Rip Station

RipStation — Privacy Policy

Last Updated: June 1, 2026

1. Introduction

Byzantine Port Technologies Inc., a company incorporated under the laws of the Republic of Panama ("RipStation," "we," "us," or "our"), is committed to protecting your personal information. This Privacy Policy describes how we collect, use, disclose, and protect information when you access or use ripstation.xyz and any related applications, tools, or platforms (collectively, the "Service").

By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

For questions or concerns, contact us at: legal@ripstation.xyz

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Email address, phone number, username, and login credentials (including via social login such as Google or Apple ID);
  • Profile Information: Display name, country of residence, collecting interests, and linked social media accounts;
  • Shipping and Claim Information: Full name, shipping address, email address, and phone number (required for physical collectible redemptions);
  • Identity Verification (KYC): Government-issued identification documents, selfie images, and biometric data, collected through third-party verification services where required;
  • Communications: Messages sent through in-app support, customer service inquiries, and feedback submissions;
  • Transaction Information: Records of purchases, sales, offers, pack openings, claims, and other platform transactions.

2.2 Information Collected Automatically

  • Device Information: Device type, operating system, browser type and version, screen resolution, and unique device identifiers;
  • Usage Information: Pages viewed, features used, click patterns, search queries, session duration, and navigation paths;
  • Log Data: IP address, access times, referring URLs, and error logs;
  • Blockchain Data: Wallet addresses, transaction history, token balances, and NFT or digital asset holdings (where applicable);
  • Cookies and Similar Technologies: Cookies, web beacons, pixels, and local storage used to maintain sessions, remember preferences, and analyze usage.

2.3 Information from Third-Party Sources

  • Authentication Providers: Authentication tokens and wallet addresses from login service providers;
  • Payment Processors: Transaction data, payment status, and fraud detection signals from third-party payment processors;
  • Analytics Providers: Aggregated and pseudonymized usage data from analytics services;
  • Blockchain Networks: Publicly available blockchain data;
  • Vault and Grading Partners: Card authentication, grading, and inventory data from vault and grading service providers;
  • Referral Sources: Referral codes and referring user information.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing and maintaining the Service: Account creation, authentication, transaction processing, vault custody, and customer support;
  • Payment processing: Facilitating purchases, sales, withdrawals, and refunds;
  • Identity verification: Complying with applicable KYC, AML, and sanctions requirements;
  • Communication: Sending transactional notifications, service announcements, and responding to inquiries;
  • Improvement and personalization: Analyzing usage patterns, optimizing platform functionality, and personalizing your experience;
  • Security and fraud prevention: Detecting, investigating, and preventing fraudulent, unauthorized, or illegal activity;
  • Marketing: Measuring advertising effectiveness and delivering relevant promotional content (with your consent where required);
  • Legal compliance: Fulfilling legal obligations, responding to lawful requests, and enforcing our Terms of Service;
  • Analytics and research: Conducting internal research and generating aggregated, de-identified insights.

4. Sharing and Disclosure of Information

We do not sell your personal information.

4.1 Service Providers

We share information with third-party service providers who assist us in operating the Service, including but not limited to:

  • Authentication and wallet management providers;
  • Payment processors (fiat and cryptocurrency);
  • Identity verification (KYC) services;
  • Customer support and messaging platforms;
  • Email delivery services;
  • Shipping and logistics providers;
  • Vault, grading, and authentication partners;
  • Content delivery networks and hosting providers;
  • Blockchain infrastructure providers (RPC nodes, minting services);
  • Address validation services.

All service providers are contractually bound to use your information only for the purposes of providing services to us and to maintain appropriate security measures.

4.2 Analytics and Advertising Partners

We may share information with analytics and advertising partners, including:

  • Product analytics services (which may include session recording with automatic masking of sensitive data);
  • Web analytics services;
  • Advertising platforms for conversion tracking and attribution;
  • Error monitoring and performance measurement services.

Where session recording is used, recordings capture interactions such as mouse movements, clicks, and scrolls, with automatic masking of sensitive fields. You may opt out of session recording via cookie preferences where available.

4.3 Other Disclosures

We may disclose your information in the following circumstances:

  • Legal requirements: In response to valid legal process, court orders, or requests from law enforcement or regulatory authorities;
  • Protection of rights: To protect the rights, property, or safety of Byzantine Port Technologies Inc., our users, or the public;
  • Business transfers: In connection with a merger, acquisition, reorganization, bankruptcy, or sale of assets, in which case your information may be transferred as part of the transaction;
  • With your consent: When you have explicitly consented to the disclosure;
  • Blockchain data: Information recorded on a public blockchain is inherently public and immutable. RipStation cannot delete, modify, or restrict access to data stored on a blockchain.

5. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

  • Essential Cookies: Required for authentication, session management, security, and payment processing;
  • Analytics Cookies: Used to understand how users interact with the Service, measure performance, and identify errors;
  • Marketing Cookies: Used for advertising attribution, conversion tracking, and measuring campaign effectiveness.

