Privacy Policy

Last updated: 27 February 2026

1. Who we are

LaunchPt. is a free web application that helps UK students discover work experience placements, insight days, and career opportunities across law, medicine, tech, finance, and more. We are based in the United Kingdom.

LaunchPt. is an independent project built to make career opportunities more accessible to sixth form students.

Our website is the-launchpoint.co.uk.

2. What data we collect

We collect the following types of data when you use LaunchPt.:

Account data

  • Your email address
  • Your password (this is hashed — we never see or store your actual password)

Profile data

  • Your year group
  • Your career interests (e.g. law, medicine, tech, finance, business, STEM)

Demographic data

  • Gender
  • Ethnicity
  • Disability status
  • School type
  • Predicted grades
  • Work experience status

This information is collected during onboarding to match you with relevant opportunities — for example, programmes specifically for women, BAME scholarships, or disability support schemes. You can choose "Prefer not to say" for all demographic fields.

Some of this data (gender, ethnicity, disability status) is classified as special category data under UK GDPR Article 9. We collect it only with your explicit consent, which you provide during the consent process when you first use LaunchPt. You can withdraw this consent at any time by deleting your account.

Usage data

  • Login and logout times
  • Session duration
  • Pages visited
  • Browser and device type (user agent)

Saved opportunities

  • Which opportunities you bookmark or save

3. Why we collect it (legal basis)

Under UK data protection law, we need a lawful basis for collecting and using your personal data. Here is how each type of data is justified:

Account & profile data

Necessary to perform our contract with you (performance of a contract). We need your email to create your account and your interests to show you relevant opportunities, as set out in our Terms of Service.

Demographic data

Collected with your consent during onboarding, to match you with opportunities you are eligible for. You can choose "Prefer not to say" for every demographic field.

Usage & session data

Legitimate interest in understanding how the service is used so we can improve it.

Analytics cookies (Microsoft Clarity, Google Analytics)

Consent — these tools are only loaded if you click "Accept" on the cookie banner.

4. How we use your data

  • To show you relevant opportunities based on your interests and eligibility
  • To let you save and track opportunities
  • To understand how the site is used so we can improve it

We do NOT sell your data to anyone.

We do NOT use your data for advertising.

5. Who we share data with

We use the following third-party services to run LaunchPt.:

Supabase

Database & authentication provider

Stores your account, profile, and session data. Our database is hosted in the European Union (Stockholm, Sweden) on Supabase's cloud infrastructure. Your data remains within the EU.

Privacy policy

Netlify

Website hosting

Hosts the LaunchPt. website. Netlify processes HTTP requests and may log IP addresses and request metadata as part of standard web hosting. Netlify is US-based.

Privacy policy

Anthropic (Claude AI)

AI data enrichment

We use Anthropic's Claude API to enrich opportunity data — generating short descriptions and benefit text for the opportunities shown on the platform. No personal user data is sent to Anthropic; only opportunity text (titles, descriptions, organisation names) is processed. Anthropic is US-based.

Privacy policy

Microsoft Clarity

Analytics

Records how users interact with the site (clicks, scrolls, page views). Only active if you accept cookies. Microsoft is US-based.

Privacy policy

Google Analytics

Analytics

Tracks page views and general usage patterns. Only active if you accept cookies. Google is US-based.

Privacy policy

Resend

Email service

Used to send account-related emails (such as password resets). Resend is US-based.

Privacy policy

We do not directly share your personal data with any third parties beyond those listed above. Our processors may use their own sub-processors to deliver their services — details of these are available in their respective privacy policies. For all US-based providers listed above, we rely on appropriate safeguards (such as Standard Contractual Clauses) for international data transfers as required under UK GDPR.

We are responsible for ensuring our third-party processors handle your data in accordance with applicable data protection law. We select processors that we believe meet appropriate data protection standards and have appropriate contractual safeguards in place. Each provider's own privacy policy is linked above for your reference.

6. Cookies

We use a cookie consent banner when you first visit our site. Here is how cookies work on LaunchPt.:

  • Analytics cookies (Microsoft Clarity and Google Analytics) are only loaded if you click "Accept" on the cookie banner.
  • If you click "Reject", no analytics cookies are set.
  • Your cookie preference is stored in your browser's local storage.
  • You can change your cookie preference at any time by clicking "Manage Cookies" in the page footer.

Essential cookies

Supabase authentication cookies are necessary for the site to work (e.g. keeping you logged in). These do not require consent because the site cannot function without them.

