Privacy Policy
Last updated: 18 May, 2026 Effective date: 18 May, 2026 Version: MVP Draft — pending legal review
This Privacy Policy explains how Launch Maniac LLC, a Nevada limited liability company ("Launch Maniac," "we," "us," or "our"), collects, uses, shares, and protects information in connection with DocThings (the "Service").
DocThings is a consumer health-adjacent application that lets individuals log how physical restrictions affect their daily life.
This Privacy Policy is intended to be read together with our Terms of Service. The Terms of Service explain your responsibilities when using the Service.
1. Who We Are
DocThings is operated by:
Launch Maniac LLC 732 S 6th St #5926 Las Vegas, NV 89101 United States [email protected]
2. Scope of This Policy
This Privacy Policy applies to:
- The DocThings service.
- The DocThings dashboard and application.
- DocThings account, support, and administrative interactions.
- Websites, pages, and forms we operate in connection with DocThings.
This Privacy Policy does not apply to services operated by third parties, including authentication providers, AI providers, database providers, email providers, or other tools used to operate the Service. Those services are governed by their own terms and privacy policies.
3. Our Role
For all data you submit to DocThings — your entries, tags, and account information — Launch Maniac LLC acts as the data controller. You are not our customer in a B2B sense; you are a consumer user.
4. Information We Collect
We collect information in the following categories.
4.1 Account Information
We collect account information from Clerk, our authentication provider, such as:
- Email address.
- Display name.
- MFA enrollment status.
- Account identifiers and session metadata.
4.2 Symptom and Restriction Log Data
When you create log entries in DocThings, we collect and store:
- Occurrence timestamps (occurred_at).
- Impact type selections.
- Free-text descriptions of your physical restrictions and their daily-life effects.
- Optional pain and inconvenience scores.
- Tags across conditions, activities, triggers, and body parts.
This is the core data the Service exists to capture on your behalf.
4.3 AI Feature Usage Information
When you opt in to the AI clinical summary feature on the export screen, we collect and store:
- A record of your consent to AI processing for that specific export.
- Your AI summary usage count (used to enforce the 10 per user per month cap).
The entry text sent to our AI subprocessor is not stored by us after the summary is returned. See §8.1 for how that data is handled.
4.4 Usage Data
We may collect technical and operational information generated through use of the Service, such as:
- IP addresses.
- Browser type and version.
- Request paths and timestamps.
- Error logs and diagnostic metadata.
We use Usage Data to provide, secure, monitor, troubleshoot, and protect the Service.
4.5 Support and Communications
If you contact us for support or otherwise communicate with us, we may collect:
- Your name and contact information.
- The content of your message.
- Account or technical details needed to respond.
- Support history and resolution notes.
You should avoid sending sensitive information through support channels unless necessary.
5. Information We Do Not Intentionally Collect or Store
In normal operation, DocThings does not intentionally collect:
- Biometric data.
- Precise geolocation data.
- Genetic data.
- Financial or payment information (the Service is free).
- Health records from third-party providers, wearables, or connected devices.
We do not use your data to train or fine-tune AI models. Where the Service uses third-party AI providers to process your entry data, we contractually require those providers not to use your data for training, fine-tuning, or model improvement.
We do not sell your personal data.
We do not share your personal data with advertisers or data brokers.
We do not use your data for cross-context behavioral advertising.
6. How We Use Information
We use information to:
- Provide, operate, and maintain the Service.
- Authenticate users and manage account sessions.
- Store and display your log entries back to you.
- Generate AI clinical summaries when you explicitly opt in per export.
- Provide support.
- Monitor performance, uptime, errors, and reliability.
- Detect, prevent, and investigate abuse, fraud, unauthorized access, security incidents, and violations of our Terms of Service.
- Enforce usage limits and acceptable-use restrictions.
- Improve the Service.
- Communicate with you about your account, security, support requests, legal updates, or service changes.
- Comply with law, legal process, and regulatory obligations.
- Protect the rights, safety, security, and integrity of Launch Maniac, the Service, users, vendors, and others.
7. Legal Bases for Processing
Where applicable data protection law requires a legal basis, we may process personal data based on:
- Contract performance: to provide and administer the Service.
- Legitimate interests: to secure, monitor, improve, support, and protect the Service; prevent abuse; enforce our Terms; and maintain business records.
- Legal obligation: to comply with tax, accounting, regulatory, legal, and law-enforcement obligations.
- Consent: where consent is required, such as for AI clinical summary generation or future optional communications.
8. How We Share Information
We may share information in the following circumstances.
