Up to 5% in rewards with Onramp. Learn More →

Privacy Policy

Last updated April 20, 2026

Introduction

This privacy notice for Onramp Bitcoin LLC (“Onramp”) and its Affiliates (Onramp Bitcoin Statutory Trust, Onramp Bitcoin International Fund Ltd., Onramp Wealth LLC), collectively referred to as “Onramp” ("we," "us," or "our"), describes how and why we might collect, store, use, and/or share ("process") your information when you use our services (collectively, our "Services"), such as when you:

  • Visit our website at https://onrampbitcoin.com or engage in any online interaction with us.
  • Leverage an application as part of our Services (including mobile).
  • Engage with us in other related ways, including any sales, marketing, or events.

Reading this privacy notice will help you understand your privacy rights and choices. By using any of our Services, you acknowledge the privacy policies and practices we describe in this privacy notice. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us via email at support@onrampbitcoin.com or through any specified method as listed in this privacy notice.

Summary of Key Points

This summary provides key points from our privacy notice. You can find out more details regarding any of these topics by using the table of contents below to find the section you are looking for.

What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with Onramp and the Services, the choices you make, and the products and features you use.

Do we process any sensitive personal information? We may process sensitive personal information when necessary with your consent or as otherwise permitted by applicable law.

Do we receive any information from third party sources? We may receive information from public databases, marketing partners, social media platforms, and other outside sources.

How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so.

In what situations and with which types of parties do we share personal information? We may share information in specific situations and with specific categories of third parties.

How do we keep your information safe? We have organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information.

What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information.

How do you exercise your rights? The easiest way to exercise your rights is by contacting us at support@onrampbitcoin.com. We will consider and act upon any request in accordance with applicable data protection laws.

What information do we collect?

Personal Information You Disclose to us:

In Short: We collect personal information that you provide to us.

For example, we collect personal information that you voluntarily provide to us when you create an Onramp account, register or apply for any of our Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

  • Name(s)
  • Phone numbers
  • Email addresses
  • Mailing addresses
  • Job title(s)
  • Usernames
  • Passwords
  • Contact preferences
  • Contact or authentication data
  • Billing addresses
  • Debit/credit card numbers

Sensitive Information. When necessary, with your consent or as otherwise permitted by applicable law, we process the following categories of sensitive information:

  • Digital copies/photos of Government Issued Identification
  • Country of Citizenship
  • Identify Video Verification Footage
  • Social security Numbers (US Citizens)
  • Other information you choose to provide to us as part of identity verification.

Document Collection: The information we collect to verify your identity is done through two services. By using the Services, you acknowledge and agree that your information will be processed in accordance with their policies. You may find their privacy notices below:

Payment Data: We may collect data necessary to process your payment if you make purchases, such as your payment instrument number, and the security code associated with your payment instrument. All payment data is stored by Stripe. By using the Services, you acknowledge and agree that your information will be processed in accordance with their policies. You may find their privacy notices below:

Invoicing: We provide certain account and identifying information to the following services to facilitate the generation of invoices. By using the Services, you acknowledge and agree that your information will be processed in accordance with their policies. You may find their privacy notices below:

Information Automatically Collected

In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — are collected automatically when you visit our website and/or leverage our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (such as your name or contact information), but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. The primary use of this information is to maintain the security and operation of our Services and for our internal analytics and reporting purposes.

The information we collect includes:

  • Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called "crash dumps"), and hardware settings).
  • Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.
  • Location Data. We collect location data such as information about your device's location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services.

Information Collected From Other Sources

In Short: We may collect limited data from third-party sources in certain situations. This could include, but is not limited to identity or other verification services, public databases, marketing partners, and other outside sources.

In order to enhance our ability to provide relevant marketing, offers, and services to you and update our records, we may obtain information about you from other sources, such as public databases, joint marketing partners, affiliate programs, data providers, and from other third parties. This information includes mailing addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), Internet Protocol (IP) addresses, social media profiles, social media URLs, and custom profiles, for purposes of targeted advertising and event promotion.

Information We Collect from Third Parties. When you use our services, we collect the following information from third parties:

As for Usage Information, depending on your interaction with our Site or Platform, we or third-parties may collect:

  • Device details such as IP address, location, operating system, browser type, device identifiers, and more
  • Interaction details such as clicked links, viewed pages, email interactions, and other activity records
  • Information and data gathered by cookies and other technologies

Users can always refuse to supply Personal Data or Usage Information, except that it may prevent them from engaging in certain Site or Platform related activities.

