Owner: Multibook, Inc. · Version 1.0 · Reviewed annually.
This overview summarises ANTE ERP (cloud)‘s security posture across the areas customers and security teams most often review. The detailed policies behind it are linked from the security documentation index. Infrastructure / network diagrams and our providers’ compliance certifications are available to customers and prospects on request.
Hosting & architecture
ANTE ERP (cloud) is a single-tenant SaaS — each installation serves one organisation. It runs on DigitalOcean (Singapore, SGP1) across a small fleet of servers in one private VPC, with Cloudflare at the edge and Vercel serving the static marketing/front-end CDN. Customer data and backups stay in a single country (Singapore).
Network & access management
- A host firewall (default-deny inbound) runs on every server. Public web traffic is locked to Cloudflare’s IP ranges — users reach the service only through the Cloudflare edge over HTTPS; origin IPs are hidden and direct-to-origin access is blocked.
- Databases are bound to localhost and are not reachable from the network or internet — only the co-located application connects.
- Administrative access is SSH key-only over a private (Tailscale) network; public SSH is closed. Inter-service traffic is restricted to specific private-VPC addresses.
Encryption
- In transit: all access is HTTPS only, TLS 1.2/1.3 (older TLS rejected at both the edge and the origin).
- At rest: database volumes are encrypted at rest (LUKS/AES-256) at the storage layer; passwords are bcrypt-hashed; API credentials and OAuth tokens are AES-256 field-encrypted; backups are encrypted at rest in object storage.
Authentication & access control
- One account per user (enforced unique), role-based access control (per-scope), and bcrypt password hashing.
- Account lockout (temporary lock after repeated failed logins) and new-device sign-in notification + email one-time-code step-up protect against credential abuse; each user’s last sign-in is shown on their profile.
- Sensitive administrative operations require an additional one-time-code confirmation, and all admin actions are recorded in an append-only audit log. Privileged server access is limited to named engineers. See the Privileged Access Policy.
Web application firewall & DDoS
- Cloudflare WAF (Pro) protects all public endpoints: managed rulesets, exposed-credential checks, rate-limiting on authentication endpoints, custom exploit-path blocking, and automatic L7 DDoS mitigation. Security events are logged at the edge, and the team is notified of detected attacks.
Vulnerability management
- Three continuous, CI-blocking automated layers: dependency scanning (CVE alerts + automated fix PRs), static analysis (SAST), and container / IaC scanning. New vulnerabilities block the pull request; all container images run as a non-root user.
- We welcome customers running their own standard vulnerability scan against the service and will remediate findings.
Backups & disaster recovery
- Daily automated backups of all production databases to encrypted, offsite object storage, with a 30-day / 30-generation rotation (TLS in transit, server-side encryption at rest). Restores are scripted and test-restores are performed. Worst-case data loss is bounded to ~24 hours.
Logging & audit
- A dedicated append-only audit database retained 24 months captures logins (with IP / user-agent) and all user and admin actions, providable on request. Web access logs are retained ~12 months. See the Log Retention Policy.
Data handling, retention & deletion
- Customer data belongs to the customer; Multibook does not access it without the customer’s request or prior approval, and all access is auditable (Customer Data Access Policy).
- On termination, customer data is deleted within 30 days of request and ages out of backups within a further 30 days (Data Deletion & Offboarding Runbook).
Subprocessors & infrastructure certifications
- Core subprocessors: DigitalOcean (hosting), Cloudflare (edge / WAF / CDN), Vercel (front-end CDN).
- Infrastructure providers are independently certified — DigitalOcean: SOC 2 Type II, ISO/IEC 27001; Cloudflare: ISO 27001, SOC 2 — see digitalocean.com/trust and cloudflare.com/trust-hub. Multibook operates ANTE following ISO 27001-aligned controls.
Availability & support
- Availability target 99.5%, with independent 24/7 uptime monitoring. Support and recovery terms are in the SLA.
Reporting a vulnerability
Found a security issue? Please disclose it privately first — see the Security & Trust Center for our contact and response commitment.