What You Forgot Costs More Than What You Built — Pre-Launch Checklist

What you forgot before launch breaks the launch more than what you built.

How expensive is one line of terms?

You think the service you built is perfect, so you press launch. 24 hours in, the first 5 users land. 30 minutes later, one of them sends a message. "You don't have terms of service?"

"Oh right," you think, starting a midnight Google search. A terms template shows up. Copy-paste. Quickly drop in a privacy policy too. But your service takes payments. The template has no refund policy. Cash receipts? Online sales registration number? The things you thought "I'll do later" become liabilities the moment users arrive.

What launch really means: "the start of my responsibility"

Many people confuse "launch" with deployment. Deployment is technical — push code to a server and you're done. But launch is different. Launch is "I am taking responsibility for this service" — a legal and social declaration.

The moment you start selling something, you're a business operator. In Korea, even without explicit business registration, selling goods or services online makes you effectively a business. And businesses have obligations.

• Operator transparency: terms of service, privacy policy, company (or personal) name
• Data handling disclosure: collecting name, email, payment info requires explicit consent. Sneaking it brings privacy fines.
• Payment and refund policy: the moment you accept payment, service delivery becomes obligatory. Refund conditions, payment cancellations, downtime handling.

Launch isn't "code to server" — it's "signing the trust contract between you and your users." Break it, and you lose trust faster than money.

4 Korean-environment musts

1. Business registration & online-sales registration

Selling online makes business registration mandatory. Some people think they're exempt; in Korea, once you sell, you're subject to filing. Business registration at the tax office (online OK). Online-sales registration at the city/province office or gov24. Both required, both free.

2. Privacy policy

Mandatory when collecting user email, name, payment info. Must include:

• What information is collected
• Why it's collected
• Where it's stored (include cloud names like AWS, Supabase)
• Whether you'll delete it on request

If the policy says "we use info for AI model training," you must keep that promise. If it's not stated, never do it. As of 2025, Korea is stricter about generative-AI privacy use.

3. Terms of service

"The contract between you and your users." Must include:

• Service scope (what you do and don't do)
• Refund policy (timeframe, conditions, % fee)
• Limits of liability (technical outages and losses)
• Right to suspend service

4. Payment gateway (PG)

Main vendors: Toss Payments, KG Inicis, PortOne. PortOne is a PG integration service — connect multiple PGs at once, and you can start payment testing in 3–5 business days. Initial signup around 200,000 KRW.

30-minute workflow to draft terms/policy with AI

Writing terms by hand takes long. With a lawyer review, longer. But used well, Claude or ChatGPT can produce a draft in 30 minutes.

Prompt step 1, set context

You are a legal advisor for a Korean SaaS startup.

My service:
- Name: [service name]
- Features: [features]
- Target users: [users]
- Pricing: [subscription / one-time]
- Payment methods: [methods]

Draft a privacy policy that complies with Korean law.

Prompt step 2, add custom items

Add the following:

(1) Data-subject rights (access / correction / deletion requests)
(2) Data retention period
(3) Specify Supabase storage
(4) Not used for marketing or AI training

Format compliant with Korean Personal Information Protection Act.

Prompt step 3, terms of service

Draft terms of service for the same service.

Include:
- Service scope
- Refund policy
- Service suspension conditions
- User responsibilities
- Limits of liability
- Terms-change procedure

Compliant with Korean E-Commerce Act.

AI-drafted terms aren't lawyer-grade but quite usable. Always review and edit core business policies like refunds yourself. Never lie with "reviewed by a lawyer."

Analytics setup: GA4 and PostHog

If you don't set up analytics before launch, you'll have zero visibility into "which button users press" after they arrive. Adding tracking later means losing prior data.

GA4 essentials (required)

1. Create Google Analytics account
2. Add web stream (your domain)
3. Copy Measurement ID
4. Drop GA4 tracking code in HTML head (or use GTM)
5. Test events in preview mode

Track only core events

"Just track everything" is wrong. Start with 3–5 events.

• sign_up: signup complete
• first_purchase: first payment
• feature_used: core feature used
• support_inquiry: support contact

PostHog is optional

If GA4 answers "where traffic came from," PostHog answers "what users did after arriving." Consider PostHog once you cross 100 users. Free tier: 1M events/month.

Pre-launch 30-item checklist

Technical (7)

• Domain purchase & DNS (A record, MX record)
• SSL certificate (HTTPS on)
• Server response time (TTFB under 2s)
• Mobile responsiveness check
• All links work
• Email delivery (signup confirm, password reset)
• Error log collection (Sentry etc.)

Legal/Compliance (8)

• Business registration done
• Online-sales registration done
• Privacy policy written and placed in footer
• Terms of service written and placed
• "Service provider info" listed (company, address, email, support)
• Cash receipt policy notice
• Refund policy stated (period, fees, process)
• Sub-processor disclosure (Supabase, Stripe, etc.)

Payments (4)

• PG signup complete
• 5+ test payments (success/fail/cancel)
• Real payment then refund tested
• Order confirmation email template checked

Analytics (3)

• GA4 installed and events confirmed
• Core events defined and tested
• Google Search Console registered

Marketing/Comms (5)

• Launch post drafted (ProductHunt, Disquiet)
• Social media accounts ready
• Customer feedback channel set up
• Auto-response email template
• Support first-response policy (target within 24h)

Security (3)

• Password minimum requirements (8 chars+, complexity)
• Session timeout (30 min+)
• DB backup automated

Wrapping up

Completed pre-launch checklist? You're now a "responsible business operator." Legally, technically, operationally ready for users.

What remains is launch and just after. Next: how to honestly get the first 100 users. Along with the truth that growth hacking is a lie.

References

1. PG service and payment integration guide — PortOne
2. Generative AI privacy processing guidelines — Korea PIPC
3. GA4 implementation & events — Google Analytics
4. Product Analytics for MVP — PostHog Documentation
5. AI-prompted privacy policy auto-review — DataGrail

Previous: The 1,000,000 KRW Mistake
Next: How to Honestly Get Your First 100 Users (Growth Hacking Is a Lie)

Minchul Kim, CEO of Freeive, Fail School