Skip to content
ANTE

Security

Customer Data Access Policy

Last updated: 2026-06-22

← All security documents

Owner: Multibook, Inc. · Version 1.0 · Reviewed annually.

Commitment

Multibook does not access a customer’s data without that customer’s request or prior approval. Customer data entered into ANTE ERP belongs to the customer; Multibook acts only as the operator of the platform.

When Multibook personnel may access customer data

Access is limited to legitimate operational needs and only with an auditable basis:

  1. At the customer’s request — e.g. a support ticket asking us to investigate or correct something.
  2. With the customer’s prior approval — e.g. a maintenance or migration activity agreed in advance (email/ticket trail).
  3. Where strictly required to keep the service running or secure — e.g. responding to an incident — in which case the access is logged and the customer is informed.

In all cases access is the minimum necessary to perform the task.

Who can access

Production access is limited to named Multibook engineers (see the Privileged Access Policy), authenticated by key/identity, never by shared credentials. No subcontractors operate the service — development and operations are fully in-house.

How access is controlled and recorded

  • Servers/databases are reached only over the private Tailscale admin network (public SSH closed); databases are bound to localhost and are not internet-reachable.
  • In-application data operations by administrators are captured in the append-only audit service (24-month retention), attributable per account.
  • Credentials and tokens are encrypted at rest; OAuth tokens and API keys are AES-256 field-encrypted in the application.

Configuration changes affecting the customer

After go-live, configuration changes that affect the customer’s environment are made only after the customer’s approval (email/ticket).

Customer rights

On request, the customer may receive a summary of administrative access to their data drawn from the audit trail.