Ramp

Named subprocessors

Modal Together AI Cerebras Amplitude Inc. Astronomer, Inc Cloudflare Duffel Technology Ltd. Sierra Technologies Inc.

https://ramp.com/legal/privacy-policy checked 16 hours ago

https://ramp.com/legal/platform-agreement checked 1 hour ago

https://ramp.com/legal/customer-terms/services-terms/dpa checked 18 hours ago

https://trust.ramp.com/?itemUid=e3fae2ca-94a9-416b-b577-5c90e382df57 checked 18 hours ago

https://trust.ramp.com/ checked 17 hours ago

Ramp's Data Processing Addendum page was replaced with a JavaScript-required placeholder, removing all visible DPA content including definitions, processing roles, subprocessor terms, international transfer annexes, and jurisdiction-specific terms.

Ramp published a new Data Processing Addendum covering definitions, roles, CCPA, subprocessors, international transfers (EEA/UK/Switzerland, Brazil, India/DPDPA), SCCs, liability, and technical/organizational measures, replacing a prior page that required JavaScript to render.

Ramp added the Cyber Essentials Plus certification to its security/trust page.

Ramp added Cyber Essentials Plus to its subprocessor list.

Ramp's security page replaced the listed FedRAMP authorization level from 'FedRAMP Moderate' to 'FedRAMP Certified Class C'.

Ramp's subprocessor list replaced the FedRAMP authorization level 'FedRAMP Moderate' with 'FedRAMP Certified Class C' for a subprocessor entry.

Ramp's security page added a PCI DSS certification/compliance listing and removed the 2025 Ramp Mobile Penetration Test Report, while Email Protection appears in both additions and removals suggesting a reordering or re-listing with no net change.

Ramp's subprocessor list was updated to add PCI DSS and remove the 2025 Ramp Mobile Penetration Test Report, while Email Protection appears in both additions and removals indicating a re-listing or replacement.