Who owns the empire we build together?

You own everything—100% of the code, accounts, and profits. After final payment, we transfer the entire SaaS empire to your control. You become the sole owner of your money-printing machine.

Any sneaky fees lurking around?

Zero. Your investment covers our expertise. You handle third-party costs (hosting, AI, ads) directly in your own accounts for complete transparency. What you see is what you pay.

How bulletproof are your guarantees?

Bulletproof. Miss a milestone? We add free support. No customers after our marketing? We keep working free until get first customers. We put our money where our mouth is.

Can you really get customers before launch?

Absolutely. We build your customer magnet (waitlist) in week 1. While we code, we're collecting dream customers. Launch day becomes 'opening day' of your profitable empire, not a hope and a prayer.

Do we start with a strategy session?

Always. Every empire starts with a 30-minute strategy call to align on your vision, target customers, and success metrics. No payment until we're both confident this will print money.

Can I split payments?

Yes. You can pay in up to 6 installments. The first installment reserves your slot; the schedule is agreed in writing. Note: launch and handover timing assumes your installments stay current.

What do you need from me each week?

A 30-45 min weekly review, timely decisions (24-48h), and domain inputs (pricing, positioning, examples). We draft first; you approve.

Who pays for ad spend and marketing tools?

You do. We connect your ad accounts (Meta/Google/LinkedIn), email/CRM, and analytics so costs are billed directly to you for full transparency. If your plan includes an ad-credit match, we apply it in your account per the amount shown on the pricing card.

Do I own the leads and my ad data?

Yes—100%. All leads, audiences, pixels, and data live in your accounts. We don't resell or reuse your data.

Can you work on my existing codebase?

We'll do a quick audit and advise refactor vs. rebuild. If your current stack is solid, we keep it; otherwise, we rebuild for speed and long-term cost.

What if I already have an MVP?

Great. We'll audit it and recommend refactor vs. rebuild. Sometimes keeping the DB and rewriting the app yields the best outcome—your call with our guidance.

How do scope changes work?

We keep a shared backlog. If a new idea appears mid-build, we'll either (a) trade it for something of equal effort, or (b) schedule it for post-launch. No surprise change orders.

What happens if I pause and want to resume?

You can request a pause at the end of any paid month (14-day notice). Rescheduling depends on open slots—we'll place you in the next available cohort. If we're at capacity, we'll offer the earliest date and keep your scope/price on file.

How do you compensate for late deliverables?

If we miss an agreed milestone, we add the same amount of time to your post-launch support window at no extra cost (e.g., 7 days late → +7 days of support). This sits alongside any credit terms in your guarantee.

Will you set up analytics & tracking correctly?

Yes—events, funnels, source/medium, UTM discipline, and dashboards. You'll know which channels and messages convert.

What exactly counts as a qualified lead?

A contact that matches your ICP (industry/role/company size), passes verification (valid email/identity), and shows recent intent (clicked, replied, booked, or visited key pages). You'll see the rubric in your CRM.

Who writes the copy for the landing page and emails?

We draft it (with AI assist), tune it to your voice, and iterate based on data. You approve final versions.

Can I mix web and mobile in a single build?

Yes, depending on the plan/scope. If you need full parity across web + native, we'll quote it as Custom; otherwise we can ship web plus a slim mobile companion on Pro.

What about mobile apps and app-store publishing?

We support web and mobile. App-store developer accounts (Apple/Google) must be in your name; their fees are paid by you. We handle submissions if in scope.

Can I request special features (SSO, audits, big migrations)?

Yes—flag them early. Items like SSO/SAML, HIPAA/SOC2, or large data migrations may move the project to Custom so we can plan risk, timelines, and infrastructure.

After launch, can I choose maintenance only (no growth)?

Yes. We can provide a lightweight maintenance retainer, or hand everything to your team—your choice.

How do you ensure performance & reliability?

We define a performance budget, add monitoring/alerts, and test key flows before launch. Typical targets: Lighthouse ≥ 90 (mobile) and p95 interaction latency under a reasonable threshold for your app type.

Can I bring in my own designer/dev partway through?

Yes—as long as we keep a single source of truth (monorepo/design system) and one decision owner. We'll coordinate handoffs to avoid velocity loss.

Who pays for AI usage (model/API fees)?

You do. AI costs (e.g., OpenAI/Anthropic/Azure) run on your billing with budgets, caps, and alerts we configure. We also choose cost-effective models per task and cache results where possible.

If we pause, do you keep working on marketing?

No, the growth work pauses with the build.

Do you work in my time zone?

We operate async-first with a fixed weekly demo and a Slack/Hub channel. Typical response time is 24-48h on weekdays; urgent issues have a defined escalation path.

