Version: 1.0
Effective date: September 25, 2025
Controller: Lafitech UG (Rampa)
Contact: hello@rampa.cash
Registered address: Arnulfstr. 171, 80634 Munich, Germany
Supervisory authority: You may lodge complaints with your local authority or the competent authority in Germany.
1) Scope
This notice covers personal data processed when you use rampa.cash and the Rampa app.
2) What data we process
We design for data minimization. Depending on your use:
Account & app telemetry (pseudonymous): app/device identifiers, IP-derived country (for geo-blocking), session logs, settings, crash logs.
Wallet data: public keys, transaction metadata (hashes, amounts, token mints), risk screening results (e.g., sanctions exposure scores).
Support communications: messages and contact details you provide.
Website analytics (minimal): aggregated usage; we avoid third-party advertising cookies.
We do not store your private keys or seed phrases. We do not retain identity documents collected by on/off-ramp or card issuers.
3) Why we process data (GDPR Art. 6)
Provide and secure the app (Art. 6(1)(b) contract; Art. 6(1)(f) legitimate interests for security/fraud prevention).
Compliance and risk controls (Art. 6(1)(c) legal obligation; Art. 6(1)(f) legitimate interests), including geo-blocking, sanctions/PEP screening of wallet addresses, velocity limits, and responding to lawful requests.
Product analytics & improvement (Art. 6(1)(f) legitimate interests), using aggregated or pseudonymous data.
Communications (Art. 6(1)(b)/(f)) when you contact us.
Where required (e.g., certain cookies or marketing), we will seek consent (Art. 6(1)(a)).
4) Who receives data
Processors (under DPAs): hosting/ops providers, error telemetry, encrypted key-infra provider Para, analytics tooling, and security vendors.
Independent controllers (separate policies):
Transak (fiat on/off-ramp KYC/AML and payments),
Issuer/EMI (if you opt into the card program),
Jupiter / DEXes (when you execute swaps),
Blockchain analytics provider (sanctions/exposure screening),
Law enforcement or competent authorities where legally required.
5) International transfers
Where data is transferred outside the EEA/UK, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) and risk assessments.
6) Retention
Operational logs: typically 30–90 days.
Risk/decision records: typically ≥ 5 years or as required by law/partners.
Support records: for as long as needed to address your request and meet legal obligations.
7) Your rights
Subject to legal limits, you have the right to access, rectify, erase, restrict, object, and data portability. You can also withdraw consent where processing is based on consent.
Contact:hello@rampa.cash. You may also complain to your supervisory authority.
8) Cookies & tracking
We aim to use essential cookies only on the website (e.g., to serve pages securely). No third-party advertising cookies. If we introduce optional analytics cookies, we will present a consent banner.
9) Intellectual property
The app, website, logos, and content are owned by Lafitech or our licensors. You receive a limited, revocable license to use the app as provided and per these Terms.
10) Children
Rampa is for adults (18+) and is not intended for children.
11) Changes to the service or these Terms
We may update this privacy notice and will post the updated version with a new effective date. Material changes will be highlighted in-app or on our site.
12) Contact
Questions? Contact us at hello@rampa.cash