30th June 2026
Security
LaunchBrightly is committed to maintaining the confidentiality, integrity, and availability of customer data. Our security program is built around industry best practices and modern cloud security principles — emphasizing least privilege access, encryption, system isolation, and data minimization.
For security inquiries or vendor assessments, contact us at infosec@launchbrightly.com.
Our Approach
The safest data is data we never need to touch. LaunchBrightly is deliberately designed with a minimal footprint: we operate externally, store as little as possible, and run entirely on AWS managed infrastructure. We apply the principle of least privilege across all systems and internal processes, ensuring access is granted strictly on a need-to-know basis.
Infrastructure & Hosting
LaunchBrightly is hosted on Amazon Web Services (AWS) in US regions, built on a fully serverless architecture primarily leveraging AWS Lambda and other managed AWS services.
A serverless architecture reduces our attack surface significantly — there are no persistent servers to patch or configure, and AWS Lambda functions are ephemeral by design, existing only for the duration of a request before being automatically terminated. Infrastructure maintenance, patching, and scaling are managed by AWS. Functions are isolated and event-driven, limiting lateral movement in the event of an incident. All deployments are fully automated, reducing the risk of human error in production environments.
Access to infrastructure is restricted to authorized personnel and governed by strict AWS Identity and Access Management (IAM) policies. All administrative access is logged and auditable.
LaunchBrightly's infrastructure runs entirely on AWS, which maintains SOC 2, ISO 27001, and HIPAA certifications at the platform level — details available at https://aws.amazon.com/compliance/.
Data Encryption & Key Management
LaunchBrightly encrypts customer data both in transit and at rest.
- In transit: TLS 1.2 or higher for all communications between clients and the platform
- At rest: AES-256 encryption for all data stored within our infrastructure
- Key management: AWS Key Management Service (KMS), backed by FIPS 140-2 validated hardware security modules (HSMs)
Encryption keys are tightly controlled and accessible only to authorized services via IAM policies.
Authentication & Access Control
User authentication is managed through AWS Cognito. LaunchBrightly does not store passwords or sign-in credentials — these are transmitted directly from the user's browser to AWS and never handled by our application layer.
Application-level permissions are governed by role-based access control (RBAC). Access to internal systems and production resources is limited to authorized personnel with a documented business need. All privileged access is logged and auditable.
Data Storage
Application data is stored in AWS DynamoDB within US regions. Access is controlled through fine-grained IAM policies — only authorized services and roles may read or write data. All data access occurs through authenticated and authorized service calls, and all data transmissions are encrypted.
How LaunchBrightly Works With Your Application
LaunchBrightly captures screenshots by operating externally — the way a regular user would. Our platform logs into the demo or sandbox account you provide, navigates your application, and captures screenshots. It does not interact with your internal systems, production data, or backend infrastructure.
This is a deliberate architectural choice: LaunchBrightly has no privileged access, no internal integrations, and no exposure to your customer data. It operates entirely within the boundaries your existing user security controls enforce.
Demo account credentials provided for screenshot capture are encrypted immediately on receipt using AWS KMS. Credentials are never returned to the frontend after initial setup and are accessible only to authorized backend services.
Credential & Token Security
Third-party integrations are authenticated using OAuth or API tokens, depending on the integration. In both cases, credentials are encrypted immediately on receipt using AWS KMS with HSM-backed key management. Credentials are never returned to the frontend after initial setup — they are accessible only to backend services.
Customers retain full control over integration permissions and may revoke access at any time, either within LaunchBrightly or directly with the third-party provider.
Employee Access & Internal Controls
Access to customer data by LaunchBrightly personnel is restricted to authorized individuals with a legitimate business need, such as resolving a support request. Where feasible, we obtain written customer permission prior to accessing account-specific data for troubleshooting purposes. All such access is logged and auditable.
Emergency access without prior permission would occur only in rare cases of a critical system-level incident causing service disruption. All emergency access is logged and reviewed.
Your Data & Screenshots
You own your screenshots and all content generated through the platform. LaunchBrightly does not claim ownership over customer content.
You can export all screenshots from the platform at any time. You may request deletion of your account data at any time by contacting infosec@launchbrightly.com — deletion requests are processed promptly. Upon account termination, your data is deleted from our systems in accordance with our standard offboarding process.
Privacy & Data Minimization
LaunchBrightly does not rely on personally identifiable information (PII) to function. The platform operates against demo or sandbox environments and does not access, store, or process your customers' names, email addresses, or payment information.
The only PII LaunchBrightly collects is the name and email address of users who register for the platform, provided directly by you. The platform is fully functional with an anonymous email address.
For international data transfers from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission. Full details are available in our Privacy Policy.
Subprocessors
LaunchBrightly uses a limited set of third-party subprocessors to operate the platform. All subprocessors are evaluated for security and privacy practices prior to engagement.
Amazon Web Services (AWS)
- Purpose: Cloud infrastructure, data storage, authentication
- Location: United States
Stripe:
- Purpose: Payment processing
- Location: United States
Google Analytics:
- Purpose: Product analytics
- Location: United States
Zendesk
- Purpose: Customer support and help center
- Location: United States
Customers may request an up-to-date subprocessor list at any time by contacting infosec@launchbrightly.com.
Payments
Payment processing is handled exclusively by Stripe, a PCI-DSS Level 1 certified processor. LaunchBrightly does not store, process, or have visibility into credit card or banking information. Payment details are transmitted directly to Stripe and never reside in LaunchBrightly systems.
Secure Development Practices
Changes to production systems are deployed through automated pipelines, reducing the risk of manual configuration errors. Access to modify infrastructure or application code is restricted to authorized personnel. We maintain dependency management processes and apply security updates through managed cloud services and automated deployment workflows.
Incident Response
LaunchBrightly maintains an internal incident response process for identifying, containing, and remediating security incidents. In the event of a confirmed breach affecting customer data, we will notify affected customers within 72 hours of confirmation, in accordance with applicable law.
To report a suspected security incident, contact infosec@launchbrightly.com.
Contact
For security inquiries, vendor assessments, or to request supporting documentation — including our Data Processing Agreement (DPA) and security one-pager — contact us at infosec@launchbrightly.com.