Data Processing Agreement (DPA)

This Data Processing Agreement governs the processing of personal data under GDPR, CCPA, and other applicable privacy laws.

GDPR/CCPA Compliance: This DPA ensures compliance with international data protection laws and defines our roles and responsibilities when processing personal data on your behalf.

1. Definitions

For the purposes of this DPA:

"Controller" means the Client who determines the purposes and means of processing personal data
"Processor" means SaaS Launchpad, processing personal data on behalf of the Controller
"Personal Data" means any information relating to an identified or identifiable natural person
"Processing" means any operation performed on personal data
"Data Subject" means the natural person whose personal data is being processed
"Supervisory Authority" means the relevant data protection authority

2. Scope and Application

This DPA applies when SaaS Launchpad processes personal data on behalf of the Client, including:

Development of applications that handle personal data
Implementation of analytics and tracking systems
Setup of marketing automation and CRM systems
Processing during support and maintenance activities
Any other services involving personal data handling

3. Roles and Responsibilities

3.1 Controller Responsibilities (Client)

Determine the lawful basis for processing personal data
Ensure compliance with data protection laws in their jurisdiction
Provide clear processing instructions to SaaS Launchpad
Conduct Data Protection Impact Assessments where required
Handle data subject requests and complaints
Maintain records of processing activities
Ensure adequate consents are obtained where required

3.2 Processor Responsibilities (SaaS Launchpad)

Process personal data only on documented instructions from the Client
Implement appropriate technical and organizational measures
Ensure confidentiality of personal data
Assist with data subject requests and compliance obligations
Notify the Client of any personal data breaches
Delete or return personal data upon termination
Maintain records of processing activities

4. Categories of Data and Processing Activities

4.1 Categories of Personal Data

Identity Data: Names, email addresses, phone numbers
Contact Data: Billing addresses, delivery addresses
Financial Data: Payment card details, bank account numbers
Transaction Data: Purchase history, payment amounts
Technical Data: IP addresses, login data, browser type
Usage Data: Information about how services are used
Marketing Data: Preferences for marketing communications

4.2 Categories of Data Subjects

Prospective customers and leads
Current and former customers
Website visitors and users
Business contacts and partners
Employees of client organizations

4.3 Processing Activities

Collection and storage of personal data
Analysis and profiling for business purposes
Communication and marketing activities
Payment processing and fraud prevention
Customer support and service delivery
Legal compliance and record keeping

5. Security Measures

5.1 Technical Safeguards

Encryption: Data encrypted in transit (TLS 1.3+) and at rest (AES-256)
Access Controls: Multi-factor authentication and role-based access
Network Security: Firewalls, intrusion detection, and monitoring
Data Backup: Regular encrypted backups with secure storage
Vulnerability Management: Regular security assessments and patching

5.2 Organizational Safeguards

Staff Training: Regular privacy and security training programs
Background Checks: Verification of personnel with data access
Confidentiality Agreements: All staff bound by confidentiality obligations
Incident Response: Documented procedures for security breaches
Vendor Management: Due diligence on all sub-processors

6. Sub-Processing

6.1 Authorized Sub-Processors

SaaS Launchpad may engage the following categories of sub-processors:

Hosting and Delivery: Vercel (hosting, edge delivery, logs)
Analytics Services: Google Analytics (GA4)
Email: Resend (delivery, analytics)
Scheduling: Calendly
Payment Processing: Stripe, PayPal (if applicable to a project)
Development Tools: GitHub (source control) as needed

6.2 Sub-Processor Requirements

All sub-processors must:

Provide adequate guarantees regarding technical and organizational measures
Be bound by data protection obligations equivalent to this DPA
Process personal data only for the purposes specified
Notify SaaS Launchpad of any security incidents
Submit to audits and inspections as required

6.3 Changes to Sub-Processors

Client will be notified of any new sub-processors with 30 days advance notice
Client may object to new sub-processors on reasonable grounds
If objection cannot be resolved, Client may terminate affected services
Current list of sub-processors available upon request

7. International Data Transfers

7.1 Transfer Mechanisms

Personal data may be transferred internationally using:

Adequacy Decisions: To countries deemed adequate by relevant authorities
Standard Contractual Clauses: EU/UK SCCs for other countries
Binding Corporate Rules: Where applicable for sub-processors
Certification Schemes: Privacy Shield successors or equivalent

7.2 Transfer Safeguards

Assessment of local laws in destination countries
Implementation of additional safeguards where necessary
Regular review of transfer mechanisms and adequacy
Suspension of transfers if safeguards become inadequate

