Crypto Wallet
For Business

Crypto Payment

Institutional Exchange Services

Fiat On/Off Ramp
Company

Contact Us

About Us

Join Our Team

Regulatory & Compliance

Data Storage and Privacy Policy

MDF AG — Modern Digital Finance

Freigutstrasse 22, 8002 Zurich, Switzerland

Version 2.0 | May 2026

Please read this Data Storage and Privacy Policy carefully. By creating an MDF AG Account or using our platform, you confirm that you have read, understood, and agree to the practices described in this policy. If you do not agree, you must not use our services.

 

PART 1 — ABOUT MDF AG AND THIS POLICY

1. About MDF AG

1.1 MDF AG (referred to in this Policy as ‘MDF AG’, ‘we’, ‘us’ or ‘our’) is a company incorporated in Switzerland, registered at Freigutstrasse 22, 8002 Zurich, Switzerland (company registration number CHE-323.398.672). MDF AG is a financial intermediary affiliated with a Swiss self-regulatory organisation and operates as a Virtual Asset Service Provider under the applicable Swiss framework.

1.2 This Policy explains how we collect, use, store, share, and protect the personal data of our clients and users in connection with our platform and services. It also sets out your rights in relation to your personal data and how you may exercise them.

1.3 If you have any questions about this Policy or our data practices, you may contact us at compliance@onramp.exchange.

 

2. Scope of This Policy

2.1 This Policy applies to all personal data collected and processed by MDF AG in connection with the provision of our crypto-asset exchange, execution, transfer, and settlement services, as well as client onboarding, account management, and related operational services.

2.2 This Policy applies to individuals who open an MDF AG Account, use our platform or website, or otherwise interact with us in connection with our services. It does not apply to data held by third-party service providers acting independently of MDF AG.

 

PART 2 — DATA WE COLLECT

3. Types of Personal Data Collected

3.1 In providing our services, MDF AG collects and processes the following categories of personal data:

  • Identity data: first name, last name, date of birth, and nationality.
  • Contact data: email address, telephone number, and postal address.
  • Account data: username, account credentials, and profile information.
  • Tax File Number or Information: only when required under local regulations.
  • Identity verification data: copies of government-issued identity documents, proof of address, and, where applicable, tax identification numbers required under applicable law in your jurisdiction.
  • Transaction data: details of transactions you carry out through our platform, including amounts, currencies, dates, and counterparty information.
  • Technical data: internet protocol (IP) address, browser type and version, device identifiers, time zone setting, and other technical information collected automatically when you access our platform.
  • Usage data: information about how you access and use our platform, including pages visited, actions taken, and session duration.
  • Communications data: records of correspondence between you and MDF AG, including support enquiries and complaints.

3.2 Where we require certain personal data to provide our services and you choose not to provide it, we may be unable to open an account for you or to provide some or all of our services.

3.3 We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected such data, please contact us immediately at compliance@onramp.exchange.

 

4. Cookies and Similar Technologies

4.1 Our website uses cookies and similar technologies to enable the operation of our platform, to improve its performance, and to collect analytical information about how it is used.

4.2 Cookies are small data files placed on your device when you visit our website. We use both first-party cookies (set by us) and third-party cookies (set by our service providers). Some cookies are strictly necessary for the operation of our platform and cannot be disabled. Others are used for analytical or functional purposes and can be managed through your cookie preferences.

4.3 We may also use similar tracking technologies such as web beacons or pixel tags to understand how our platform is used and to improve the experience we offer.

4.4 You may control the use of non-essential cookies by adjusting your preferences through the cookie consent tool on our website or by modifying your browser settings. Please note that restricting certain cookies may affect the functionality of our platform.

4.5 We do not use cookies or tracking technologies for the purposes of serving targeted third-party advertising.

4.6 For further information about our use of cookies, please refer to our Cookie Policy, available on our website.

 

PART 3 — HOW WE USE YOUR DATA

5. Purposes of Processing

5.1 We process personal data for the following purposes:

  • To open and manage your MDF AG Account and to provide the services you have requested.
  • To verify your identity and to carry out client due diligence and ongoing monitoring as required by our obligations as a regulated financial intermediary.
  • To process transactions and to maintain accurate records of transactions carried out through our platform.
  • To communicate with you about your account, your transactions, and any changes to our services or terms.
  • To detect, investigate, and prevent fraud, financial crime, and other unlawful activity.
  • To comply with our obligations to the relevant Swiss self-regulatory organisation, competent authorities, and other bodies as required.
  • To respond to complaints and to manage disputes.
  • To maintain the security and integrity of our platform and systems.
  • To carry out analytics and to improve our platform and services.

5.2 We process your personal data only for the purposes set out above. Where we intend to use your data for a materially different purpose, we will notify you in advance.

 

6. Legal Basis for Processing

6.1 We process your personal data on one or more of the following grounds:

  • Contract: processing is necessary for the performance of our agreement with you, or to take steps at your request before entering into such an agreement.
  • Legal obligation: processing is necessary for us to comply with our obligations as a regulated financial intermediary, including client identification, transaction monitoring, record-keeping, and reporting obligations.
  • Legitimate interests: processing is necessary for our legitimate interests, including maintaining the security of our platform, preventing fraud and financial crime, and improving our services, provided those interests are not overridden by your rights.
  • Consent: where we rely on your consent as the basis for processing, you may withdraw that consent at any time by contacting us at compliance@onramp.exchange. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

 

PART 4 — DATA SHARING AND TRANSFERS

7. Sharing Your Data

7.1 We do not sell your personal data to third parties.

7.2 We may share your personal data with the following categories of recipients where necessary for the purposes described in this Policy:

  • Service providers: third parties engaged by us to support the delivery of our services, including technology providers, identity verification providers, payment processors, and cloud hosting providers. These parties are authorised to process your data only in accordance with our instructions and are subject to appropriate confidentiality and data protection obligations.
  • Financial and banking partners: counterparties, liquidity providers, correspondent banks, and payment networks involved in the execution or settlement of your transactions.
  • Our self-regulatory organisation: as required in connection with our affiliation and ongoing supervisory obligations.
  • Competent authorities and regulators: law enforcement, courts, and regulatory or supervisory authorities where we are required or permitted to disclose your data under applicable law, or where disclosure is necessary to protect the rights, property, or safety of MDF AG, our clients, or others.
  • Group companies: affiliated entities within the MDF AG group where necessary for operational, compliance, or risk management purposes.

