the fine print

Privacy Policy

Last updated: May 27, 2026

1. INTRODUCTION

LaunchX GmbH ("we", "us", or "our") operates the Brutal Coach mobile application and the brutalcoach.app website. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. DATA CONTROLLER

The data controller responsible for your personal data is:

LaunchX GmbH

Lärchenstraße 12
84032 Landshut
Germany

Email: info@launch-x.de

3. INFORMATION WE COLLECT

We collect information that you provide directly to us, as well as a limited amount of technical data:

Account Information

When you create an account we collect your email address, and — if you sign up via Apple or Google single sign-on — the identifier and basic profile data those providers return (typically name and email). Authentication is handled by our provider Clerk. We never see or store your password.

Outfit Images and Analyses

When you use the Service you upload photos of your outfits. Each photo and the resulting analysis (rating, written feedback, color palette, styling tips, occasion, mode) is saved to your private closet so you can revisit it. You can delete any individual analysis, or your entire account, from inside the app at any time.

Subscription State

If you subscribe to Pro, the actual payment is handled by Apple or Google. We receive only your subscription state (active / expired, plan, renewal date) via RevenueCat. We do not receive or store your payment details.

Usage Data

On both the brutalcoach.app website and the mobile app we use OpenPanel for privacy-friendly product analytics — screen / page views, button taps, outgoing link clicks, and basic device info (OS, app version, anonymised country). OpenPanel does not use cookies, does not use advertising IDs, and does not collect personal data that could identify you individually. The mobile app does not include any other third-party analytics or crash reporting.

4. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

  • To provide, maintain, and improve our Service
  • To process your outfit images and generate AI-powered styling feedback
  • To save your past analyses to your personal closet so you can revisit them
  • To manage your account, subscription, and customer support requests
  • To send you transactional emails strictly related to your account (e.g. email verification, password reset)
  • To understand aggregate, anonymous usage of the website so we can improve it
  • To comply with legal obligations and protect against fraud or abuse

5. LEGAL BASIS FOR PROCESSING (GDPR)

Under the GDPR, we process your personal data based on the following legal grounds:

  • Contract Performance: processing necessary to provide the Service you signed up for
  • Consent: where you have given explicit consent — e.g. by uploading an outfit photo for analysis
  • Legitimate Interests: improving the Service, ensuring security, and operating cookie-free website analytics
  • Legal Obligation: when required to comply with applicable law

6. DATA SHARING AND THIRD-PARTY SERVICES

We share your information with the following providers. Each is bound by a Data Processing Agreement and processes data only on our behalf:

OpenAI (United States)

Your outfit images are transmitted to the OpenAI API for AI analysis. OpenAI does not use API content to train its models. Transfers are protected by EU Standard Contractual Clauses.

Amazon Web Services (EU — Frankfurt)

Outfit images and analysis records are stored on AWS S3 in the eu-central-1 region (Frankfurt, Germany), encrypted in transit and at rest. Your photos do not leave the EU.

Clerk (United States)

Handles authentication, sessions, and OAuth via Apple and Google. Clerk is GDPR-compliant; transfers are protected by EU Standard Contractual Clauses.

RevenueCat (United States)

Tracks your subscription entitlement so the app knows whether you're on the free or Pro tier. Does not receive your outfit photos. Transfers are protected by EU Standard Contractual Clauses.

OpenPanel

Cookie-free, anonymous product analytics for the website and the mobile app. Tracks screen / page views and basic interactions so we can improve the product. Does not receive your outfit photos.

7. DATA RETENTION

We retain personal data only for as long as needed to provide the Service:

  • Account data: kept until you delete your account
  • Outfit photos and analyses: kept in your closet until you delete an individual analysis, or until you delete your account
  • Website analytics: kept in aggregate / anonymised form only
  • After account deletion, your data is permanently removed from our active systems within 30 days; encrypted backups roll off within a further 30 days

8. YOUR RIGHTS (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access: request a copy of your personal data
  • Right to Rectification: request correction of inaccurate data
  • Right to Erasure: request deletion of your personal data — you can also do this yourself from the Me tab in the app
  • Right to Restriction: request limitation of processing
  • Right to Data Portability: receive your data in a portable format
  • Right to Object: object to processing based on legitimate interests
  • Right to Withdraw Consent: withdraw consent at any time

To exercise any of these rights, please contact us at info@launch-x.de. We respond within 30 days.

9. DATA SECURITY

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS) and at rest (AWS S3 server-side encryption)
  • Secure authentication and session handling through Clerk
  • Outfit data stored in the EU (Frankfurt, eu-central-1)
  • Access controls limiting who at LaunchX can read your data
  • Regular dependency updates and security reviews

10. INTERNATIONAL DATA TRANSFERS

Your outfit photos are stored in the EU. However, some processing — specifically the AI analysis (OpenAI), authentication (Clerk), and subscription state (RevenueCat) — involves transferring limited data to providers based in the United States. These transfers are protected by EU Standard Contractual Clauses (SCCs) and the providers' own GDPR-compliant frameworks.

11. CHILDREN'S PRIVACY

Our Service is not intended for users under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately and we will delete it.

12. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. SUPERVISORY AUTHORITY

If you are in the EU and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection supervisory authority. In Germany, this is the Bayerisches Landesamt für Datenschutzaufsicht.

14. CONTACT US

If you have any questions about this Privacy Policy or our data practices, please contact us:

LaunchX GmbH

Lärchenstraße 12
84032 Landshut
Germany

Email: info@launch-x.de