8. Data Subject Rights

8.1 Assistance with Rights Requests

SaaS Launchpad will assist the Client in responding to data subject requests for:

Access: Providing copies of personal data
Rectification: Correcting inaccurate personal data
Erasure: Deleting personal data ("right to be forgotten")
Restriction: Limiting processing of personal data
Portability: Providing data in structured, machine-readable format
Objection: Stopping processing for direct marketing or legitimate interests

8.2 Response Timeline

Acknowledge receipt of rights requests within 72 hours
Provide necessary information within 30 days
Notify if extension is needed (maximum 60 days total)
Explain any limitations or refusals clearly

9. Data Breach Notification

9.1 Notification Requirements

To Client: Immediate notification (within 24 hours) of any personal data breach
Information Provided: Nature of breach, categories and number of records affected, likely consequences, measures taken
Ongoing Updates: Additional information provided as investigation progresses
Documentation: Written record of all breaches maintained

9.2 Breach Response

Immediate containment and assessment of the breach
Assistance with supervisory authority notifications
Support for data subject notifications where required
Cooperation with regulatory investigations
Implementation of additional safeguards to prevent recurrence

10. Audits and Compliance

10.1 Audit Rights

Client may audit SaaS Launchpad's compliance with this DPA
Audits conducted at reasonable intervals (typically annually)
30 days advance notice required for on-site audits
Client may use qualified third-party auditors
Costs borne by Client unless significant non-compliance found

10.2 Audit Documentation

SaaS Launchpad will provide:

Compliance certifications (SOC 2, ISO 27001, etc.)
Third-party security assessment reports
Documentation of technical and organizational measures
Sub-processor compliance documentation
Records of staff training and awareness programs

11. Data Retention and Deletion

11.1 Retention Periods

Personal data retained only as long as necessary for specified purposes
Retention periods defined in service agreements or as instructed by Client
Regular review and deletion of data no longer required
Backup data retention follows same principles with appropriate safeguards

11.2 Data Return and Deletion

Upon termination of services:

Return all personal data to Client in commonly used format
Delete all copies from SaaS Launchpad systems (including backups)
Provide certification of deletion upon request
Exception: Data required to be retained by law may be kept with appropriate safeguards

12. Liability and Indemnification

12.1 Data Protection Liability

Each party liable for damages caused by their own data protection violations
Joint and several liability where both parties are responsible
Right of contribution between parties based on degree of responsibility
Limitation of liability as specified in main service agreement

12.2 Regulatory Fines and Penalties

Party responsible for violation bears associated fines and penalties
Cooperation in challenging disproportionate or unfair penalties
Sharing of costs where both parties contributed to violation
Insurance coverage where available and appropriate

13. Term and Termination

13.1 Duration

This DPA remains in effect for the duration of personal data processing
Survives termination of main service agreement until data deletion
Certain obligations (confidentiality, audit rights) survive indefinitely

13.2 Termination Rights

Immediate termination for material breach of data protection obligations
30 days notice for non-material breaches with opportunity to cure
Termination if adequate safeguards for international transfers become unavailable

14. Amendments and Updates

This DPA may be updated to reflect:

Changes in applicable data protection laws
New regulatory guidance or requirements
Material changes to processing activities
Industry best practices and standards

Material changes require written agreement from both parties.

15. Governing Law and Jurisdiction

Governed by laws of the jurisdiction specified in main service agreement
Disputes resolved through same mechanisms as main agreement
Compliance with local data protection laws where processing occurs
Supervisory authority jurisdiction as determined by applicable law

Last updated: 9/2/2025

Effective date: 9/2/2025

This DPA ensures compliance with international data protection laws and provides a framework for responsible personal data processing. It forms an integral part of our service agreements and demonstrates our commitment to privacy protection.

Annex: Authorized Subprocessors — Resend, Calendly

Resend: email delivery (transactional/marketing), email analytics
Calendly: meeting scheduling

Data Processing Addendum (DPA)

This DPA applies when we process personal data on your behalf in connection with our services. For most US customers, this page serves as a summary. A signed DPA is available on request and will be incorporated into your agreement. If GDPR/UK GDPR applies to your use of the Services, our SCCs and the GDPR terms will govern international transfers.

To request a signed copy, contact us via the details in our Privacy Policy. We maintain appropriate technical and organizational measures and require the same from our subprocessors.

Current Subprocessors

Resend: email delivery (transactional/marketing), email analytics.
Calendly: meeting scheduling.
Vercel Inc. (US/global): hosting, edge/network delivery, logs and security. Privacy: link
Google LLC (US/global): Google Analytics (GA4) for website analytics. Privacy: link

We will notify customers of material changes to this list as required by applicable law.