Data Privacy in OnRamp

Last updated: March 14, 2026

OnRamp processes data on behalf of your organization and your customers as part of delivering the platform. This article explains what data we collect, how it’s used, and how it’s protected.

What Data OnRamp Collects

Account and User Data

  • Names, email addresses, and profile information for internal users and customer users

  • Authentication credentials (passwords are hashed; OAuth tokens are encrypted)

  • User activity within the platform (task completions, comments, portal visits)

Project and Onboarding Data

  • Project details, task content, files uploaded, and comments submitted

  • Data Fields and metadata your team captures during onboarding

  • Responses collected through subtask forms

Integration Data

  • Data synced from connected tools (e.g. Salesforce opportunity fields, HubSpot deal data)

  • OAuth tokens for connected integrations (stored encrypted)

Usage and Log Data

  • System logs, error logs, and activity logs used to maintain platform reliability

  • Portal engagement metrics (login frequency, visit timestamps) used to calculate Engagement signals

How OnRamp Uses Your Data

  • To deliver the service — running projects, routing tasks, sending notifications, and syncing with integrations

  • To generate Insights and AI Summaries — OnRamp’s AI features analyze your project and task data to surface trends and recommendations

  • To support you — support and engineering teams may access account data when troubleshooting issues, with appropriate controls in place

  • To improve the platform — aggregated, anonymized usage patterns may inform product development

OnRamp does not sell your data to third parties.

Data Retention

Data is retained for the duration of your subscription. Upon contract termination, data deletion timelines are governed by your agreement with OnRamp. Contact your Account Manager for details on your specific data retention and deletion terms.

Customer Data Isolation

Each OnRamp organization is logically isolated. Customer users can only access projects and data they’ve been explicitly invited to. One customer organization cannot access another’s data.

HIPAA

OnRamp’s platform and processes are HIPAA compliant, audited annually. PHI is not included in email notification bodies sent by OnRamp. Business Associate Agreements (BAAs) are available — contact your Account Manager.

GDPR

OnRamp is GDPR compliant. For organizations that require EU data residency, we can provision EU-hosted infrastructure. If you require a Data Processing Agreement (DPA), contact your Account Manager or privacy@onramp.us.

CCPA

OnRamp is CCPA compliant and can fulfill CCPA-related data requests, including requests to access or delete personal information. Submit requests to privacy@onramp.us.

Sub-processors

OnRamp uses third-party infrastructure and service providers (sub-processors) to deliver the platform, including AWS for hosting. For a current list of sub-processors, contact privacy@onramp.us.

Questions or Requests

For data privacy inquiries, subject access requests, or deletion requests, contact privacy@onramp.us.