Range Waiver · firearm-native digital waivers
The waiver platform built for ranges — not retrofitted from a yoga-studio template.
Every block, every audit field, every kiosk flow is designed for the way shooting ranges actually run. Cut signing time to 90 seconds. Generate insurer-grade audit packets on every visit. Catch prohibited-person attestations before someone steps onto your line.
90 sec
Average signer time
Mobile-first, one-scroll, no multi-step gating.
8 blocks
Firearm-native, ready to drop
Four Rules, NICS, age gate, guardian — all built-in.
$29
Starting at, per month
250 waivers included. $0.10/each overage. No setup fees.
100%
Self-serve, no sales call
Build your own template. Embed on any site. Use the API.
Template builder
Drag-drop. Live 375-pixel preview. Versioned.
No template designers, no implementation calls. Range owners build their own waivers and ship them themselves. The right column is a real 375-pixel iframe that re-renders on every keystroke.
- Drag-drop canvas with one-tap reorder, duplicate, or remove
- Live 375-pixel iframe preview using the same components signers see
- Inline configuration: range rules text, custom-question wording, required initials
- Settings panel: re-attestation cadence, age min, photo, ID scan, language toggles
- Pre-waiver CMS gate: video, image, or text the signer must acknowledge first
The signer experience
A 90-second mobile-first flow. Phone, kiosk, or embed.
One scroll, one signature, done. Built mobile-first because most waivers get signed on a phone — either via the QR poster in your lobby, a link you texted, or the kiosk tablet at the counter.
- All 8 firearm blocks in one scrollable form (no multi-step gating)
- Touch-friendly: 44×44px targets, native date picker, signature canvas
- Driver's-license barcode scan (PDF417 AAMVA) auto-fills name + address + DOB
- Front-facing selfie capture for high-trust ranges
- English + Spanish toggle when both are enabled on the template
- Optional partner opt-in (USCCA, U.S. LawShield) above the submit button
The signing flow
Eight firearm-native blocks. Plus your own.
Every block is built for the shooting-range context. They validate on the client AND server with the same Zod schema, render mobile-first, and emit a discrete audit event per signed waiver.
Block 1 · required
The Four Rules of Firearm Safety
Jeff Cooper's canonical four rules with required initials on each. Submission blocked until all four are initialed. Wording is non-configurable so it matches what the firearms-training community universally teaches.
Block 2 · required
Intoxication attestation
"I attest I am not under the influence of alcohol, drugs, or any impairing substance." Re-affirmed on every visit if you enable per-visit re-attestation.
Block 3 · required
Range rules acknowledgment
A scroll-locked text block — you customize the copy. The checkbox is disabled until the signer actually scrolls to the bottom, enforced by IntersectionObserver, not just trusted.
Block 4 · required
NICS-style prohibited-person attestation
Yes/no questions matching ATF Form 4473 phrasing. Any "yes" blocks submission with a "speak to staff" prompt — the signer doesn't get to proceed pretending otherwise.
Block 5 · optional
Skill-level self-assessment
New / Some experience / Experienced / Instructor. Surfaces on the signed-waiver record so the RSO knows who needs a walkthrough before they touch the lane.
Block 6 · conditional
Age 21+ gate
Pulls DOB, computes age, blocks submission if under the configured minimum (18 / 21 / custom). For ranges that need to enforce a state-specific minimum.
Block 7 · state-dependent
Pregnancy disclosure
Optional radio shown only where state law requires the disclosure. Hidden elsewhere. Per-template toggle.
Block 8 · conditional
Guardian for minor
Auto-activates when the signer's computed age is under 18. Captures guardian name, driver's-license scan, and guardian signature on the same canvas.
On top of the 8 blocks, the builder supports unlimited custom questions — short text, long text, yes/no, single select, multi select, date, initials — each with an optional flagged answer badge that surfaces in admin for staff attention.
Admin signings
Search, filter, comment, export.
Fuzzy name search hits a Postgres pg_trgm GIN index — sub-100ms even at hundreds of thousands of signed waivers. Filter by template, location, date, or flagged-answer presence. URL-driven so admins can bookmark a filtered view.
- Server-side fuzzy search on first + last name
- Filter by template, location, date range, flagged-answer presence
- Internal comments per waiver — staff-visible only, never the signer
- Bulk CSV export of the current filter
- Per-row: view audit-packet PDF, email PDF, archive
Template versioning
Every save snapshotted. One-click restore.
Forward-only history. Every save snapshots the prior layout, settings, and copy as a new row. Restoring an older version clones the snapshot into a new head — the live version is never overwritten and never lost.
- Append-only snapshots per template (RLS-gated, cascade-on-delete)
- Lists every version with timestamp, author, and optional changelog note
- Restore copies the chosen version into a new head — old versions stay frozen
- Signed waivers carry their own frozen template snapshot independently
Incident reports
RSO taps once. Admin reviews. Closed-out trail.