You can manage cookie preferences through your browser settings or through cookie preference tools provided on the Service. Disabling essential cookies may impair the functionality of the Service.

6. Data Retention

We retain personal information for the following periods:

Data CategoryRetention Period
Account InformationDuration of account plus a reasonable period thereafter
Transaction RecordsMinimum 7 years (financial compliance)
Communication RecordsUp to 3 years after last interaction
Analytics Data (identifiable)Up to 26 months
Analytics Data (aggregated/anonymized)Indefinitely
Marketing and Advertising DataUp to 90 days
Device and Log DataUp to 12 months
KYC/Identity Verification DataAs required by applicable AML/KYC regulations
Blockchain DataPermanent and immutable — RipStation cannot delete, modify, or remove data recorded on a blockchain

We may retain information for longer periods where required by law, for the establishment or defense of legal claims, or for legitimate business purposes.

7. Your Rights

Depending on your jurisdiction, you may have certain rights regarding your personal information.

7.1 Rights for EEA/UK Residents (GDPR)

If you are located in the European Economic Area or United Kingdom, you may have the following rights:

  • Right of Access: Request a copy of the personal information we hold about you;
  • Right to Rectification: Request correction of inaccurate or incomplete personal information;
  • Right to Erasure: Request deletion of your personal information, subject to legal exceptions (note: blockchain data cannot be deleted);
  • Right to Restriction of Processing: Request that we limit how we use your information;
  • Right to Data Portability: Request your information in a structured, machine-readable format;
  • Right to Object: Object to processing based on legitimate interests or for direct marketing purposes;
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time;
  • Right to Lodge a Complaint: File a complaint with your local data protection supervisory authority.

7.2 Rights for California Residents (CCPA/CPRA)

If you are a California resident, you may have the following rights:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information collected;
  • Right to Delete: Request deletion of personal information, subject to legal exceptions;
  • Right to Correct: Request correction of inaccurate personal information;
  • Right to Opt-Out of Sale/Sharing: RipStation does not sell personal information;
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

7.3 How to Exercise Your Rights

To exercise any of the rights described above, please submit a request to legal@ripstation.xyz. We will verify your identity before processing your request. Response timeframes: 30 days for GDPR requests, 45 days for CCPA requests. Extensions may apply for complex requests.

Authorized agents may submit requests on your behalf with appropriate verification.

8. Automated Decision-Making

We may use automated processing in the following areas:

  • Fraud detection: Analyzing transaction patterns to identify potentially fraudulent activity;
  • Identity verification: Automated document and identity checks through third-party KYC services, with the possibility of manual review;
  • Risk assessment: Evaluating account activity for feature eligibility and risk scoring;
  • Content moderation: Automated review of user-submitted content.

If you are subject to GDPR, you have the right to request human review of significant automated decisions. Contact legal@ripstation.xyz to make such a request.

9. International Data Transfers

Byzantine Port Technologies Inc. is incorporated in Panama and operates infrastructure in multiple jurisdictions. Your personal information may be transferred to and processed in countries other than your country of residence, which may have different data protection standards.

Where personal information is transferred from the EEA, UK, or Switzerland, we implement appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission;
  • Data processing agreements with service providers requiring equivalent protection standards;
  • Other recognized lawful transfer mechanisms under applicable law.

10. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information as promptly as possible. If you believe a child has provided us with personal information, please contact legal@ripstation.xyz.

11. Security

We implement reasonable administrative, technical, and physical safeguards to protect your personal information, including:

  • Encryption of data in transit using TLS/SSL;
  • Secure authentication with multi-factor authentication (MFA) support;
  • Access controls limited to authorized personnel on a need-to-know basis;
  • Security monitoring and incident detection systems;
  • Use of PCI-compliant payment processors for card transactions — RipStation does not store credit card numbers.

No method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee its absolute security. You are responsible for maintaining the security of your account credentials and wallet keys.

12. Data Breach Notification

In the event of a data breach that is likely to result in a risk to the rights and freedoms of individuals:

  • We will notify the relevant supervisory authority within 72 hours of becoming aware of the breach (where required under GDPR);
  • We will notify affected individuals without undue delay where the breach is likely to result in a high risk;
  • We will document the breach in our internal records;
  • We will investigate the breach and implement remediation measures.

Notifications will include a description of the breach, contact information (legal@ripstation.xyz), likely consequences, and mitigation measures taken.

For users subject to US state breach notification laws, we will comply with applicable notification requirements and timeframes.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes:

  • We will update the "Last Updated" date at the top of this policy;
  • We will provide notice via the Service or by email;
  • We will obtain consent where required by applicable law.

Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you should stop using the Service.

14. Contact Us

Byzantine Port Technologies Inc. Ave. Samuel Lewis y Calle 55, Edificio P. H. SL55, Piso 21 Panamá, Rep. de Panamá

For data protection requests, please email legal@ripstation.xyz with the subject line "Data Protection Request."

EEA/UK residents may lodge complaints with their local data protection supervisory authority.