Privacy Policy

Updated April 10, 2026

Please read this Privacy Policy carefully before using this site. It explains what information we collect, how we use it, and the security practices we have in place to protect it.

Who We Are

RampUp Rocket ("us," "we," or "our") operates the RampUpRocket.com website (the "Service"). This Privacy Policy explains how we collect, use, and disclose Personal Information when you use our Service. RampUpRocket.com is owned and operated by FastPath Marketing LLC ("FastPath").

We will not use or share your information with anyone except as described in this Privacy Policy. By using the Service, you consent to the collection and use of information in accordance with this policy. All terms not defined here share the same meaning as in our Terms of Use.

Summary

  • We do not sell personal information.
  • We collect information to operate the Service (accounts, usage, and Customer Content).
  • Customer Content remains yours. We use it only to provide the Service to your authorized team.
  • We apply technical security controls designed to protect your data (see "Security" below).
  • You can request access, correction, or deletion of your information at any time.

Information We Collect

This information is collected to operate the Service, communicate with you, deliver features you request, and improve the RampUp Rocket platform.

A. Account Information

When you create or manage an account, we may collect: name, email address, role, and basic account settings. This is used to contact or identify you and to manage your access to the Service.

B. Customer Content

The Service allows you to input or upload business information such as meeting details, notes, internal context, and other content you choose to provide ("Customer Content"). Customer Content may include confidential business information depending on how you use the Service. We process Customer Content only on your behalf and only to deliver the Service to your organization.

C. Usage and Device Data

We automatically collect diagnostic and usage information, including IP address, browser type, device identifiers, pages viewed, timestamps, and error logs. This information is used to operate, troubleshoot, and improve the Service.

D. Cookies and Session Data

Cookies are small data files stored on your device. We use cookies and similar technologies to:

  • keep you signed in securely
  • protect the Service from unauthorized access
  • remember preferences and support core functionality

Session cookies are configured with security flags (HttpOnly, Secure in production, SameSite) to reduce exposure to session hijacking and cross-site request attacks. You can control cookies through your browser settings, though some features may not work correctly if cookies are disabled.

How We Use Information

We use collected information to:

  • provide, maintain, and improve the Service,
  • authenticate users and enforce access controls,
  • process Customer Content as requested by authorized users of your organization,
  • communicate with you about updates, support, or important notices,
  • monitor for abuse, fraud, and security incidents,
  • comply with legal obligations.

How We Share Information

We share information only as needed to operate the Service:

  • Service Providers: We use third-party vendors to host infrastructure, store data, process payments, and support features. These providers process information only to perform services on our behalf and are required to protect it. See "Infrastructure and Subprocessors" below for the specific providers we use.
  • Legal and Safety: We may disclose information if required by law or to protect the rights, property, or safety of the Service, our customers, or others.

We do not share Customer Content for advertising purposes, and we do not sell personal information.

Infrastructure and Subprocessors

We rely on the following third-party providers to operate the Service. Each is a reputable provider with its own privacy and security commitments:

  • Replit — cloud hosting and application infrastructure
  • Supabase — managed PostgreSQL database and secure data storage
  • OpenAI — AI model processing for mission brief and content generation features
  • Brevo (formerly Sendinblue) — transactional email delivery
  • Stripe — subscription billing and payment processing
  • Sentry — error tracking and application monitoring

We will update this list if we add or replace providers. Customer Content submitted to AI-powered features is transmitted to OpenAI solely for the purpose of generating the output you requested.

Data Retention

We retain information for as long as necessary to provide the Service and for legitimate business purposes such as security, auditing, and compliance.

  • Account data is retained while your account is active.
  • Customer Content is retained until deleted by the customer or upon account termination, subject to reasonable backup retention periods maintained by our database provider.
  • You can request deletion of your data by contacting us at support@rampuprocket.com.

Security

We apply administrative, technical, and organizational measures designed to align with industry-standard security practices. The following controls are verified and active in our production environment:

Encryption and Data Protection

  • Encryption in transit: All traffic is served over HTTPS with TLS enforced in production. HTTP requests are redirected to HTTPS. HTTP Strict Transport Security (HSTS) headers are applied. Our database connections use TLS 1.3.
  • Encryption at rest: Data is stored in Supabase, whose infrastructure provides encryption at rest for stored data.

Authentication and Access Controls

  • Password hashing: Passwords are hashed using scrypt, a memory-hard adaptive algorithm designed to resist brute-force attacks. Plaintext passwords are never stored.
  • Session security: Session cookies are configured with HttpOnly, Secure (HTTPS-only in production), and SameSite flags. Sessions expire after 8 hours of inactivity.
  • CSRF protection: All state-changing forms require a verified CSRF token.
  • Rate limiting: Login, password reset, and administrative authentication endpoints enforce IP-based rate limits to slow credential-stuffing and brute-force attempts.
  • Timing attack resistance: Authentication responses are normalized in timing to prevent user enumeration via response-time differences.
  • Tenant isolation: Users can only access data belonging to their organization. Cross-tenant operations are blocked at the application layer.

Application and Infrastructure Security

  • Security headers: All responses include Content-Security-Policy, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and Cross-Origin-Resource-Policy headers.
  • Admin page caching: Administrative pages are served with no-cache, no-store headers to prevent sensitive content appearing in browser history or shared caches.
  • Error tracking: We use Sentry for real-time error monitoring and application request logging.
  • Dependency review: We use automated dependency audit tooling as part of our release process to identify known vulnerabilities in third-party packages.
  • Secrets management: Credentials and API keys are stored as environment secrets and are not present in source code.

No method of transmission or storage is 100% secure. While we work continuously to maintain and improve these controls, we cannot guarantee absolute security. If you believe you have found a security vulnerability, please contact us at support@rampuprocket.com.

Your Choices and Requests

You may request to access, update, or delete your information by contacting us at: support@rampuprocket.com. If you are an employee or user of a customer organization, your administrator may control certain account settings and Customer Content.

Children's Privacy

Our Service is intended for users age 18 and older. We do not knowingly collect Personal Information from anyone under 18.

Links to Other Sites

Our Service may contain links to external sites. We do not control and are not responsible for the content or privacy practices of third-party sites.

Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version and revise the "Last Updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

Contact Us

For privacy questions, security concerns, or data requests:
Email: support@rampuprocket.com

Back to Home