Privacy Policy
Last updated: 2026-05-22
This Privacy Policy explains how Ride Agentic Inc. ("Dappa," "we," "our," or "us") collects, uses, and shares personal data when you use the dappa.ai website and related services (the "Service"). It is provided to satisfy our obligations under the EU and UK General Data Protection Regulation (GDPR) and applies to everyone who uses the Service, wherever they are located.
Effective date
This policy is effective as of 2026-05-22.
1. Who we are (data controller)
Dappa is a brand operated by Ride Agentic Inc., a corporation organized under the laws of the State of Delaware, United States, located in New York, NY. Ride Agentic Inc. operates the Service and is the data controller for the personal data described in this policy.
For any privacy question, or to exercise your rights, contact us at @nxt3d on X or Telegram.
We have no establishment in the European Union. If you are in the EU or UK, you may also contact your local data protection supervisory authority.
2. The data we collect
We collect only what the Service needs to function.
- Account data. If you sign in, we receive your email address and basic profile information from your chosen sign-in method (Google OAuth). This is stored in our application database.
- Wallet addresses. When you connect a wallet or claim a collection, we process your public wallet address. Wallet addresses are pseudonymous personal data under the GDPR. We store them to record collection claims and to authorize actions you take.
- Chat content. Messages you send to an agent are forwarded to an AI inference provider to generate a response. The dappa.ai application does not store your chat messages. Please do not include sensitive personal information in chat messages.
- Technical data. When you use a wallet connection, the underlying WalletConnect relay may process your IP address and user-agent string to route the connection. Our hosting and infrastructure providers process standard server logs (including IP address) for security and reliability.
- Audit data. Certain administrative actions are recorded with a reference to the acting wallet address, for security and abuse prevention.
We do not knowingly collect special categories of data (such as health, biometric, or political data), and we do not run advertising trackers.
3. Why we process it, and our lawful bases
- To provide the Service, including letting you sign in, connect a wallet, claim a collection, and chat with agents. Lawful basis: performance of a contract with you, and our legitimate interest in operating the Service.
- To secure the Service and prevent abuse. Lawful basis: our legitimate interest in keeping the Service safe.
- To comply with legal obligations where they apply. Lawful basis: legal obligation.
4. Who we share it with
We share personal data only with service providers ("processors") who help us run the Service, each under a data processing agreement:
- Vercel: website hosting and edge logs.
- Neon: application database hosting.
- Render: hosting for our on-chain data indexer.
- Google: sign-in (OAuth).
- Reown / WalletConnect: wallet connection relay.
- OpenRouter: AI inference for agent chat. OpenRouter routes requests to the selected underlying model provider, so retention and any training use depend on that provider. Dappa does not use chat content to train its own models. Please do not share sensitive personal data in chats.
We do not sell your personal data.
5. International data transfers
Our processors are located in the United States, so using the Service involves transferring personal data outside the EU and UK. Where this happens, the transfer is protected by an appropriate safeguard, such as the EU-US Data Privacy Framework or Standard Contractual Clauses. You can ask us for more detail about the safeguard used for a specific provider.
6. How long we keep it
- Account data: until you delete your account, plus up to 90 days in backups.
- Wallet-claim records: for as long as the claim is active, plus a reasonable period afterward for audit and dispute resolution.
- Audit records: up to 18 months.
- Server logs held by our providers: per each provider's standard retention.
7. On-chain data is public and permanent
Some actions you take through the Service result in transactions or records on a public blockchain. On-chain data is public, replicated across many systems, and cannot be edited or deleted by us or by anyone else. A request to erase your data has no effect on information already written on-chain.
8. Your rights
If you are in the EU or UK, you have the right to access, correct, erase, restrict, or object to our processing of your personal data, and the right to data portability. You can exercise these rights by contacting @nxt3d on X or Telegram. We will respond within 30 days as required by Article 12(3) of the GDPR. You also have the right to lodge a complaint with a supervisory authority.
Note that some rights are limited for on-chain data, as described in Section 7, and for data we must keep to meet a legal obligation or to defend a legal claim.
9. Cookies
We use only strictly necessary cookies. Today that is a single session cookie set when you sign in, which keeps you signed in. Strictly necessary cookies do not require consent under the ePrivacy rules. We do not use analytics, advertising, or third-party tracking cookies. If that ever changes, we will update this policy and add a consent banner before any non-essential cookie is set.
10. Automated decision-making
We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing.
11. Children
The Service is not directed to children. You must be at least 16 years old to use it. We do not knowingly collect personal data from children under 16.
12. Changes to this policy
We may update this Privacy Policy from time to time. We will post the revised version at this address and update the "Last updated" date. Material changes will be highlighted where practical.
13. Contact
Ride Agentic Inc.
New York, NY
Contact: @nxt3d on X or Telegram.