Privacy Policy

CanLaunch is a software platform that helps Canadian space launch operators build their Transport Canada Authorization to Launch (ATL) submission packages. This policy describes what personal information we collect, how we use it, where it is stored, and the choices you have under the Personal Information Protection and Electronic Documents Act (PIPEDA).

• Identifiers you provide when you sign up: email, name, company name, role, optional phone, country, and company website.
• Application content you enter into the ATL workflow — vehicle, payload, trajectory, site, safety, and compliance fields.
• Operational metadata: timestamps of edits, section completion status, PDF export versions, and SHA-256 hashes of exported submissions.
• Mission API connection preferences (which third-party feeds you authorise, e.g. CelesTrak, OpenSky, Open-Meteo).
• Standard server logs: IP address, user agent, request path, and timestamps — kept for 30 days for security.

We do not collect payment information at this time. We do not use third-party analytics that profile individual visitors.

• To operate the CanLaunch platform — render your missions, your application data, and your exports.
• To authenticate you via Auth.js magic-link sign-in (Resend is our email provider).
• To produce versioned, audit-stamped TC submission PDFs that you control.
• To investigate security incidents and respond to law-enforcement requests permitted under PIPEDA s.7(3).

We do not sell personal information. We do not share application content with third parties without your written instruction (e.g. when you choose to email a PDF to Transport Canada).

• Application database — Neon Postgres (region selected at provisioning, currently US-East). Encrypted in transit (TLS 1.3) and at rest (AES-256).
• Hosting / edge — Vercel.
• Email delivery — Resend.
• Map tiles — Mapbox.

Cross-border transfer notice: by using CanLaunch you acknowledge that your data may be processed and stored in the United States. We are working toward a Canada-region deployment.

You have the right to access, correct, and delete your personal information, to withdraw consent at any time, and to file a complaint with the Office of the Privacy Commissioner of Canada. To exercise any of these rights, email privacy@canlaunch.space.

Account and mission data are retained for as long as your account is active. Deleting your account removes all personal information and application content within 30 days, except for export audit records that we retain in hashed form for 24 months for compliance reasons.

We use a single first-party session cookie for authentication. We use browser local storage to remember the role you selected on launch-day dashboards. We do not set advertising or cross-site tracking cookies.

When we make material changes we post the update here and, for substantive changes, notify registered users by email.

Questions about this policy or about your data: privacy@canlaunch.space.