Use of Information

This section details the primary purposes for which we use gathered Personal Data and Usage Information. This list includes, but is not limited to:

  • To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.
  • To deliver and facilitate the delivery of services to the user. We may process your information to provide you with the requested service.
  • To respond to user inquiries/offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.
  • To send administrative information to you. We may process your information to send you details about our products and services, changes to our terms and policies, and other similar information.
  • To fulfill and manage your Services. We may process your information to fulfill and manage your transactions, payments, and requests made through the Services.
  • To request feedback. We may process your information when necessary to request feedback and to contact you about your use of our Services.
  • To send you marketing and promotional communications. We may process the personal information you send to us for our marketing purposes, as long as this is in accordance with your marketing preferences. You can opt out of our marketing emails at any time.
  • To protect our Services. We may process your information as part of our efforts to keep our Services safe and secure, including fraud monitoring and prevention.
  • To identify usage trends. We may process information about how you use our Services to better understand how they are being used so we can improve them.
  • To determine the effectiveness of our marketing and promotional campaigns. We may process your information to better understand how to provide marketing and promotional campaigns that are most relevant to you.
  • To save or protect an individual's vital interest. We may process your information when necessary to save or protect an individual’s vital interest, such as to prevent harm.
  • Comply with the law. We use the information we have about you to comply with applicable laws, regulations, and contractual obligations. This includes, for example, conducting compliance and/or security checks, audits, or assessments, enforcing our contracts and agreements with our customers, or complying with applicable law enforcement obligations.
  • To operate and improve our use of artificial intelligence tools. We may process your information when it is input into or processed by artificial intelligence (“AI”) tools and services used by Onramp to support internal operations, service delivery, and workflow automation. This includes, for example, using AI tools to assist with drafting communications, analyzing documents, supporting compliance review, and improving operational processes. Where AI tools process personal information, we require those providers to maintain appropriate data security and confidentiality standards consistent with this Privacy Policy.

Protection of Information

At Onramp, we take our responsibility to protect the security and privacy of your Personal Data seriously. We are committed to maintaining the confidentiality, integrity, and security of your Personal Data and taking precautions to protect such information. We use reasonable and appropriate administrative, technical, and physical safeguards to protect information we have about you from loss, theft, and unauthorized use, access, modification, or destruction. We also require third party service providers acting on our behalf or with whom we share your information to maintain security measures consistent with industry standards in accordance with applicable data protection laws and regulations.

Additionally, to help protect your privacy and maintain security, we verify your identity before granting you access to your information or your account. Our verification methods include requesting that you log into your Onramp account, participate in a video call, and/or provide documents for identity verification. Notwithstanding our security safeguards, it is impossible to guarantee absolute security in all situations.

Sharing of Information

We do not sell, trade, or rent Users' Personal Data and Usage Information to others. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates, and advertisers for the purposes outlined in this Privacy Policy.

Moreover, we may share information that we collect or generate about current and former customers with certain third-parties, including:

Service Providers and Other Third Parties. We share information we have about you with third parties and service providers who assist us with administering the services. This may include, for example, Key Partners, stablecoin service providers, IT service providers, data storage providers, identity verification service providers, and marketing service providers. marketing service providers, and artificial intelligence tool providers. All such third parties are required to maintain security measures consistent with industry standards and applicable data protection laws

Artificial Intelligence Tools and Providers. Onramp uses third-party artificial intelligence tools and platforms (including large language models and AI-assisted workflow tools) to support internal business operations, compliance functions, and service delivery. In the course of using these tools, personal information may be processed by the AI provider. We take steps to limit the personal information shared with AI tools to what is reasonably necessary for the relevant task, and we require AI tool providers to maintain security and confidentiality standards consistent with applicable data protection requirements. We do not permit AI providers to use personal information processed on our behalf to train their general-purpose models without appropriate authorization. For a current list of the primary AI tool providers we use, please contact us at support@onrampbitcoin.com.

Across Our Companies. We share information across Onramp’s family of companies to, among other reasons, provide you with our services, prevent fraud, conduct identity verifications, comply with the law, in the event of a sale, merger, acquisition, or other liquidity event.

Business Transaction. In the event of a reorganization, acquisition, merger, divestment or other sale of some or all of our assets or stock, or other business decision or transaction, such activity may require and/or result in the sharing of your information as part of that transactional event.

Legal, Regulatory, Safety, and Compliance Purposes. In certain situations, we may be required to share your information as required by law. These situations may include, but are not limited to:

  • Complying with a subpoena or other legal process requests;
  • Protecting your rights;
  • Protecting your safety or the safety of others;
  • Investigating fraud; and
  • Responding to a government request.

