The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data refers to any data that can be used to personally identify you.
Who is responsible for data collection on this website?
The data processing on this website is carried out by the website operator. You can find their contact details in the imprint of this website.
How do we collect your data?
Your data is collected primarily when you provide it to us. This could, for example, be data that you enter into a contact form.
Other data is automatically collected, or collected with your consent, by our IT systems when you visit the website. This is primarily technical data (e.g., internet browser, operating system, or time of page visit). This data is collected automatically as soon as you enter our website.
Part of the data is collected to ensure the flawless delivery of the website. Other data may be used to analyze your user behavior, with the aim of improving our service.
You have the right at any time to obtain information free of charge about the origin, recipient, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent for data processing, you can revoke this consent at any time in the future. You also have the right, under certain circumstances, to request the restriction of the processing of your personal data, as well as the right to lodge a complaint with the competent supervisory authority.
We host the content of our website with the following provider:
This website is hosted on Microsoft Azure in the West Europe region (Netherlands). The personal data collected on this website is stored on the servers of the host. This can primarily include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access, and other data generated via a website.
External hosting is carried out for the purpose of contract fulfillment towards our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of a secure, fast, and efficient provision of our online services by a professional provider (Art. 6(1)(f) GDPR).
Our host will only process your data to the extent necessary to fulfill its service obligations and will follow our instructions regarding this data.
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this privacy policy.
The responsible entity for data processing on this website is:
You can reach our Data Protection Officer at: datenschutz@ramp.app
Unless a more specific retention period is stated within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods); in the latter case, the deletion will take place after these reasons cease to apply.
Many data processing operations are only possible with your explicit consent. You can revoke a consent that has already been given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Under the applicable legal provisions, you have the right at any time to obtain free information about your stored personal data, its origin and recipients, and the purpose of data processing, and if necessary, a right to correction or deletion of this data. For this and other questions on the topic of personal data, you can always contact us.
You have the right to receive data that we process automatically on the basis of your consent or in fulfillment of a contract, in a common, machine-readable format either for yourself or a third party. If you request the direct transfer of data to another controller, this will only be done insofar as it is technically feasible.
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority. This right exists without prejudice to any other administrative or judicial remedies.
Our website uses so-called “cookies.” Cookies are small text files that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device.
Cookies that are necessary for the provision of the electronic communications service (essential cookies) are stored on the basis of § 25(2) TTDSG. We have a legitimate interest in the storage of cookies for the technically error-free and optimized provision of our services. To the extent that consent for the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (§ 25(1) TTDSG, Art. 6(1)(a) GDPR); consent may be revoked at any time.
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
This data is not merged with other data sources. The collection of this data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website — for this purpose, the server log files must be collected.
When you send us inquiries via the contact form, your details from the inquiry form, including the contact information you provide there, will be stored with us for the purpose of processing the inquiry and in case of follow-up questions. We do not share this data without your consent. The processing of this data is based on Art. 6(1)(b) GDPR, insofar as your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of inquiries directed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if requested.
When you contact us via email or phone, your inquiry, including all resulting personal data (name, request), is stored and processed by us for the purpose of handling your concern. We do not share this data without your consent.
This website uses PostHog, a privacy-first analytics tool. PostHog collects anonymized usage data to improve the user experience. The data is processed in the PostHog EU Cloud (Frankfurt, Germany) and is not shared with third parties.
PostHog is only activated after you have given your consent (opt-in). The legal basis is Art. 6(1)(a) GDPR (consent). Without your consent, no analytics data is collected.
You can revoke your consent at any time by adjusting the cookie settings or by contacting us at datenschutz@ramp.app.
Our Promise: Your data belongs to you.
We use AI technologies exclusively for processing your requests. The following providers are integrated:
Anthropic (Claude) — San Francisco, USA
OpenAI (GPT) — San Francisco, USA
OpenRouter — with upstream providers (Google Gemini, Meta Llama, Mistral, etc.)
Legal basis: Processing is carried out on the basis of your consent (Art. 6(1)(a) GDPR). You explicitly consent to AI processing when using AI features on the platform. Without consent, no data is transmitted to AI providers.
Opt-out: You can opt out of AI processing at any time in your account privacy settings or by contacting datenschutz@ramp.app. In that case, AI-based features of the platform will no longer be available to you.
If you wish to subscribe to the newsletter offered on our website, we require your email address as well as information that allows us to verify that you are the owner of the provided email address and that you agree to receive the newsletter. Additional data will not be collected or will only be collected on a voluntary basis. The legal basis is Art. 6(1)(a) GDPR (consent).
You can revoke your consent at any time, for example through an “unsubscribe link” in the newsletter. The legality of the data processing already carried out remains unaffected by the revocation.
This website does not use third-party social media plugins that collect your data without your consent. External content is only loaded after you have given your explicit consent.
We use the following sub-processors for the provision of our services:
| Sub-Processor | Purpose | Location | Safeguards |
|---|---|---|---|
| Microsoft Azure | Hosting, compute, database | West Europe (NL) | DPA, EU data residency |
| Anthropic | AI processing (Claude) | USA | DPA, EU-US DPF, zero-retention API |
| OpenAI | AI processing (GPT) | USA | DPA, EU-US DPF, zero-retention API |
| OpenRouter | AI model routing | USA | DPA, SCCs |
| PostHog | Analytics | EU (Frankfurt) | DPA, EU data residency |
| Stripe | Payment processing | USA / Ireland | DPA, EU-US DPF, PCI DSS |
| Resend | Transactional email | USA | DPA, SCCs |
An up-to-date list of sub-processors can be requested at any time from datenschutz@ramp.app.
Some of our sub-processors are based in the United States. Data transfers to the USA are safeguarded by the following mechanisms:
We ensure that all third-country transfers comply with Chapter V of the GDPR. You can request copies of the applicable safeguards by contacting datenschutz@ramp.app.
We retain personal data only for as long as necessary to fulfill the purpose for which it was collected, or as required by law. The following standard retention periods apply:
| Data Category | Retention Period | Legal Basis |
|---|---|---|
| Account data | Duration of contract + 30 days | Art. 6(1)(b) GDPR |
| AI conversation logs | 90 days after last activity, or upon user deletion | Art. 6(1)(a) GDPR |
| Invoices & billing data | 10 years | § 147 AO, § 257 HGB |
| Server log files | 14 days | Art. 6(1)(f) GDPR |
| Contact form inquiries | Until processing is complete + 6 months | Art. 6(1)(b)/(f) GDPR |
| Analytics data (PostHog) | 12 months | Art. 6(1)(a) GDPR |
After the retention period expires, data is automatically deleted or anonymized, unless a longer retention is legally required.
We do not use fully automated decision-making processes within the meaning of Art. 22 GDPR that produce legal effects or similarly significantly affect you.
While AI-generated content is created automatically, all business-critical decisions (e.g., contract conclusion, account suspension, creditworthiness assessment) are always subject to human review.
Should we introduce automated decision-making processes in the future, we will inform you in advance and ensure your rights under Art. 22(3) GDPR (right to obtain human intervention, to express your point of view, and to contest the decision).
Last updated: April 20, 2026