7. Data retention

  • Account and profile data: kept until you delete your account.
  • Session and usage data: kept until you delete your account.
  • Consent records: timestamps and policy versions of your consent are stored for as long as your account exists, as required for legal compliance.
  • Safeguarding records: if a safeguarding concern is raised, records are retained for 3 years or until the individual turns 25 (whichever is longer), in line with UK safeguarding guidance.
  • Analytics data: Google Analytics data is retained for 14 months. Microsoft Clarity session recordings are retained for 30 days. This retention is managed by Google and Microsoft respectively.
  • Inactive accounts: accounts that have been inactive for 12 months may be deleted after we send a notification email. Users who do not consent to our policies by 31 December 2026 will have their accounts and data deleted automatically.
  • When you delete your account, all your data is permanently removed from our systems, including your profile, saved opportunities, session records, and consent records.

8. Your rights (under UK GDPR)

Under UK data protection law, you have the following rights:

  • Right to access: you can request a copy of your data.
  • Right to rectification: you can update your profile in your account settings.
  • Right to erasure: you can delete your account in settings, which removes all your data.
  • Right to restrict processing: you can ask us to limit how we use your data.
  • Right to data portability: you can request your data in a portable format.
  • Right to object: you can object to us processing your data.
  • Right to withdraw consent: for analytics cookies, you can withdraw consent at any time via the cookie banner. To withdraw consent for demographic data processing, you can delete your account or contact us at contact@the-launchpoint.co.uk.

To exercise any of these rights, please email us at contact@the-launchpoint.co.uk.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection authority, at ico.org.uk.

9. Children's data

Our service is designed for students aged 16–18 (Year 12–13). We take extra care with data from young people:

  • We collect only what we need to provide the service.
  • We do not use your data for profiling or targeted advertising.
  • Privacy settings are set to high by default — analytics cookies are off unless you actively accept them.

You must be at least 16 years old to create an account on LaunchPt. If you are under 16, please do not sign up or use the service. During account creation, you are required to confirm that you are 16 or older.

10. Data security

We take the security of your data seriously:

  • All data is transmitted over HTTPS (encrypted in transit).
  • Passwords are hashed — we never see or store your actual password.
  • Access to the database is restricted to authorised personnel only.
  • We regularly review our security practices.

11. Data breach notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, as required by UK GDPR.
  • Notify affected users without undue delay if the breach is likely to result in a high risk to your rights and freedoms.
  • Document all breaches, including those that do not require notification, as part of our internal records.

12. Consent records

When you consent to our policies, we record the following information:

  • The date and time you gave consent
  • Which policy version you consented to
  • Individual timestamps for each consent element (terms of service, privacy policy, age confirmation, and demographic data processing consent)

These records are retained for as long as your account exists and are used to demonstrate compliance with UK GDPR consent requirements. They are deleted when you delete your account.

13. AI data processing

We use artificial intelligence (Anthropic's Claude API) to improve the quality of opportunity listings on the platform. Specifically:

  • Opportunity data (titles, descriptions, organisation names) scraped from public websites is sent to the Claude API to generate short descriptions and benefit text.
  • No personal user data (such as your name, email, profile, or demographic information) is sent to the AI service.
  • The AI-generated content is stored in our database and displayed to users on the platform.

14. International data transfers

Some of the third-party services we use are based in the United States. This means your data may be transferred to and processed in the US. The services we use and their locations are:

  • Supabase (EU — Stockholm, Sweden) — database and authentication. Your data remains within the EU.
  • Netlify (US) — website hosting
  • Anthropic (US) — AI enrichment of opportunity data only
  • Microsoft (US) — Clarity analytics (with cookie consent)
  • Google (US) — Google Analytics (with cookie consent)
  • Resend (US) — transactional emails

For all international transfers, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) as required under UK GDPR to ensure your data is protected to an equivalent standard as within the UK.

15. Changes to this policy

We may update this privacy policy from time to time. When we do, we will post the updated version on this page with a new "Last updated" date at the top.

If we make significant changes — particularly changes that affect how we process your demographic data (special category data under UK GDPR Article 9) — we will notify you by email or through the platform and ask for your explicit consent again before continuing to process that data. You may be required to review and re-accept the updated policy to continue using the service.

16. Contact us

If you have any questions about this privacy policy or how we handle your data, you can reach us at:

Email: contact@the-launchpoint.co.uk

Website: the-launchpoint.co.uk