Any third parties that we share your Personal Data with are limited by law and by contract in their ability to use your Personal Data. Onramp requires third party service providers acting on our behalf or with whom we share your information to provide appropriate security measures in accordance with industry standards and in compliance with this Policy, their privacy and security obligations, and any other appropriate confidentiality and security measures. However, we are not responsible for the privacy and data security practices of third parties outside of Personal Data we receive from or transfer to them.

International Data Transfers

Your Personal Data may be shared with or processed by us outside the country in which your Personal Data was collected. The laws on processing such Personal Data in these locations may be less stringent than in your country. It may also be processed by staff operating outside of your country. We will take all steps reasonably necessary and/or required by applicable data protection laws to ensure your Personal Data is treated in accordance with this notice and applicable law. Where required by applicable law, we implement appropriate safeguards for international transfers of personal data, including: (a) Standard Contractual Clauses approved by the European Commission (for transfers of personal data from the European Economic Area to third countries); and (b) the UK International Data Transfer Addendum issued by the Information Commissioner’s Office (for transfers of personal data from the United Kingdom). You may request a copy of the applicable transfer mechanism by contacting us at support@onrampbitcoin.com.

Data Retention

We will retain personal information we collect from you where we have a justifiable business need to do so and/or for as long as is needed to fulfill the purposes outlined in this Notice, unless a longer retention period is required or permitted by law (such as tax, legal, accounting or other purposes).

When we have no justifiable business need to process your personal information or there is no such required or permitted longer retention period, we will either delete or anonymize it. If deletion or anonymization is not possible (for example, your personal information may be stored in backup archives or for technical reasons), we will securely store your personal information and implement appropriate measures to prevent any further processing until deletion is possible.

If you request deletion of your personal information, we will consider your request in accordance with applicable laws.

Notwithstanding the foregoing, we retain records as required by applicable law, including without limitation the Bank Secrecy Act and its implementing regulations, which require retention of certain customer identification records, transaction records (including Currency Transaction Reports and Suspicious Activity Reports), and AML compliance program documentation for a minimum of five (5) years from the date of the record or the closing of the customer account, whichever is later. Deletion requests will not result in the deletion of records subject to these mandatory retention requirements. Our full records retention schedule is maintained in our BSA/AML Compliance Program.

Use of Cookies

When you access the website www.onrampbitcoin.com, you are granting permission for cookies to be used as described in this segment. You retain the right to revoke this consent by adhering to the instructions provided below. Please see our Cookie Policy for full details.

Your Privacy Rights

Users have the right to access their personal information, correct any inaccuracies, and request the deletion of their personal information. Users also maintain the right to opt-out of marketing communications. You also have the right to receive a copy of the personal information we hold about you in a portable format, and to object to or restrict certain types of processing. Where we process personal information based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing. Users may exercise these rights by reaching out to us at the contact information provided in this Privacy Policy submitting a request to support@onrampbitcoin.com. We will respond to verifiable requests within forty-five (45) days of receipt. We may extend this period by an additional forty-five (45) days when reasonably necessary, with prior notice. We may require you to verify your identity before processing your request. We will not discriminate against you for exercising any of the rights described in this Policy.

Users may exercise these rights by reaching out to us at the contact information provided in this Privacy Policy.

We do not direct or target any piece of our Platform to children under the age of 18. If we learn that we have collected data or personal information of anyone under the age of 18, we will take appropriate steps to delete this information. If you are a parent or guardian of someone under the age of 18 and discover that your child has submitted data or personal information to us, please reach out to us at the contact information provided in this Privacy Policy. We will make reasonable efforts to remove such information from our databases.

What legal basis do we rely on to process your information?

In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e. legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.

If you are located in California, this section applies to you:

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you the following rights in addition to those described above: (1) Right to Know: You may request the specific pieces and categories of personal information we have collected about you, the sources from which it was collected, the purposes for collection, and the categories of third parties with whom it has been shared; (2) Right to Delete: You may request that we delete personal information we have collected about you, subject to certain exceptions; (3) Right to Correct: You may request that we correct inaccurate personal information we maintain about you; (4) Right to Opt Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. If this practice changes, we will provide a “Do Not Sell or Share My Personal Information” link on our website; (5) Right to Limit Use of Sensitive Personal Information: You may direct us to limit our use of your sensitive personal information (including Social Security numbers, government-issued identification, and biometric data such as identity verification footage) to purposes necessary to perform the Services or as otherwise permitted under the CPRA; (6) Right of No Retaliation: We will not discriminate against you for exercising any of these rights. To exercise your rights, contact us at support@onrampbitcoin.com with the subject line “California Privacy Request.” We will respond to verifiable requests within forty-five (45) days. Additionally, under California Civil Code Section 1798.83 (Shine the Light), California residents may once per year request information about personal data disclosed to third parties for their direct marketing purposes. To make such a request, contact us at support@onrampbitcoin.com.