From the kiosk home screen, a Range Safety Officer can file an incident in 30 seconds — description, optional reporter name, up to 6 photos via the device camera. It lands in admin with a 3-step status workflow.
- Kiosk-side file flow (camera capture, no login required)
- Admin queue with new / in review / closed status workflow
- closedAt + closedBy stamped automatically
- Optional waiver_id link if the incident ties to a known signer
- Outbound webhook fires (incident.created) so your insurer / dispatch can pick it up
Affiliate revenue
USCCA, U.S. LawShield, or your own.
Stand up a partner offer in 60 seconds. Every signer sees an opt-in checkbox above the submit button. Captured leads land in admin with the partner's referral code attached, ready for export.
- Three partner templates out of the box: USCCA, U.S. LawShield, Custom
- Per-partner pitch copy, display name, referral code
- Enable / disable per partner without touching the signing flow
- Captured leads queryable by partner, with last-200 view in admin
- Server-side validation: only currently-enabled partners can persist a lead
Security
TOTP two-factor for every admin.
One QR scan into Google Authenticator, 1Password, or Authy enables it. After login a signed HMAC cookie tied to your user clears the gate for 7 days. Disabling requires a current code — a stolen session can't quietly turn MFA off behind your back.
- RFC 6238 TOTP (SHA-1, 30s, 6 digits) — works with every authenticator app
- Per-user enrollment from /settings/mfa
- ±1 step window for clock drift (Google Authenticator default)
- Disable requires a current valid code
- Post-MFA cookie HMAC-signed with the same secret as our magic-link tokens
Compliance
Anyone can verify a packet's authenticity.
Every signed waiver carries a SHA-256 hash printed on the PDF. Paste that hash at /verify and we confirm whether it matches a real, untampered waiver in our database — no login, no API key, no signer PII disclosed.
- Public, no-auth endpoint — your insurer can self-serve verification
- Hash is computed over canonicalized JSON (key-sorted, undefined-stripped)
- Returns yes/no plus signing date — no PII in the response
- Hash is generated server-side at signing time and immutable thereafter
The range floor
A kiosk that actually works offline.
Tested on a $50 Fire HD 10 tablet because that's what a lot of ranges actually buy. Installs as a PWA, runs fullscreen, and survives WiFi dropouts without losing a signed waiver.
Installs as a PWA
Add to Home Screen → opens fullscreen at the kiosk URL, hides browser chrome, persists across reboots. Per-kiosk manifest so re-opens land at the right location.
Offline submission queue
Submissions made while offline persist to IndexedDB. On reconnect (and every 30s while pending) the queue drains with UUID idempotency keys — replays never produce duplicate waivers.
Two-button home
"I'm new" mints a signing token and redirects. "I've signed before" fuzzy-searches name/email/phone and jumps to re-attestation if due.
60-second auto-reset
Any non-home screen resets after 60s of inactivity — a half-finished signing from one customer never bleeds into the next.
RSO incident reports
From the kiosk home, an RSO tap launches an incident form: description, reporter, up to 6 photos via the device camera. Goes straight to the admin queue.
PIN-protected exit
Per-kiosk PIN (set in admin) gates the path back out of fullscreen so customers can't navigate around the device.
Compliance
The audit packet your insurance carrier actually asks for.
Every signed waiver produces a tamper-evident PDF generated server-side by headless Chromium. The same React tree that renders your signing flow renders the packet — never a re-implementation drifting out of sync.
Full identity capture
Signer name, DOB, address parsed from the PDF417 driver's-license barcode, front-facing photo, and the signature as a vector-clean PNG.
Per-block audit events
Each of the 8 blocks emits a distinct audit event with block type + version, submitted value, IP, user-agent, and signed-at timestamp. Append-only log.
Cryptographic packet hash
SHA-256 over canonicalized JSON. Printed on the PDF and queryable at /verify — anyone can confirm a packet is real and untampered.
Frozen template snapshot
Every signed waiver freezes a copy of the template. If you edit the template a year later, the old waiver still renders exactly as the signer saw it.
Plug into anything
Embed widget. REST API. Outbound webhooks.
Available on every paid tier. No enterprise sales call required.
One-line embed widget
Drop one script tag on any FFL POS or eCommerce site. The signing flow loads in an iframe, inheriting your colors via postMessage.
<script src="https://app.rangewaiver.com/embed.js" data-template="TEMPLATE_PUBLIC_ID" ></script>
REST API (read + write)
Bearer-token auth. RLS-enforced. Edge-rate-limited.
