Security at Range

Enterprise-grade security to help protect your team and your data

Our commitment

You trust Range to help your team stay in sync, feel connected, and get more done. Our most important job is to keep your data safe along the way.

Range undergoes regular pentetration tests, is designed to be GDPR compliant, and utilizes industry best-practice for encryption at rest and in transit.

Horizontal rule

SOC 2 Type II

Range performs continuous compliancemonitoring and is audited against SOC 2 Type II for security, confidentiality, and availability in the AICPA 2017 Trust Services Criteria.

A copy of the latest report is available for enterprise customers under a Mutual NDA, please contact usto learn more.

Privacy Shield, GDPR, and CCPA

Range's standard policies comply with the European Union's Global Data Protection Regulation and the California Consumer Privacy Act.

Data Processing Addendums (DPA) are available on request.

Horizontal rule

Security Practices

Our ongoing committment to deliver you peace of mind


Range is committed to ensuring that Customer Data is not seen by anyone who should not have access to it. We have audited controls and policies that govern our employeesโ€™ access to production systems.


โ€Range uses Amazon Web Services (AWS) for the hosting of our services. AWS data centers are monitored by 24ร—7 security, biometric scanning, video surveillance and are SOC 1, SOC 2, and SOC 3 certified.


โ€All Customer Data is encrypted both at rest and in transit. Services are reachable exclusively via HTTPS with TLS 1.2 or higher. We are careful to make sure no resources are loaded from plain HTTP sites. We have HSTS configured to one year. ALB certs are issued by AWS, backend certs are issued by COMODO.

Network Protection

Production servers and databases are hosted in a dedicated VPC and are not publicly accessible. All servers are configured with two-factor authentication and all unnecessary ports are blocked by AWS Security Groups.


Range's databases operate in multiple availability zones and have several layers of backup and replication. Primary databases have automatic backups, with point in time recovery, and additional snapshots taken every two hours and stored in a second region.

Incident Response

Internal processes keeps our services and applications up to date and free of vulnerabilities. Breaches will be reported within 72 hours (48 hours for Enterprise customers), externally reported vulnerabilities will be fixed ASAP.

Horizontal rule


We appreciate the efforts of the security community in helping keep our services safe and secure.