Additionally, under California’s Shine the Light Law (California Civil Code Section 1798.83) you have the right to request the following information regarding our disclosure of your Personal Data third parties for direct marketing purposes: (1) the categories of Personal Data we disclosed to third parties for their direct marketing purposes during the preceding calendar year; (2) the names and addresses of the third parties that received the information; and (3) if the nature of the third party’s business cannot be determined from their name, examples of the products or services they marketed. This information may be provided in a standardized form that is not specific to you. You are permitted to obtain this information from us once a year, free of charge. To make such a request, please submit your request in writing to the contact information provided in this Privacy Policy.

If you are located in the EU or UK, this section applies to you:

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:

  • Consent. We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time.
  • Performance of a Contract. We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you.
  • Legitimate Interests. We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may process your personal information for some of the purposes described in order to:
  • Send users information about special offers and discounts on our products and services
  • Analyze how our Services are used so we can improve them to engage and retain users
  • Support our marketing activities
  • Diagnose problems and/or prevent fraudulent activities
  • Understand how our users use our products and services so we can improve user experience
  • Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
  • Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as in situations involving potential threats to the safety of any person.

If you are located in Canada, this section applies to you:

We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time.

In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, including, for example:

  • If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way
  • For investigations and fraud detection and prevention
  • For business transactions provided certain conditions are met
  • If it is contained in a witness statement and the collection is necessary to assess, process, or settle an insurance claim
  • For identifying injured, ill, or deceased persons and communicating with next of kin
  • If we have reasonable grounds to believe an individual has been, is, or may be victim of financial abuse
  • If it is reasonable to expect collection and use with consent would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province
  • If disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records
  • If it was produced by an individual in the course of their employment, business, or profession and the collection is consistent with the purposes for which the information was produced
  • If the collection is solely for journalistic, artistic, or literary purposes
  • If the information is publicly available and is specified by the regulations

Modifications to Privacy Policy

Onramp has the discretion to update this Privacy Policy at any time without prior notice. When we do, we will revise the updated date at the bottom of this page. You acknowledge and agree that it is your responsibility to review this Privacy Policy periodically and become aware of modifications. For material changes to how we collect, use, or share personal information, we will provide notice via email or a prominent notice on our website at least thirty (30) days before the change takes effect. Your continued use of the Services after that date constitutes acceptance of the updated Policy. Non-material changes (such as corrections of contact information, formatting updates, or clarifications that do not affect the substance of our data practices) are effective upon posting.

Use of Artificial Intelligence Tools

Onramp uses artificial intelligence (“AI”) tools and platforms operated by third-party providers to support business operations, compliance functions, client communications, and internal workflows. This section describes how we handle personal information in connection with our use of these tools.

Types of AI Tools We Use. We may use AI tools for purposes including: drafting and reviewing internal documents and client communications; supporting compliance and risk review processes; analyzing operational data; automating workflow tasks; and improving the quality and efficiency of our service delivery. These tools may include large language models (LLMs) and other generative or predictive AI systems operated by third-party providers.

Personal Information Processed by AI Tools. In the course of using AI tools, personal information (including, in some cases, information provided by or relating to clients) may be input into or processed by those tools. We take reasonable steps to limit the personal information shared with AI tools to what is reasonably necessary for the task at hand. Onramp does not use AI tools for automated decision-making that produces legal or similarly significant effects on individuals without human review.

AI Provider Obligations. We require AI tool providers that process personal information on our behalf to: (a) maintain appropriate technical and organizational security measures; (b) use personal information only for the purposes for which it was shared; and (c) not use personal information processed on our behalf to train general-purpose AI models without authorization. These obligations are implemented through contractual agreements with our AI providers.

AI Tool Providers. Onramp currently uses third-party AI tools and platforms to support its operations. For a current list of primary AI tool providers, please contact us at support@onrampbitcoin.com.

Contact Us

If you have any questions about this Privacy Policy, the practices of this Site or Platform, or your dealings with this Site or Platform, please contact us at support@onrampbitcoin.com