Data Security
Antei handles sensitive financial and compliance data for global tax operations. We apply security measures that ensure data is protected during transit, at rest, and during processing — without overextending access or exposing credentials.Encryption
- In Transit: All data is transmitted securely over HTTPS (TLS 1.2 or higher)
- At Rest: Sensitive data is stored in encrypted databases or object storage (e.g., Cloudflare R2, Xano storage)
- API Tokens: All OAuth and session tokens are encrypted and stored securely — never exposed in plaintext or passed via query strings
Scoped Access
- OAuth 2.0: All third-party integrations (e.g., Stripe, QuickBooks, Gmail) use scoped OAuth flows
- Role-Based Permissions: Retool and Xano enforce workspace- and org-level role control
- No Credential Storage: We do not store usernames or passwords for external systems — only scoped tokens where needed
Data Isolation
- Org-Level Segregation: Each customer’s data is scoped and stored per organization
- Token Scoping: Each integration is bound to a specific org and permission level
- Xano Authorization Middleware: Ensures only valid sessions with scoped org-level tokens can access resources
Storage Providers
- Cloudflare R2 is used for secure, encrypted document and logo storage
- Xano handles core transactional and configuration data in an encrypted database environment
- Neither Xano nor Cloudflare R2 allows public or unauthenticated access
Logging & Activity Trails
- Key syncs, data fetches, webhook events, and background jobs are logged with org ID, timestamp, and relevant context
- Logs are available internally and used for audit investigations or debug workflows
- Session expiry and revocation are enforced via background clean-up workers
What We Don’t Do (Yet)
- No full intrusion detection system (IDS)
- No third-party bug bounty program
- No manual pen tests (yet)