Version: 1.0
Effective date: September 25, 2025
Controller: Lafitech UG (Rampa)
Contact: hello@rampa.cash
Registered address: Arnulfstr. 171, 80634 Munich, Germany
Supervisory authority: You may lodge complaints with your local authority or the competent authority in Germany.
This notice covers personal data processed when you use rampa.cash and the Rampa app.
We design for data minimization. Depending on your use:
Account & app telemetry (pseudonymous): app/device identifiers, IP-derived country (for geo-blocking), session logs, settings, crash logs.
Wallet data: public keys, transaction metadata (hashes, amounts, token mints), risk screening results (e.g., sanctions exposure scores).
Support communications: messages and contact details you provide.
Website analytics (minimal): aggregated usage; we avoid third-party advertising cookies.
We do not store your private keys or seed phrases. We do not retain identity documents collected by on/off-ramp or card issuers.
Provide and secure the app (Art. 6(1)(b) contract; Art. 6(1)(f) legitimate interests for security/fraud prevention).
Compliance and risk controls (Art. 6(1)(c) legal obligation; Art. 6(1)(f) legitimate interests), including geo-blocking, sanctions/PEP screening of wallet addresses, velocity limits, and responding to lawful requests.
Product analytics & improvement (Art. 6(1)(f) legitimate interests), using aggregated or pseudonymous data.
Communications (Art. 6(1)(b)/(f)) when you contact us.
Where required (e.g., certain cookies or marketing), we will seek consent (Art. 6(1)(a)).
Processors (under DPAs): hosting/ops providers, error telemetry, encrypted key-infra provider Web3Auth, analytics tooling, and security vendors.
Independent controllers (separate policies):
Transak (fiat on/off-ramp KYC/AML and payments),
Issuer/EMI (if you opt into the card program),
Jupiter / DEXes (when you execute swaps),
Blockchain analytics provider (sanctions/exposure screening),
Law enforcement or competent authorities where legally required.
Where data is transferred outside the EEA/UK, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) and risk assessments.
Operational logs: typically 30–90 days.
Risk/decision records: typically ≥ 5 years or as required by law/partners.
Support records: for as long as needed to address your request and meet legal obligations.
Subject to legal limits, you have the right to access, rectify, erase, restrict, object, and data portability. You can also withdraw consent where processing is based on consent.
Contact:hello@rampa.cash. You may also complain to your supervisory authority.
We aim to use essential cookies only on the website (e.g., to serve pages securely). No third-party advertising cookies. If we introduce optional analytics cookies, we will present a consent banner.
The app, website, logos, and content are owned by Lafitech or our licensors. You receive a limited, revocable license to use the app as provided and per these Terms.
Rampa is for adults (18+) and is not intended for children.
We may update this privacy notice and will post the updated version with a new effective date. Material changes will be highlighted in-app or on our site.
Questions? Contact us at hello@rampa.cash