Enterprise-grade security to help protect your team and your data
Range performs continuous compliance monitoring and has been audited against SOC 2 Type II for security, confidentiality, and availability in the AICPA 2017 Trust Services Criteria.
A copy of the latest report is available for enterprise customers under a Mutual NDA, please contact us to learn more.
Range is committed to ensuring that Customer Data is not seen by anyone who should not have access to it. We have audited controls and policies that govern our employees’ access to production systems.
Range uses Amazon Web Services (AWS) for the hosting of our services. AWS data centers are monitored by 24×7 security, biometric scanning, video surveillance and are SOC 1, SOC 2, and SOC 3 certified.
All Customer Data is encrypted both at rest and in transit. Services are reachable exclusively via HTTPS with TLS 1.2 or higher. We are careful to make sure no resources are loaded from plain HTTP sites. We have HSTS configured to one year. ALB certs are issued by AWS, backend certs are issued by COMODO.
Production servers and databases are hosted in a dedicated VPC and are not publicly accessible. All servers are configured with two-factor authentication and all unnecessary ports are blocked by AWS Security Groups.
Range's databases operate in multiple availability zones and have several layers of backup and replication. Primary databases have automatic backups, with point in time recovery, and additional snapshots taken every two hours and stored in a second region.
Internal processes keeps our services and applications up to date and free of vulnerabilities. Breaches will be reported within 72 hours (48 hours for Enterprise customers), externally reported vulnerabilities will be fixed ASAP.