Privacy Policy

We take your privacy seriously. This policy explains what data Launched (operated by NexusFleet, Malta) collects, why, how we use it, and what rights you have under the EU General Data Protection Regulation (GDPR).

1. Who we are (Data Controller)

NexusFleet · Malta · hello@craftura.net · +356 7753 0243

2. What data we collect

Account data

• Username and email address (required)
• Display name, bio, avatar, website (optional)
• Hashed password (bcrypt — we never see your plain password)

Activity data

• Products you submit, comment on, or upvote
• Contact form submissions (name, email, phone, message, timestamp, IP address)
• Server access logs (IP, user agent, timestamps) — kept 30 days for security/abuse monitoring

Payment data

• Processed by Stripe (PCI-DSS Level 1). We receive only order ID, amount, currency, and customer email.
• We never see, store, or process your card details.

What we do NOT collect

• No third-party advertising trackers
• No Google Analytics, Facebook Pixel, or similar
• No biometric or location data

3. Legal basis (GDPR Art. 6)

• Contract: processing necessary to deliver the service
• Legitimate interest: security, fraud prevention, abuse mitigation
• Consent: marketing emails (only if you opt in)
• Legal obligation: tax records, regulatory compliance

4. How we use your data

• To operate and maintain your account
• To process payments via Stripe
• To deliver products you purchased
• To respond to support and contact-form inquiries
• To monitor for abuse, spam, and security incidents

5. Data sharing

We do not sell your data. We share only with these processors under GDPR-compliant DPAs:

• Stripe (payment processing) — Ireland / USA
• Brevo (transactional email) — France / EU
• Hetzner (hosting) — Finland / EU (EU data residency)

6. Data retention

• Account data: until you delete your account
• Server logs: 30 days
• Payment records: 7 years (Maltese tax law)
• Contact form submissions: 12 months, then auto-deleted

7. Your GDPR rights

• Access: request a copy of all data we hold about you
• Rectification: correct inaccurate data
• Erasure (right to be forgotten): delete your account and data
• Portability: receive your data in a machine-readable format
• Objection: opt out of non-essential processing
• Restriction: limit processing
• Withdraw consent: at any time

Email hello@craftura.net. We respond within 30 days.

You also have the right to lodge a complaint with the Maltese data protection authority: idpc.org.mt

8. Security

• All traffic encrypted with TLS 1.3
• Passwords hashed with bcrypt
• VPN-locked admin panels
• Daily encrypted backups, off-site rotation
• 12 guardian daemons monitoring 24/7
• CodeQL security scanning on every deployment

9. Cookies

Only essential cookies for authentication (single session cookie, HTTP-only, Secure, SameSite=Lax). No advertising or tracking cookies.

10. Children

Launched is not directed at children under 16. We do not knowingly collect data from minors.

11. Changes to this policy

Material changes will be announced via email and posted here with a new "Last updated" date.