8.1 With AI Subprocessors (opt-in only)
When you enable the AI clinical summary feature on the export screen, the entries within your selected time range are sent to our AI subprocessor (currently Llama 3.3 hosted by Together AI, Inc. in the United States) to generate a one-paragraph summary. The summary text is returned to your browser and is not stored by us. Our subprocessor agreement prohibits training models on your data.
8.2 With Service Providers and Subprocessors
We use third-party providers to help operate, host, secure, monitor, and support the Service.
These providers may process account, authentication, usage, operational, or support information only as needed to provide services to us.
A current subprocessor list is available upon request. To request the list, contact us by email or postal mail at:
Email: [email protected] Postal mail: Launch Maniac LLC, 732 S 6th St #5926, Las Vegas, NV 89101, United States
8.3 For Legal and Safety Reasons
We may disclose information if we believe disclosure is reasonably necessary to:
- Comply with law, legal process, or government request.
- Enforce our Terms of Service.
- Investigate fraud, abuse, security incidents, unauthorized access, or unlawful activity.
- Protect the rights, safety, security, or property of Launch Maniac, users, vendors, or others.
- Prevent harm or misuse of the Service.
8.4 In a Business Transaction
If we are involved in a merger, acquisition, financing, corporate reorganization, sale of assets, bankruptcy, or similar transaction, information may be transferred or disclosed as part of that transaction.
The successor entity will be required to handle personal data in a manner consistent with this Privacy Policy or provide notice of any material changes.
9. User Responsibilities
You are responsible for:
- The accuracy of the log entries you submit.
- Keeping your account credentials secure.
- Compliance with applicable laws regarding your use of the Service.
10. Retention
We retain information only as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer period is required or permitted by law.
We generally retain information by category as follows:
| Category | Retention Approach |
|---|---|
| Account information | Retained while your account is active and for a limited period afterward as needed for administration, support, legal, or operational purposes |
| Symptom and restriction log data | Retained while your account is active; deleted within 7 days of account deletion request |
| AI feature usage records (consent + count) | Retained while your account is active and for a limited period afterward for dispute resolution and compliance |
| Usage Data | Retained as needed for monitoring, security, abuse prevention, troubleshooting, and operational purposes |
| Support communications | Retained as needed to provide support, maintain business records, resolve disputes, and comply with legal or operational requirements |
| Legal, tax, security, and fraud-prevention records | Retained as long as required or reasonably necessary for those purposes |
When information is no longer needed, we may delete, de-identify, aggregate, or archive it in accordance with our business, legal, security, and compliance needs.
Termination of your account does not automatically require immediate deletion of records we must retain for security, fraud prevention, dispute resolution, legal compliance, or legitimate business purposes.
11. Security
We use reasonable administrative, technical, and organizational safeguards designed to protect information processed by the Service.
These safeguards may include:
- Encryption in transit (TLS).
- Encryption at rest for database records.
- Protected credential storage.
- Access controls and authentication controls.
- Monitoring and logging.
- Abuse-prevention controls.
- Vendor security controls.
No system is completely secure. We cannot guarantee absolute security or that unauthorized access, data loss, misuse, or service interruption will never occur.
If you believe your account or data has been compromised, contact us promptly at [email protected].
Data breach notification. In the event of a personal data breach affecting your information, we will notify affected users and applicable regulators in accordance with applicable law and within the timeframes those laws require. For breaches subject to the EU or UK General Data Protection Regulation, notification will typically occur within 72 hours of awareness. For breaches subject to U.S. state law, notification timing will follow the requirements of the applicable state (generally within 30 to 60 days of confirmation). We will provide notice by email or another reasonable method and will include the information required by applicable law.
12. Cookies, Analytics, and Tracking
The DocThings application and related websites may use cookies, local storage, session storage, or similar technologies that are necessary to operate the Service, maintain authentication, provide security, or remember settings.
We do not use your data for advertising.
We do not sell personal data.
We do not share personal data with advertisers or data brokers.
If we add optional analytics or non-essential tracking technologies in the future, we will update this Privacy Policy and provide any notices or choices required by applicable law.
Global Privacy Control. We honor the Global Privacy Control (GPC) signal transmitted by your browser as a valid opt-out request to the extent applicable under state privacy laws.
13. International Data Transfers
We may process information in the United States and other countries where we or our service providers operate.
These countries may have data protection laws different from those in your jurisdiction.
Where required by applicable law, we use appropriate safeguards for international transfers, which may include contractual protections, data processing terms, standard contractual clauses, or other lawful transfer mechanisms.
If your use of the Service requires a Data Processing Addendum, contact us at [email protected].
14. Your Privacy Rights
Depending on your location and applicable law, you may have rights to:
- Access personal data we hold about you.
- Correct inaccurate personal data.
- Delete personal data.
- Export or receive a copy of personal data.
- Object to or restrict certain processing.
