GDPR compliance, data ownership, export and deletion, consent checkboxes, retention, and Data Processing Agreements (DPA).
8 answers · Updated June 2026
Yes. LaunchList is built to support GDPR-compliant waitlists for EU founders and EU-resident signups. The platform supports:
Compliance is shared responsibility — you control what you collect, how you display the consent prompt, and what your privacy policy says. Read our privacy policy and terms.
Waitlist data is stored on encrypted, managed databases hosted on Laravel Cloud's infrastructure (which sits on AWS / Cloudflare R2 for object storage). Backups are encrypted at rest and in transit (TLS 1.2+).
We do not sell, share, or rent signup data. We do not use it to train machine-learning models. The full data flow is documented in our privacy policy. For enterprise data-residency or DPA requirements, contact us at [email protected].
Yes. Waitlist → Submissions → Export lets you download the full list as CSV or XLSX, sorted by queue position. The export includes: email, name, queue position, referral count, referrer, signup source, custom field values, signup timestamp, and verification status.
Exports are available on the free tier and there is no cap on how often you can run them. Many founders run a weekly export as a backup even when they have no immediate need. You can also stream signups in real time via webhook or Zapier.
Open Waitlist → Submissions, find the row, and click Delete. Deletion is immediate and permanent — the email and all associated metadata (referrals, custom fields, position) are removed.
If a deleted user signs up again, they re-enter at the current end of the queue (not their old position). Bulk deletes are supported via multi-select. For automated deletion via API, contact us — most teams handle this manually given the volumes involved.
Yes. EU residents have a right to erasure under GDPR Article 17, and similar rights exist under CCPA (California). When you receive such a request, find the email under Waitlist → Submissions and delete it — the record is removed within seconds.
If the request comes to LaunchList directly (rather than to you, the data controller), we will forward it to you and confirm deletion. We are the data processor; you are the data controller. For policy language to copy into your privacy policy, see our own privacy policy for examples.
You do. Every signup on your waitlist belongs to you, the project owner. LaunchList is the processor — we hold the data so we can run the form, leaderboard, and integrations on your behalf.
We do not aggregate it, share it across customers, or use it to enrich a separate database. If you cancel, downgrade, or delete your account, you can export your full list first. Full terms in Terms of Service.
Yes. Under Waitlist → Settings → Form fields, you can add a required consent checkbox with custom label text — for example "I agree to the terms and privacy policy" — and it will block submissions where the box is unchecked.
If you operate in the EU, UK, or California, this is the recommended pattern for double-opt-in lawful basis. The consent state is stored on the signup record and exported alongside the email, so you have an audit trail per signup.
Yes — a standard DPA is available for paid customers, including the EU Standard Contractual Clauses for transfers outside the EU. Email [email protected] with your company name and we'll send the countersigned PDF.
If your legal team needs custom terms (specific subprocessors, deletion windows, audit rights), we can review on a case-by-case basis. For the broader privacy posture and the data we process, see our privacy policy.
Free for the first 100 signups. No credit card. Up and running in under 5 minutes.
Start free