Trust Center
Ramp exists to save you time and to save you money. We understand the importance of the trust you place in us by sharing your data. Upholding and nurturing that trust is ingrained in our company culture, guiding our internal operations and product development.
Ramp has garnered trust from customers operating in tightly regulated industries, including defense, financial services, and medical manufacturing. Our team is committed to safeguarding your data against potential threats, and we’re excited to provide insight into our approach on this page.
Accessing the documentation on our trust center:
Please request access via the banner above. You will be sent an invite via email, and will be prompted to sign an NDA once in the portal. Once the NDA is signed, you will have access to view and download the resources in our Trust Center.
Documents
- What log in methods does Ramp support?
- Does Ramp have a mechanism for reporting vulnerabilities?
- What applications/ systems does Ramp have integrations with?
- How long does Ramp retain customer data?
- What are the locations of your primary and backup data centers or cloud service provider geographic regions?
Ramp's 2025 Security Documentation Available for Download
The following updated 2025 security documentation is available for download from our Trust Center:
- SOC 2 Type 2 report for the period ending October 2025
- SOC 1 Type 2 report for the period ending October 2025
- ISO 27001:2022 Certification, achieved in October 2025
- PCI DSS Attestation of Compliance (AoC) as of December 2025
- Ramp’s 2025 external penetration test reports (Web, API, Mobile)
AI Provider Subprocessor Update Notification
We’ve updated our subprocessor list to include Together AI and Cerebras.
Name: Together AI
Location: United States, European Union, Canada
Website: https://www.together.ai/
Purpose: AI Provider
DPA Signed: Yes
Name: Cerebras
Location: United States
Website: https://www.cerebras.ai/
Purpose: AI Provider
DPA Signed: Yes
These subprocessors have been evaluated in accordance with Ramp’s third-party risk management process.
Ramp Security Advisory: Ongoing Phishing Campaign Targeting Ramp Customers
Summary
We are sending this security advisory to inform you of an ongoing phishing campaign targeting Ramp customers. This campaign seeks to trick users into providing their Ramp credentials, and in some cases Google account credentials, and multi-factor authentication (MFA) code by sending an email purporting to request that users review and acknowledge “Prohibited Activities guidelines” with a link to that redirects to a phishing site designed to obtain the user's Ramp credentials and/or Google account credentials.
About the phishing email
- Subject line: "Important: Service Guidelines Update"
- Links: hxxp://url1799[.]sendwirepay[.]com/ls/click?upn=[string]
- Sender: Display name: “The Ramp Team” and sender email is support[at]sendwirepay[.]com (Note: The MX record for the sender email address has been removed.)
Indicators of Compromise (IOCs)
Phishing Domains: Ramp uses a phishing detection and mitigation vendor to identify and takedown domains used in phishing campaigns targeting Ramp users.
- url1799[.]sendwirepay[.]com – Domain for the link found in the phishing email
- app[.]na-ramp[.]com – Effective URL domain after final redirect
- 2[.]58[.]56[.]110 – IP address of the phishing site
You can review the entire redirect chain and other relevant information about the phishing site on the urlscan result for the phishing site.
The phishing campaign also targets Google credentials through a pop-up that almost perfectly mimics the Sign in with Google IdP flow. The fake Google pop-up communicates with the following domain(s):
- ggo[.]oneclickauth[.]com
Other relevant IOCs include:
- Sender IP address: 189.1.171.131 (Brazil)
- Mail server: o2.ptr9277.maplerad.com (149.72.234.195)
- Domains used during redirect to the phishing site: ramply[.]link, hots[.]dog, redir[.]dog
What you can do
- Use the information provided above to update email security rulesets to help detect and mitigate the risk of Ramp account compromise.
- If applicable, check proxy, VPN, or web traffic logs for evidence of users visiting the listed phishing domains.
- If you believe you or a user at your business has been compromised, notify us immediately at support@ramp.com and file a dispute if necessary.
- Review invited users on your Ramp account for unknown users.
We are committed to ensuring the security of our customers and partners. If you have any questions or need further assistance, please reach out to us at security@ramp.com. If you believe fraudulent transactions have occurred, please notify us immediately and follow Ramp’s dispute process. We may provide further updates to this advisory as additional information becomes available.
Subprocessor / Key Service Provider Update Notification
To provide more clarity around our use of subprocessors (where Ramp may act as a data processor) and other key service providers (where Ramp may act as a data controller), we’ve separated our lists of subprocessors and key service providers.
We’ve updated our subprocessor list to include Amplitude Inc., Astronomer, Cloudflare, Duffel Technology Ltd., and Sierra Technologies Inc.
Name: Amplitude Inc.
Location: United States
Website: https://amplitude.com/
Purpose: Product analytics
DPA Signed: Yes
Name: Astronomer, Inc
Location: United States
Website: https://www.astronomer.io/
Purpose: AI and machine learning services
DPA Signed: Yes
Name: Cloudflare
Location: United States
Website: https://www.cloudflare.com/
Purpose: Caching and content delivery network
DPA Signed: Yes
Name: Duffel Technology Ltd.
Location: EU
Website: https://duffel.com/
Purpose: Travel booking and management
DPA Signed: Yes
Name: Sierra Technologies Inc.
Location: United States
Website: https://sierra.ai/
Purpose: AI support agent
DPA Signed: Yes
These subprocessors have been evaluated in accordance with Ramp’s third-party risk management process.
Ramp's 2024 Security Documentation Available for Download
The following updated 2024 security documentation is available for download from our Trust Center:
- SOC 2 Type 2 report for the period ending October 2024
- SOC 1 Type 2 report for the period ending October 2024
- ISO 27001:2022 Certification, achieved in October 2024
- PCI DSS v4.0 Attestation of Compliance (AoC) as of December 2024
- Ramp’s 2024 external penetration test report