GET /api/v1/waivers ?q=&limit= GET /api/v1/waivers/:id GET /api/v1/waivers/:id/pdf GET /api/v1/templates POST /api/v1/templates PATCH /api/v1/templates/:id DELETE /api/v1/templates/:id POST /api/v1/signing-links GET /api/v1/customers ?q= POST /api/v1/webhook-endpoints PATCH /api/v1/webhook-endpoints/:id DELETE /api/v1/webhook-endpoints/:id
HMAC-signed outbound webhooks
Every event carries an X-RangeWaiver-Signature header your endpoint verifies. BullMQ-delivered with 5 retries (1s · 10s · 1m · 10m · 1h).
waiver.signed waiver.reattested incident.created
QR + send-to-self
Every template gets a stable QR for the lobby poster. Or email / SMS / copy-link the signed URL programmatically via POST /api/v1/signing-links.
Compare
How we stack up.
Honest comparison vs the two waiver tools we see ranges using most. The big differentiator isn't the feature list, it's that every line below was built knowing you'd be signing it next to a loaded firearm.
| Feature | Range Waiver | SmartWaiver | OtterSign |
|---|---|---|---|
| Firearm-native attestations (Four Rules, NICS-style, age gate) | ✓ | — | — |
| Per-visit re-attestation | ✓ | — | — |
| Kiosk PWA with offline submission queue | ✓ | — | — |
| Drag-drop builder + live mobile preview | ✓ | ✓ | ✓ |
| Custom questions + flagged answers | ✓ | ✓ | ✓ |
| Audit packet PDF with cryptographic hash | ✓ | — | — |
| Public Certificate-of-Authenticity verifier | ✓ | — | — |
| Embed widget (one-line script tag) | ✓ | ✓ | — |
| REST API + HMAC webhooks on all paid tiers | ✓ | — | — |
| Spanish signing flow | ✓ | ✓ | ✓ |
| Affiliate slots (USCCA / U.S. LawShield) | ✓ | — | — |
| RSO incident reports from the kiosk | ✓ | — | — |
| TOTP MFA for admin | ✓ | ✓ | ✓ |
| Starting price (USD/mo) | $29 | $15+ | $25+ |
| Per-waiver overage on paid tiers | $0.08–0.10 | tiered | tiered |
Comparison reflects publicly-advertised features at the time of writing. Pricing varies by tier; see each vendor's pricing page for current numbers.
FAQ
Common questions.
Will our insurance carrier accept these audit packets?
Every packet ships with the signer's identity (DL-scan parse, photo, signature image), IP / user-agent / geo, per-block audit events, a cryptographic SHA-256 hash, and a public verification URL. We've designed the packet around what general liability + range-specific umbrella carriers ask for. We're happy to walk through one with your carrier if it helps close a renewal.
Can we switch from SmartWaiver or OtterSign?
Yes. The builder supports importing a competitor's PDF/HTML waiver via our AI conversion tool — paste the file, we extract blocks + custom questions into a draft template you can review before publishing. Historical signed waivers stay where they are; new signings go into Range Waiver.
Does it actually work on a cheap tablet?
Yes — explicitly tested on a $50 Amazon Fire HD 10. PWA install, fullscreen kiosk mode, offline submission queue. We deliberately target low-end Android tablets because most ranges aren't buying iPads for the front desk.
What happens if the WiFi drops mid-signing?
On a kiosk-launched signing, the submission persists to IndexedDB and the sync banner shows a pending count. On reconnect, the queue drains automatically with UUID idempotency keys — so even if a customer signs offline then walks away, you don't lose their waiver and you don't get duplicates.
How is per-visit re-attestation different from a normal waiver?
A waiver collects identity once and lasts a year (or forever). Re-attestation re-asks the visit-specific blocks every time the customer steps onto your range — intoxication, prohibited-person status, range rules. The kiosk check-in flow handles this automatically based on the cadence you set per template.
Can I customize the firearm-block wording?
The "Four Rules of Firearm Safety" and the NICS-style prohibited-person questions are intentionally non-configurable — they match what the firearms-training community universally teaches and what ATF Form 4473 asks. Range rules, age minimums, photo / ID-scan requirements, and the languages enabled are all per-template configurable, plus you can add unlimited custom questions.
Is there a free tier?
Yes — 10 waivers per month, free, no card required. Perfect for small ranges to try it. Starter is $29/mo for 250 included waivers plus $0.10/each overage. Growth ($79) and Pro ($149) add the embed widget, REST API, webhooks, and more.
Multi-location pricing?
Starter is single-location. Growth supports up to 3 locations. Pro is unlimited. Each location gets its own kiosk URL, its own PIN, its own FFL number, and its own signings tab.
Where does the data live?
AWS us-east-1. Postgres 16 with Row Level Security enforced at the database (defense-in-depth — the app role doesn't have BYPASSRLS). S3 with AES-256 server-side encryption for media. Daily automated backups + 7-day point-in-time recovery. TLS end-to-end via Let's Encrypt.
What about international / non-US ranges?
US-only at launch. The driver's-license scanner targets the AAMVA PDF417 standard (US + Canada). Spanish signing is shipped today; other languages are on the roadmap. International ranges, ping us and we'll prioritize based on demand.
Free for the first 10 waivers a month.
No card required. Upgrade only when you outgrow it.