Privacy & data
OnRamp is designed to be privacy-respecting by default. This page explains what data is collected, where it is stored, and what you need to disclose to your users.
What OnRamp collects
Automatically collected
| Data | Purpose |
|---|---|
Event name (step_name) | Funnel and conversion tracking |
Timestamp (server_ts) | Time-series charts |
| Platform (iOS / Android / Web) | Breakdown filters |
| OS version | Segment analysis |
| App version | Regression detection |
| Device type | Segment analysis |
| Country and city | Geographic breakdown |
| Session ID | Grouping events into sessions |
| Anonymous ID | Identifying returning users |
IP addresses are used only to derive country and city, then discarded. They are never stored.
What you control
Properties attached via OnRamp.step() are entirely under your control. You choose what to include. Do not include PII (names, emails, phone numbers, government IDs) in properties.
Anonymous IDs
Anonymous IDs are random strings generated on first launch:
anon_9kxm2p3q7r8v
They are stored in localStorage (web) or AsyncStorage (mobile). They contain no name, email, or device identifier - nothing that directly identifies a person.
Pseudonymous, not anonymous
Anonymous IDs are pseudonymous identifiers, not truly anonymous ones. Under GDPR, a persistent identifier that can single out a specific device or user counts as personal data, even if you never know their name. OnRamp is a data processor - you, as the developer, are the data controller responsible for how these identifiers are used and retained.
In practice this means:
- If you use OnRamp for analytics targeting EU or UK users, include it in your privacy policy and consent flow.
- If a user requests erasure, submit a deletion request to privacy@getonramp.dev with their anonymous ID.
ID rotation and retention
Unlike HTTP cookies, localStorage and AsyncStorage have no built-in expiry - they persist until cleared. The OnRamp SDKs let you configure a maximum age for the anonymous ID. When the ID expires, a new one is generated and the old sessions are no longer linked.
The default is 365 days. To customise:
// Web / React
OnRamp.init({ apiKey: 'onr_xxx', anonymousIdMaxAgeMs: 180 * 24 * 60 * 60 * 1000 }) // 180 days
// React Native
await OnRamp.init({ apiKey: 'onr_xxx', anonymousIdMaxAgeMs: 365 * 24 * 60 * 60 * 1000 }) // 1 year
When the anonymous ID changes
- The configured
anonymousIdMaxAgeMsis reached (default: 365 days) - The user calls
OnRamp.newSession()(e.g. on logout) - The user clears app storage or uninstalls
No HTTP cookies
OnRamp uses localStorage (web) and AsyncStorage (mobile) - not HTTP cookies. This matters for two practical reasons:
- Browser restrictions don't apply. Third-party cookie blocking (Safari ITP, Firefox ETP, Chrome's deprecation) has no effect on OnRamp. Your analytics won't break as browsers tighten their cookie policies.
- No cookie-specific fingerprinting. OnRamp doesn't use cookies shared across origins, so it can't be used for cross-site tracking.
Do you need a consent banner?
Possibly, depending on your jurisdiction and how you use OnRamp.
The EU ePrivacy Directive (Article 5(3)) covers all client-side storage on users' devices - not just HTTP cookies. France's CNIL, the UK's ICO, and the EDPB have all confirmed that localStorage is subject to the same rules as cookies when used for analytics.
There is a "strictly necessary" exception: storage required purely to deliver a service the user explicitly requested (e.g. keeping a user logged in) does not need consent. Analytics and funnel tracking generally do not qualify for this exception.
In practice:
- If your users are in the EU or UK and you use OnRamp for analytics, you should include it in your consent management platform (CMP) or obtain consent before initialising the SDK.
- If your users are primarily in the US, there is no federal requirement, though some states (California, Colorado, Virginia) have their own rules around analytics data.
- Mobile apps have different rules - Apple's ATT framework and Google Play's data safety requirements have their own disclosure obligations separate from ePrivacy.
This is not legal advice
Regulations vary by jurisdiction and change over time. For specific compliance questions, consult a qualified privacy lawyer. This guidance reflects the regulatory landscape as of mid-2026.
GDPR considerations
OnRamp processes event data on your behalf. Under GDPR:
- You are the Data Controller - you decide what data to collect and why.
- OnRamp is the Data Processor - we process it only as you instruct via the SDK.
A Data Processing Agreement (DPA) is available on request at privacy@getonramp.dev.
Right to erasure
If a user requests deletion of their data, you can submit a deletion request by emailing privacy@getonramp.dev with the anonymous ID. We will delete all events associated with that ID within 30 days.
Data storage
| Data type | Storage | Location |
|---|---|---|
| Events (raw) | ClickHouse | EU |
| Session metadata | PostgreSQL | EU |
| Account data | PostgreSQL | EU |
No data is replicated outside the EU. No data is shared with third parties except sub-processors (hosting, email delivery).
Data retention
Raw event data is retained for the lifetime of your account, plus 90 days after account closure. You can request earlier deletion at any time.
What to put in your privacy policy
If you use OnRamp in your app, add a clause similar to:
We use OnRamp to collect anonymised usage analytics including the features you use and the steps you complete in our onboarding flow. This data is associated with a random device identifier, not your name or email address. It is stored on EU-based servers and retained for the duration of your account.
Contact privacy@getonramp.dev if you need a completed privacy addendum for your own privacy policy.
