Security

How we protect your data — last updated February 2026

Ranger rides point on sensitive personal data. We take security seriously at every level — no shortcuts, no gaps, no exceptions. This page explains how we protect your information, the standards we hold ourselves to, and how to report a vulnerability if you find one.

Encryption

Encryption at Every Layer

Data in Transit — TLS 1.3

All communication between your device and Ranger's servers uses TLS 1.3. Your data is encrypted before it leaves your device.

Data at Rest — AES-256

All stored data is encrypted using AES-256. This includes your Protection Report, communication logs, and stored assessments. Encryption keys are managed separately from stored data.

Advisor Communications — End-to-End

All communications with your Advisor occur through end-to-end encrypted channels. Advisor sessions are logged and audited for security.

Report Delivery

Your Protection Report is delivered via secure, encrypted channel only. Report access links expire after a defined period. Downloads are logged for security purposes.

Infrastructure

Infrastructure & Operations

Ranger's infrastructure is hosted on enterprise-grade cloud providers with SOC 2 Type II compliance. We maintain strict access controls, multi-factor authentication on all internal systems, and continuous monitoring for anomalous activity.

Regular third-party penetration testing (minimum annually)
Internal security reviews on every major code deployment
Principle of least privilege — employees only access the data needed for their role
Full audit trails on all data access and Advisor activity
Automated vulnerability scanning across our codebase and dependencies

Access Controls

Access Controls & Authentication

Access to member data is strictly controlled:

All internal access requires multi-factor authentication
Advisors can only access the member data relevant to their assigned accounts
No employee can bulk export member data
Access to production systems is limited to a small security-cleared team
All access events are logged and regularly reviewed

Incident Response

In the event of a security incident that affects your data, Ranger will:

Notify affected members within 72 hours of discovery
Provide clear information about what data was affected and what we're doing about it
Work with relevant authorities as required by applicable law
Publish a post-incident report once the situation is resolved

We maintain a documented incident response plan that is reviewed and updated quarterly.

Vulnerability Disclosure

Report a Vulnerability

We welcome responsible disclosure of security vulnerabilities. If you've found a potential security issue in Ranger's systems or website, please report it to us before public disclosure.

Email: security@tryranger.ai

Please include: a description of the issue, steps to reproduce, potential impact, and your contact information.

We respond to all security reports within 48 hours. We will work with you to understand and address the issue, and we credit researchers who help us improve our security.

Scope: tryranger.ai and all subdomains, the Ranger browser extension, and the Ranger mobile app (when available).

Out of scope: Social engineering attacks, physical attacks, or vulnerabilities in third-party services we don't control.

Contact

Security Contact

For security disclosures and questions: security@tryranger.ai

For general privacy inquiries: privacy@tryranger.ai

For legal matters: legal@tryranger.ai