Render's Security Policies and Certifications

Hey all, is there any web page or info on Render.com’s security certifications or policies? Something like: https://www.heroku.com/policy/security. It could be a blocker for us to use in production, so want to see if there are any resources before moving forward – thanks!

1 Like

Hi @avimoondra,

We don’t have any published resources, but I’m happy to answer any specific questions you have.

Got it - thanks @dan. Some specific questions:

Are you using AWS or GCP as your data center?

Is Render SOC1 or SOC2 certified?

What’s Render’s strategy for pen tests, vulnerability assessments, and reporting? Do you have a bug bounty program in place?

1 Like

@avimoondra I have the same concerns you do about production. I asked @Ralph a few months ago, and he said, and I quote, “We likely won’t get SOC2 for at least another quarter.” He was kind enough to start a mailing list and add me to it; maybe you could contact him ralph@render.com and get added also?

Thanks for the question :slight_smile: Answers are inline

Are you using AWS or GCP as your data center?

We are currently using AWS for our Frankfurt, Germany region and are using GCP for our Oregon, US region.

Is Render SOC1 or SOC2 certified?

No, neither. As @cjl mentioned, we are working on SOC 2 certification, but we don’t yet have it. If you want to get notified when it’s complete, we are tracking it in our public feature tracker. If you vote on it and add your email, you will get updated when it is done: https://feedback.render.com/features/p/soc-2-compliance

What’s Render’s strategy for pen tests, vulnerability assessments, and reporting?

Pen tests, vulnerability assessments, and reporting are all part of the SOC 2 work that we’re doing, so we’re still working through what exactly our approach will be.

Do you have a bug bounty program in place?

We don’t have an advertised bug bounty program, but we do award bounties to security reports when we receive them.

If you have any more questions, feel free to keep them coming :slight_smile:

1 Like