Privacy Policy

1. Who we are and our role

LaunchSite OS provides software that lets health and wellness coaches ("Coaches") manage their clients. Where a Coach is a HIPAA covered entity or their business associate, LaunchSite OS acts as a Business Associate with respect to Protected Health Information ("PHI") that Coaches store in the platform, and handles that PHI in accordance with a Business Associate Agreement (BAA) and applicable law.

2. Information we collect

• Account information — name, email, password, practice/brand details for Coaches.
• Client health information (PHI) — check‑ins, symptoms, system grades, supplement/medication/peptide/PED schedules, meal plans, training programs, lab uploads, body composition, progress photos, goals, messages, and notes entered by Coaches and clients.
• Usage and device data — log data, IP address, browser type, and actions taken in the app, used for security and reliability.
• Cookies — strictly necessary cookies for authentication and session management.

3. How we use information

• To provide, operate, secure, and improve the platform.
• To authenticate users and enforce role‑based access (coach vs. client).
• To generate features you request (e.g., grading, PDFs, AI‑assisted protocol drafting acting only on your own workspace data).
• To detect, prevent, and respond to security incidents.
• To communicate service and account notices.

We do not sell, rent, or use client PHI for advertising.

4. How we protect information

• Encryption of data in transit (HTTPS/TLS) and at rest at the database layer.
• Database row‑level security so a Coach can reach only their own clients, and a client only their own records.
• Server‑side enforcement of coach and client roles on every request.
• Hardened HTTP security headers (HSTS, anti‑clickjacking, MIME protection).
• Least‑privilege, scoped access for automated/AI tooling.

5. Service providers (subprocessors)

We use trusted infrastructure providers to operate the platform, including database/auth/storage and hosting, and an AI provider for assistive features. We enter into data‑processing terms and, where PHI is involved, Business Associate Agreements with subprocessors that require equivalent safeguards. A current list of subprocessors is available on request at [privacy@launchsiteos.com].

6. Sharing and disclosure

We disclose information only: (a) to the Coach who owns the client relationship; (b) to subprocessors under contract; (c) to comply with law or valid legal process; or (d) to protect the rights, safety, and security of users and the platform. We will not otherwise disclose PHI without authorization.

7. Data retention

We retain information for as long as an account is active or as needed to provide the service, then delete or de‑identify it within a commercially reasonable period, subject to legal retention obligations. Coaches control client records within their workspace and may request export or deletion.

8. Your rights

Depending on your jurisdiction, you may have rights to access, correct, export, or delete your personal information. Clients should direct PHI requests to their Coach (the covered entity); we will assist Coaches in fulfilling them. Contact [privacy@launchsiteos.com] for assistance.

9. Children

The platform is not directed to children under 13 (or the applicable age in your jurisdiction) without verifiable parental/guardian consent obtained by the Coach.

10. International users

The platform is operated from [State/Country]. If you access it from elsewhere, you consent to processing in accordance with this policy and applicable law.

11. Changes to this policy

We may update this policy from time to time. Material changes will be posted here with a revised "Last updated" date.

12. Contact

Questions about privacy or this policy: [privacy@launchsiteos.com] · [LaunchSite OS, LLC], [Company mailing address].

This document describes our practices and safeguards. It is not legal advice. HIPAA obligations between you and your clients are governed by your Business Associate Agreement and applicable law.