Security
Data Security
Learn how Antei secures your data at rest and in transit, with strict access controls and encryption standards.
Data Security
Antei handles sensitive financial and compliance data for global tax operations. We apply security measures that ensure data is protected during transit, at rest, and during processing — without overextending access or exposing credentials.Encryption
- In Transit: All data is transmitted securely over HTTPS (TLS 1.2 or higher)
- At Rest: Sensitive data is stored in encrypted databases or object storage (e.g., Cloudflare R2, Xano storage)
- API Tokens: All OAuth and session tokens are encrypted and stored securely — never exposed in plaintext or passed via query strings
Scoped Access
- OAuth 2.0: All third-party integrations (e.g., Stripe, QuickBooks, Gmail) use scoped OAuth flows
- Role-Based Permissions: Retool and Xano enforce workspace- and org-level role control
- No Credential Storage: We do not store usernames or passwords for external systems — only scoped tokens where needed
Data Isolation
- Org-Level Segregation: Each customer’s data is scoped and stored per organization
- Token Scoping: Each integration is bound to a specific org and permission level
- Xano Authorization Middleware: Ensures only valid sessions with scoped org-level tokens can access resources
Storage Providers
- Cloudflare R2 is used for secure, encrypted document and logo storage
- Xano handles core transactional and configuration data in an encrypted database environment
- Neither Xano nor Cloudflare R2 allows public or unauthenticated access
Logging & Activity Trails
- Key syncs, data fetches, webhook events, and background jobs are logged with org ID, timestamp, and relevant context
- Logs are available internally and used for audit investigations or debug workflows
- Session expiry and revocation are enforced via background clean-up workers
What We Don’t Do (Yet)
- No full intrusion detection system (IDS)
- No third-party bug bounty program
- No manual pen tests (yet)