- Withdraw consent where processing is based on consent.
- Appeal or complain to a data protection authority.
- Opt out of certain uses where applicable law provides that right.
To exercise privacy rights, contact us at:
Please include "Privacy Request" in the subject line.
You may also submit a request by postal mail at:
Launch Maniac LLC 732 S 6th St #5926 Las Vegas, NV 89101 United States
Please include "Privacy Request" in your written request.
We may need to verify your identity before responding. We will respond within the timeframe required by applicable law.
Some requests may be limited by legal, security, fraud-prevention, dispute-resolution, or operational requirements.
Response timeframes. We will respond to verifiable privacy requests within the timeframes required by applicable law — typically within 30 days under the EU or UK General Data Protection Regulation (extendable by 60 days for complex requests with notice) and within 45 days under the California Consumer Privacy Act and California Privacy Rights Act (extendable by 45 days with notice).
Automated decision-making. We do not use personal data for automated decision-making that produces legal or similarly significant effects on you.
15. California Privacy Notice
Where applicable, California residents may have additional rights regarding personal information, including the right to know, access, correct, delete, and opt out of certain sales or sharing of personal information.
We do not sell personal information.
We do not share personal information for cross-context behavioral advertising.
We do not knowingly collect, sell, or share personal information of individuals under 13.
To exercise California privacy rights, contact us at:
Please include "California Privacy Request" in the subject line.
You may also submit a request by postal mail at:
Launch Maniac LLC 732 S 6th St #5926 Las Vegas, NV 89101 United States
Please include "California Privacy Request" in your written request.
We will not discriminate against you for exercising privacy rights.
16. Washington Consumer Health Data Notice
This section is required by the Washington My Health My Data Act (MHMDA) for residents of Washington State. If you are a Washington resident, this notice supplements the rest of this Privacy Policy.
16.1 Categories of Consumer Health Data Collected
We collect "consumer health data" as defined by MHMDA: the symptom and restriction log entries you create, including descriptions, tag selections (conditions, activities, triggers, body parts), pain and inconvenience scores, and timestamps. We do not collect biometric data, precise location data, or genetic data.
16.2 Sources
You provide all consumer health data directly via the DocThings interface (typed or voice-dictated).
16.3 Purposes of Collection and Use
We use your consumer health data solely to:
- Display your own log back to you
- Generate AI clinical summaries (only when you explicitly opt in per export)
- Provide aggregate, non-identifying analytics about service usage
16.4 Affiliates and Subprocessors
We do not share consumer health data with affiliates. We share data with the subprocessors listed in §8.2 of this Privacy Policy (subprocessor list available on request).
16.5 Your Rights
Washington residents have the right to:
- Confirm whether we are processing your consumer health data and access that data (use the Settings → Download my data feature)
- Request deletion of your consumer health data (use the Settings → Delete my account feature; 7-day grace period applies)
- Withdraw consent to specific processing activities (toggle the AI summary feature off; we will not process your data through AI subprocessors)
16.6 Opt-Out of Sale or Sharing
We do not sell or share consumer health data. There is no sale or sharing for you to opt out of.
16.7 Contact
To exercise MHMDA rights, contact us at [email protected] with the subject "MHMDA Request."
17. EU and UK Users
Where applicable, users in the European Economic Area, United Kingdom, or Switzerland may have rights under data protection laws, including rights to access, correct, delete, restrict, object, port data, withdraw consent, and lodge a complaint with a supervisory authority.
If your use of the Service requires a Data Processing Addendum, contact us at:
You may also contact us by postal mail at:
Launch Maniac LLC 732 S 6th St #5926 Las Vegas, NV 89101 United States
18. Children
DocThings is a consumer application intended for adults.
The Service is not directed to children or individuals under 13. In compliance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal data directly from children under 13. If you believe a child under 13 has provided personal data to us, contact us at [email protected] and we will take appropriate steps to delete it where required.
19. Communications from Us
We may send you service-related communications, such as:
- Account notices.
- Security notices.
- Support responses.
- Legal updates.
- Service-change notices.
- Administrative messages.
These communications are part of the Service and may not always be optional.
If we send optional marketing communications, you may opt out using the instructions in those communications or by contacting us.
20. Changes to This Privacy Policy
We may update this Privacy Policy from time to time.
If we make material changes, we will provide notice by email, website posting, in-product message, or another reasonable method.
The updated Privacy Policy becomes effective when posted or on the effective date stated in the notice.
Your continued use of the Service after the effective date means you acknowledge the updated Privacy Policy.
21. Contact
For privacy questions, requests, or concerns, contact:
Launch Maniac LLC 732 S 6th St #5926 Las Vegas, NV 89101 United States [email protected]