Our Approach to GDPR
RamOnly is designed with privacy-by-design principles that exceed GDPR requirements. Our RAM-only architecture means we process minimal personal data, and what we do process cannot persist beyond your active session.
Lawful Basis for Processing
We process personal data under the following lawful bases:
- Contract Performance (Article 6(1)(b)) — Processing necessary to provide the VPN service you subscribed to
- Legitimate Interests (Article 6(1)(f)) — Fraud prevention and service security
- Legal Obligation (Article 6(1)(c)) — Tax and billing compliance
Your Rights Under GDPR
Right of Access (Article 15)
You can request a copy of all personal data we hold about you. Due to our architecture, this is limited to: email address, subscription status, and billing records.
Right to Rectification (Article 16)
You can update your account information at any time through your dashboard, or by contacting support.
Right to Erasure (Article 17)
You can delete your account and all associated data. VPN usage data cannot be deleted because it was never stored in the first place.
Right to Data Portability (Article 20)
You can export your account data in JSON format from your dashboard.
Right to Object (Article 21)
You can opt out of marketing communications at any time.
Data We Process
| Data Type | Purpose | Retention |
|---|---|---|
| Email Address | Account & Communications | Until account deletion |
| Password (hashed) | Authentication | Until account deletion |
| Payment Info | Billing | 7 years (legal requirement) |
| VPN Session Data | Service Delivery | Not stored (RAM only) |
International Transfers
Account data may be processed in data centers outside the EU. We ensure adequate protection through:
- Standard Contractual Clauses (SCCs)
- Data processing agreements with all vendors
- Encryption in transit and at rest
Data Protection Officer
For GDPR-related inquiries, contact our Data Protection Officer:
- Email: [email protected]
- Response time: Within 30 days as required by GDPR
Supervisory Authority
You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated. We encourage you to contact us first so we can address your concerns.