7.3 We will notify you of any sharing of your personal data beyond the categories described above, unless we are prohibited from doing so by applicable law.

 

8. International Transfers

8.1 In providing our services, your personal data may be transferred to and processed in countries other than Switzerland. Where such transfers occur, we take appropriate steps to ensure that your data is protected to a standard equivalent to that applied in Switzerland, including by putting in place contractual or other safeguards with the relevant recipients.

8.2 You may request further information about international transfers and the safeguards applied by contacting us at compliance@onramp.exchange.

 
PART 5 — DATA RETENTION

9. How Long We Keep Your Data

9.1 We retain your personal data for as long as is necessary for the purposes for which it was collected and processed, including to fulfil our contractual obligations to you and to comply with our legal and regulatory obligations.

9.2 In particular:

  • Personal data collected in connection with your account and transactions will be retained for a period of ten years from the end of the business relationship or from the date of the relevant transaction, in accordance with our record-keeping obligations as a regulated financial intermediary.
  • Data retained solely on the basis of your consent will be deleted upon withdrawal of that consent, unless another ground for retention applies.
  • Data retained for legitimate interest purposes will be held for as long as those interests remain relevant, subject to your right to object as described in Part 6 of this Policy.

9.3 Where retention is no longer necessary and no other ground applies, personal data will be securely deleted or anonymised.

9.4 Please note that certain rights, including the right of access and the right to erasure, cannot be exercised in respect of data that we are required to retain under applicable law.

 

PART 6 — YOUR RIGHTS

10. Your Rights in Relation to Your Personal Data

10.1 Subject to applicable law, you have the following rights in relation to your personal data:

  • Right of access: you have the right to request a copy of the personal data we hold about you and to receive information about how it is processed.
  • Right to rectification: you have the right to request that we correct inaccurate or incomplete personal data.
  • Right to erasure: you have the right, in certain circumstances, to request that we delete your personal data. This right does not apply where we are required to retain data to comply with a legal obligation.
  • Right to restriction: you have the right, in certain circumstances, to request that we restrict the processing of your personal data to storage only.
  • Right to data portability: where processing is based on your consent or on a contract with you, and is carried out by automated means, you have the right to receive your personal data in a structured and machine-readable format and to request that it be transmitted to another organisation where technically feasible.
  • Right to object: you have the right to object to processing based on our legitimate interests. We will cease such processing unless we can demonstrate compelling grounds that override your interests, or where processing is necessary for the establishment, exercise, or defence of legal claims.
  • Right to withdraw consent: where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect processing carried out before withdrawal.

10.2 To exercise any of these rights, please contact us at compliance@onramp.exchange. We will respond to your request as soon as possible and in any event within 30 days of receipt. We reserve the right to ask you to verify your identity before processing your request.

10.3 If you are not satisfied with how we have handled your personal data or responded to your request, you have the right to lodge a complaint with the competent supervisory authority in Switzerland.

 

PART 7 — SECURITY AND SYSTEM OPERATIONS

11. Security Measures

11.1 We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures take into account the nature of the data and the risks associated with its processing.

11.2 Access to your personal data within MDF AG is limited to those personnel and service providers who require it for the purposes described in this Policy, and is subject to appropriate confidentiality obligations.

11.3 Despite these measures, no data transmission or storage system can be guaranteed to be completely secure. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately at compliance@onramp.exchange.

 

12. System Logs and Maintenance

12.1 For operational and maintenance purposes, our platform and any third-party services we use may collect and store log files recording interactions with our platform. These may include technical information such as IP addresses, browser types, and session data. This information is used solely for operational and security purposes and is retained in accordance with our standard data retention practices.

 

PART 8 — CHANGES AND CONTACT

13. Changes to This Policy

13.1 We reserve the right to update this Policy from time to time to reflect changes in our data practices, our services, or applicable requirements. Where changes are material, we will notify you by sending an email to the primary email address registered to your MDF AG Account.

13.2 Proposed changes will take effect 60 days after the date the change notice is deemed received, unless you notify us of an objection before that date. Changes that are more favourable to you may take effect immediately if stated in the change notice.

13.3 If you object to a change to this Policy, the change will not apply to you; however, your objection may constitute notice to close your MDF AG Account in accordance with the account closure provisions of our Terms and Conditions.

13.4 We recommend that you review this Policy periodically. The version number and date at the top of this document indicate when it was last updated.

 

14. Contact Us

14.1 If you have any questions about this Policy, wish to exercise your rights, or have a concern about how we handle your personal data, please contact us at:

MDF AG

Freigutstrasse 22

8002 Zurich

Switzerland

Email: compliance@onramp.exchange

14.2 We will acknowledge your enquiry within 2 business days and aim to resolve it within 15 business days. In complex cases this period may be extended; we will notify you of any extension and the reasons for it.

 

MDF AG | Version 2.0 | May 2026