Privacy Policy

Version 1.1 · Last updated: 23 May 2026 · Next review: 23 November 2026

1. Who We Are

RapidLaunch provides website development, hosting, and related services. We are based in Cahir, Co. Tipperary, Ireland. For data protection matters, contact our Data Protection Officer at dpo@rapidlaunch.ie — please mark subject as "Data Protection Inquiry". We will respond within 30 days.

2. Personal Data We Collect

We collect only the data you provide to us or that is generated through normal website operation:

CategoryData CollectedSource
Contact form submissionsName, email, company, phone, message content, IP address, consent preferencesContact form on www.rapidlaunch.ie
Account registrationName, email, password (hashed), billing informationClient portal registration
Website usageIP address, browser type, pages visited, referral source, timestampsAutomatic server logging
CommunicationEmail content, support ticket messages, phone call recordsEmail and support system
CookiesSession identifiers, consent preferencesBrowser cookies (with your consent)

3. How We Use Your Data

We use your data only for these specific purposes:

We never sell your personal data. We never share it with third parties for their marketing purposes.

4. Legal Basis for Processing (GDPR Article 6)

PurposeLegal Basis
Providing website servicesContract performance (GDPR Art. 6(1)(b))
Responding to inquiriesLegitimate interest (GDPR Art. 6(1)(f))
Sending marketing communicationsConsent (GDPR Art. 6(1)(a)) — you can withdraw anytime
Legal complianceLegal obligation (GDPR Art. 6(1)(c))

5. Data Retention — Automated System

We retain your data only as long as necessary. Our automated compliance system enforces these retention periods. See our Data Retention Policy for the complete schedule.

Data TypeRetention PeriodAfter Expiry
Lead/enquiry data2 years after last contactAnonymised (name and email removed)
Marketing consent recordsDuration of consent + 1 year after withdrawalAnonymised
Server access logs30 daysPermanently deleted
Account data (active clients)Duration of account + 2 yearsAnonymised
Ticket/support messagesDuration of account + 1 yearAnonymised
Billing records6 years (Revenue requirements, Finance Act)Retained as required by law
Cookie consent records1 yearDeleted

Before any permanent deletion, data is first archived to encrypted cold storage. Data under legal hold (active disputes, unresolved GDPR requests) is exempt from all purges.

6. Data Sharing & Sub-Processors

We share your data only with essential service providers. See our Sub-Processors Register for the complete list with safeguards.

7. International Data Transfers

Our primary infrastructure (server hosting, databases) is located within Ireland and the European Economic Area. However, some of our essential sub-processors operate globally:

All international transfers are governed by the safeguards described in our Sub-Processors Register. Where SCCs are used, you may request a copy by contacting our DPO. We will notify you before engaging any new sub-processor that would change these arrangements.

8. Your GDPR Rights

You have the following rights under the General Data Protection Regulation:

RightWhat It MeansHow To Exercise
Right of AccessRequest a copy of all data we hold about youData request form
Right to RectificationCorrect inaccurate dataEmail dpo@rapidlaunch.ie
Right to ErasureDelete your data ("right to be forgotten")Data request form
Right to Restrict ProcessingLimit how we use your dataEmail dpo@rapidlaunch.ie
Right to Data PortabilityReceive your data in a machine-readable formatData request form
Right to ObjectObject to processing based on legitimate interestsEmail dpo@rapidlaunch.ie
Right to Withdraw ConsentWithdraw marketing consent at any timeConsent preferences

We will respond to all requests within 30 days as required by GDPR.

9. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects concerning you.

10. Logging and Technical Data

When you visit our website or use our services, we automatically collect technical data including your IP address, browser type and version, operating system, pages visited, session identifiers, and request timestamps. This data is processed for security monitoring (detecting brute force attacks, SQL injection attempts, and other threats), service optimisation, and debugging purposes.

Our logging system retains this data for varying periods depending on category (typically 7–30 days for security logs, up to 365 days for payment-related logs). This processing is based on our legitimate interests in maintaining the security and integrity of our systems. You have the right to object to this processing. A documented Legitimate Interest Assessment is available at /legitimate-interest or on request.

11. Authentication (Magic Links)

We use secure, time-limited magic links for client portal authentication. When you request a login link, we generate a unique one-time token sent to your email address. Access attempts are logged including IP address and timestamp to detect unauthorised access. These tokens expire after use or after a set period, typically 24 hours.

12. Staging and Preview Environments

When clients are invited to preview websites before launch, we provide access via a secure staging portal. This portal records feedback, IP addresses, and access timestamps. Staging access is controlled through unique tokens and may require a password. Preview environments are not indexed by search engines and are accessible only to authorised recipients.

13. Cookies

We use cookies across four categories:

When you first visit our website, a cookie consent banner appears. No analytics or marketing cookies are set until you explicitly accept them. You can change your preferences or withdraw consent at any time by clicking the "Cookie Settings" button in the bottom-left corner of our website.

See our Cookie Policy for a complete list of every cookie we use, or visit our Cookie Audit for a live, real-time verification.

14. Security Measures

We implement appropriate technical and organisational security measures including: HTTPS/TLS encryption for all data in transit, encrypted cold storage for archived data, access controls on databases, automatic IP-based brute force detection and blocking, regular security audits, and employee confidentiality agreements.

Where we rely on legitimate interests as a legal basis for processing, we have conducted a Legitimate Interest Assessment (LIA). View our LIA or request a copy from our DPO.

15. Right to Lodge a Complaint

If you believe we have processed your data in violation of GDPR, you have the right to lodge a complaint with the Irish Data Protection Commission:

16. Changes to This Policy

We review this policy every 6 months. Changes are tracked in our Changelog. If we make material changes, we will notify you by email.

17. Contact

Data Protection Officer: dpo@rapidlaunch.ie (subject: "Data Protection Inquiry")
General inquiries: support@rapidlaunch.ie
Address: RapidLaunch, Cahir, Co. Tipperary, Ireland