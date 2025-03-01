Render’s security controls are predicated on the assumption that customers maintain robust internal controls. The effective use of the Render system relies heavily on customers actively managing their assigned security responsibilities. This includes safeguarding user data, controlling access, and upholding security protocols.

This document delineates Render’s specific responsibilities alongside the customer’s obligations and identifies areas of shared responsibility. It aims to guide customers in establishing comprehensive security practices.

Note that the procedures and controls listed here serve as foundational guidance. They are not exhaustive. Customers are encouraged to implement additional controls that align with their specific security needs and compliance requirements.

Customer responsibilities

Customer is responsible for:

Protecting all secrets within their organization

Managing and reviewing user access to the Render system

Implementing and enforcing data policies regarding the types of data entered into the Render system, ensuring data is transmitted securely and encrypted as necessary

Keeping informed about communications from Render that affect system security, user obligations, or service availability

Establishing and maintaining security controls for system-generated outputs and reports

Compliance with relevant legal and regulatory requirements

Security of application-level configurations

Regular security assessments of their applications

Endpoint protection of workstations used to access the Render system

Developing and maintaining their own business continuity and disaster recovery plans

Deleting their data from the Render system upon termination of services

Render responsibilities

Render is responsible for:

Making sure all underlying operating systems are patched and up to date

All internal networking between services and databases

Securing the infrastructure that hosts all hardware, software, networking, and facilities

Managing the underlying servers, networks, and storage

Ensuring that the runtime environments for supported programming languages and frameworks are secure and up to date

Transparency about their operational status and any security breaches

Securing the platform, which includes middleware and other integrated services that it provides

Providing detailed documentation and guidelines on the security features of their platform.

Shared responsibilities

Customer and Render share responsibility for: