Logo

Privacy Policy

Last updated: January 2026

B2B Service Only

1. Information We Collect

Account Information

When you register, we collect your company name, email address, and billing information (VAT ID, address). We store hashed passwords and do not have access to your plaintext passwords.

Usage Data

We collect data about your usage: files uploaded, storage consumed, bandwidth used, API calls made. This data is used for billing and service improvement.

File Content

Files you upload are stored on our infrastructure (MinIO) and distributed to the IPFS network per your request. We scan uploaded files for malware using ClamAV antivirus and compare file hashes against known illegal content databases (CSAM, malware). Scanning results are stored for audit and compliance purposes.

IP Address and Logs

We collect IP addresses for security and abuse prevention. Server logs are retained for up to 90 days for troubleshooting and analytics.

2. How We Use Your Data

  • Providing and operating the IPFS pinning service
  • Billing and invoice generation
  • Communicating about account status and service updates
  • Preventing fraud and abuse
  • Improving service reliability and performance
  • Complying with legal obligations

2.5 Legal Basis for Data Processing

Malware and Illegal Content Scanning

We process file hashes and scan results based on:

  • GDPR Article 6(1)(c): Legal obligation under EU Digital Services Act (DSA) and national regulations (e.g., NetzDG)
  • GDPR Article 6(1)(f): Legitimate interests in protecting our platform, users, and the public from malware, CSAM, and illegal content

File scanning is mandatory to comply with DSA Article 24 (due diligence obligations for content moderation) and to maintain platform security and legal compliance.

Account and Usage Data

Processing is based on GDPR Article 6(1)(b) (necessary for contract performance) and Article 6(1)(c) (legal obligations for tax and fraud prevention).

3. Data Retention

Account data
Retained for the duration of your account, plus 7 years for tax and legal compliance
File content
Retained as long as you keep files pinned; deleted within 30 days of account termination
Server logs
Retained for up to 90 days
Invoice and billing data
Retained for 10 years (German tax requirements)

4. Data Sharing and Third Parties

IPFS Network

When you pin content to IPFS, that content is distributed to the peer-to-peer IPFS network. This means your file's content hash (CID) becomes publicly discoverable. The actual file contents are encrypted and secured per your settings.

Payment Processors

We share necessary billing information with Stripe and other payment processors to process your payments. These processors are bound by their own privacy agreements.

Legal Obligations

We may disclose data if required by law, court order, or regulatory authority. We will attempt to notify you of such requests unless legally prohibited.

Service Providers

We use third-party service providers (cloud infrastructure, analytics, email) that process data on our behalf. These providers are contractually obligated to protect your data.

5. GDPR and Data Protection Rights

Under GDPR, business users have rights regarding their personal data:

Right to access
Request a copy of your data
Right to rectification
Correct inaccurate data
Right to erasure
Request deletion of your data (subject to legal obligations)
Right to data portability
Obtain your data in a structured format
Right to object
Object to certain processing

To exercise these rights, please contact us at privacy@ramunap.eu.

6. Data Security

We implement industry-standard security measures to protect your data:

  • HTTPS encryption for all communications
  • Database encryption at rest
  • Access controls and authentication (NextAuth.js)
  • Regular security audits
  • EU-hosted infrastructure (data residency in Germany)
Security Limitations

7. Cookies and Tracking

We use minimal tracking:

  • Session cookies for authentication (required for functionality)
  • Analytics cookies to understand how you use our service (optional, can be disabled)
  • No third-party advertising or tracking pixels

See our Cookie Policy for more details.

8. Changes to This Privacy Policy

We may update this policy at any time. We will notify you of material changes via email or by posting a notice on our website.

9. Contact and Complaints

For privacy-related inquiries:

Data Protection Officer / Privacy Team
privacy@ramunap.eu
GDPR Complaints
You have the right to lodge a complaint with your local data protection authority.