LaunchTrust
Log inStart trial
01

Work from the cockpit, not a wall of copy.

The public checks sit inside one scan surface: choose a module, review the exact evidence, pick markets and keep the signed record.

Start trial Run free check
launchtrust.co / workspace / acme-store.com Passive public scan
27 detectorsPassive public-surface checks
35 rulesSourced registry
39 countriesMarket scope
ECDSA logSigned evidence records
01

Security first: public code, exposed files and email-auth posture

The first pass looks at what anyone can already fetch before a buyer, reviewer or attacker sees it.

Detected

Frontend secret exposure

Risky public patterns for OpenAI, Anthropic, Stripe live, AWS, Google, GitHub and private-key material.

OpenAIAnthropicStripe liveAWSGoogleGitHubprivate keys
Review

Exposed files and domain hygiene

Reachable .env and .git paths, CSP, frame protections, HTTPS/HSTS, security.txt, SPF and DMARC.

.env.gitCSPSPFDMARCHSTSsecurity.txt
02

One scanner for the promises around your launch

Each row is a check surface, not a legal conclusion. LaunchTrust is a compliance aid, not legal advice.

AI disclosureEU AI Act Art. 50, Apple 5.1.2, US chatbot duties."AI feature but no first-interaction notice."
Privacy and data protectionGDPR, KVKK/Türkiye, privacy-policy clause review."AI processing and deletion workflow are unclear."
Cookie and tracking consentConsent language, tracking scripts and control mismatch."Marketing scripts appear before a reject/settings path."
Consumer and ecommerceRefund, return, cancellation and withdrawal surfaces."Cancellation window and refund timing are missing."
AccessibilityLanguage, title, image alt text, form labels and zoom behavior."Signup inputs have no associated labels."
App-store readinessApp Store, Play data-safety and listing alignment."Store listing links to a policy that misses the AI feature."
03

Choose markets, then monitor what changes

Paid plans watch public pages, headers, store listings, DNS email-auth records, policy links and visible JavaScript bundles.

Security hook

Catch accidental exposure

Flag risky key patterns, open files and missing email-auth records before launch traffic.

Monitoring

Know what changed

Email, Slack or CI webhook alerts when a signed scan changes.

Registry

Select target markets

39 countries mapped across 8 public-surface categories.

United StatesEuropean UnionUnited KingdomTürkiyeCanadaBrazilJapanAustralia
AI disclosurePrivacy and dataCookie and trackingConsumer and refundsAccessibilitySecurity postureStore readinessSigned evidence
04

Designed for evidence, not vibes

Paid scans preserve what LaunchTrust saw, when it saw it and how the canonical record was signed.

ScanFetch the public page, DNS signal or store listing.
DetectRun AI, privacy, commerce, a11y, appsec, email-auth and store checks.
RecordStore dated findings with public evidence and page hash.
AlertNotify when monitored evidence changes.
VerifyDownload a signed record that can be independently checked.
issuerLaunchTrust
modulepre-submission trust scan
scopepublic signals only
legal frameaid, not advice
{"signed_at":"2026-06-19","version":"v1"} Verify a signed record