Privacy Policy

Effective: February 18, 2026

OnRampDLT ("we," "our," "us") is committed to protecting your privacy. This policy explains how we collect, use, and protect information when you use our platform at onrampdlt.com and onrampdlt.io.

Information We Collect

We collect only what's necessary to provide the service:

Email address — provided at checkout via Stripe, used to deliver your API key and send service communications.
Payment information — processed entirely by Stripe. We never see or store your card details.
API key usage — we log when your API key is used to detect abuse and enforce plan limits.
Wallet addresses — your XRP Ledger address is used to execute token operations you initiate. We do not control or have custody of any wallet.
Usage data — standard server logs (IP address, browser type, pages visited) retained for up to 30 days.

Non-Custodial by Design

OnRampDLT is 100% non-custodial. We never have access to your private keys, seed phrases, or wallet funds. All transactions are signed by you through your own wallet (XAMAN, Crossmark, or GemWallet). We cannot move, freeze, or recover your assets.

How We Use Your Information

To deliver your API key after purchase
To validate API key authenticity on the app
To send transactional emails (purchase confirmation, key recovery)
To detect and prevent abuse or fraud
To improve the platform based on aggregate usage patterns

Third-Party Services

Stripe — payment processing. Subject to Stripe's Privacy Policy.
Cloudflare — infrastructure, DDoS protection, and CDN. Subject to Cloudflare's Privacy Policy.
XRP Ledger — a public, decentralized blockchain. All on-ledger transactions are publicly visible by design.

Data Retention

We retain your email and API key record for the duration of your active subscription plus 90 days. You may request deletion at any time by contacting us — we'll remove your record within 7 business days, though this will deactivate your API key.

Your Rights

You have the right to:

Request a copy of the data we hold about you
Request correction or deletion of your data
Opt out of non-transactional communications

Blockchain Data

Transactions executed on the XRP Ledger are permanent and publicly visible. We cannot alter, reverse, or delete on-chain data. This is a property of the blockchain itself, not our platform.

Offering Documents

If you are an issuer conducting a securities offering through the platform, we collect and store any offering documents you upload, including Private Placement Memoranda (PPMs) and supporting materials such as subscription agreements, financial statements, and related offering materials.

These documents are retained for regulatory compliance purposes for a minimum of five (5) years following the close of the offering, or longer if required by applicable law. This retention obligation arises from Regulation D of the Securities Act of 1933 and related recordkeeping requirements.

Offering documents are not shared with third parties except: (a) as required by applicable law or in response to valid legal process; (b) as necessary to operate the platform and provide the services you have purchased; or (c) to authorized OnRampDLT personnel for compliance review purposes. Offering documents are stored in encrypted object storage. Access is restricted to authenticated requests from your account and authorized internal personnel.

Attestation Records

We maintain records of all attestations made on the platform, including:

Token declaration attestations — the certification made by issuers at the time of token creation declaring whether the token is a utility token or a security token (equity or debt)
Accredited investor self-certifications — the attestation made by investors certifying their accredited investor status under Rule 501 of Regulation D
Security token issuance certifications — the attestation made by issuers confirming accuracy of offering value, PPM contents, Form D filing obligations, and compliance with Regulation D

Each attestation record includes: the full text of the attestation at the time it was made, a UTC timestamp, and the account identifier of the user who made the attestation. These records are immutable once created and are not subject to user deletion requests, as they constitute regulatory compliance records.

Attestation records are retained for a minimum of five (5) years and may be disclosed to the SEC, FINRA, or other regulatory authorities in response to valid legal process or regulatory inquiry.

Compliance Records

We maintain the following records for regulatory compliance purposes:

Securities issuance records — records of all securities token issuances, including the declared offering value, securities issuance fee charged, XRPL issuer wallet address, and date of issuance
Investor access grants — records of investor invitations, trust line authorizations, and subscription confirmations for each bond or equity token offering
KYC and identity verification records — for 506(c) offerings, records of accredited investor verification status as returned by Stripe Identity (verification status and date only; underlying document images are not retained by OnRampDLT)
Fee payment records — records of securities issuance fees collected, including amount, date, offering identifier, and payment method

These records are retained for the minimum periods required by applicable law. Compliance records are not sold to third parties. You may request a copy of compliance records we maintain about you by contacting us at support@onrampdlt.com. Certain records that constitute required regulatory compliance documentation cannot be deleted in response to user requests.

All compliance records are stored in encrypted databases hosted on Cloudflare's infrastructure in compliance with our data processing agreements.

Contact

Privacy questions or data requests: support@onrampdlt.com