information you provide is visible to other users or to anyone on the internet by design:

• Profile — your username, avatar, bio, and (for creators) your public creator page at /creator/[username].
• Creator content — apps you publish, their cover images and screenshots, and follower counts.
• Ratings and reviews — including your username next to any review text you write.
• Platform SDK content — when an app uses our SDK to store leaderboard scores or gallery posts, your display name and the data you submit are visible to other members using that app.
• Snapshots and share cards — when you create one of these from inside an app, it gets a public URL (/s/[id] or /share/[id]) that anyone can open. Both expire automatically after 90 days.
• Daily challenge leaderboards — your display name and score appear on per-app and platform daily leaderboards.
• Identity inside apps — when you launch an app, the app receives your player ID, display name, and avatar through our Platform SDK so it can save your progress, place you on leaderboards, and so on. This applies to both apps we build and apps built by third-party creators.

4. AI Services and Third-Party Apps

• Support chat — messages you send to our support assistant, along with recent conversation context, are processed by Anthropic’s Claude API. We also store the full conversation in our database so our team can review issues and improve the assistant.
• Forge (AI app generator) — your text prompt and the generated HTML are stored on our servers. Generation runs against Anthropic using either our key or the personal Anthropic API key you save in your account.
• Third-party creator apps — apps in our catalog (including those built by external creators) run inside our chrome but are independent programs. Through the Platform SDK they receive your player ID, display name, and avatar, and they can store per-user save data and shared content (leaderboards, galleries) through our APIs. We don’t inspect every app, so treat creator apps the way you would treat any other third-party web app.

5. Cookies and Analytics

We use a small number of first-party cookies and browser-storage entries:

• Essential — Supabase Auth session cookies (keep you logged in) and Stripe checkout cookies during payment.
• Analytics — la_anon, set when you accept the cookie banner. It’s an HMAC-signed, HttpOnly, first-party identifier we use to attribute analytics events across your visits for up to one year. We don’t share it with anyone and we don’t use it for advertising.
• Consent — la_consent remembers your cookie-banner choice.
• Local / session storage — your daily-challenge anonymous ID, a cookie-consent mirror, your session ID, and small caches for daily challenge data.

We do not use advertising cookies, cross-site retargeting pixels, or third-party trackers. If you decline analytics in the banner we still receive anonymous server-side request logs (which we use for security and reliability), but we do not link those logs to your account.

We also use Vercel Analytics and Vercel Speed Insights for aggregated performance and traffic metrics. Those services may set their own cookies as described in Vercel’s privacy policy.

6. Marketing Emails

We send transactional emails (account confirmations, billing notifications, security alerts, creator submission updates, payout notifications) without an opt-in because they’re tied to your use of the service.

We send marketing emails (weekly digest of new apps, new app alerts in categories you play, product updates, creator news, onboarding tips) only when you have the corresponding preference enabled. New accounts default to opted-in for engagement streams; you can change every preference at any time from your account settings or via the unsubscribe link in any marketing email.

7. Third-Party Services

We rely on the following third-party services, each of which has its own privacy policy:

• Supabase — authentication and database hosting.
• Stripe — payment processing and subscription management.
• PayPal — creator payout processing.
• Vercel — application hosting.
• Vercel Analytics & Speed Insights — aggregated traffic and performance metrics.
• Google — optional sign-in via OAuth.
• Discord — optional sign-in via OAuth.
• Anthropic — AI processing for support chat and Forge generation.
• Resend — transactional and marketing email delivery.
• Sentry — error monitoring. When something breaks, Sentry may receive the URL path you were on, your user ID, browser and device information, breadcrumbs, and the error itself.

8. Data Retention

• Account data — retained while your account is active. After you delete your account we remove personal data within 30 days, except where we’re required to retain it for legal or accounting reasons.
• Analytics events and session metadata — retained for up to one year tied to your la_anon identifier, then aggregated.
• Snapshots and share cards — auto-deleted 90 days after creation.
• Daily challenge submissions and analytics events from creator apps — retained for 90 days.
• Push notification subscriptions — kept until you turn the reminder off, delete your account, or the push service reports the subscription as no longer valid.
• Anonymized aggregate statistics — may be retained indefinitely.
• Backups — may persist for a short window after deletion before rolling off.

Public content (creator profiles, published apps, ratings and reviews, leaderboard entries) is removed when you delete your account, but copies that other users have already seen, downloaded, or screenshotted are outside our control.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Request correction or deletion of your data.
• Export your data in a portable format.
• Withdraw consent for optional data processing (analytics, marketing email).

You can download a full copy of your data, manage your email preferences, change your cookie-banner choice, or permanently delete your account at any time from your account settings. For any other requests, contact us at the email below.

10. Security

We use industry-standard security measures including encrypted connections (HTTPS), secure authentication via Supabase, row-level security on our database, and AES-256-GCM encryption for any third-party API keys you choose to store with us. No method of transmission over the internet is 100% secure, but we take reasonable steps to protect your information.

11. Children

Launch Arcade is not intended for children under 13 and we do not knowingly collect personal information from them. Many of our surfaces (leaderboards, creator profiles, snapshots, share cards) display usernames publicly, so parents should supervise younger users who are otherwise allowed to use the service. If we learn that an account belongs to a child under 13, we will close the account and delete the associated data. If you believe a minor has created an account, please contact us.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new “Last updated” date.

13. Contact

If you have questions about this privacy policy, contact us at support@launcharcade.com.