At ANT SYSTEMS, security is not an afterthought — it is woven into every layer of RPMToolbox. From infrastructure to application code to operational practices, we take a defence-in-depth approach to protecting your project data.
Security Measures
Encryption
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Your project data never travels unencrypted.
Authentication
JWT-based access tokens with short expiry, refresh token rotation, and optional TOTP-based Two-Factor Authentication (2FA).
Role-Based Access Control
Granular permissions ensure users only see and modify what they are authorised for. From read-only guests to superuser admins.
Audit Logging
Every significant action is logged — logins, document transitions, approvals, permission changes — creating a complete audit trail.
Rate Limiting
Intelligent rate limits protect against brute force attacks and abuse, with per-endpoint and per-user throttling.
Infrastructure Security
Hosted on Google Cloud Platform with VPC networking, private Cloud SQL instances, and Memorystore Redis behind firewall rules.
Data Retention & Deletion
GDPR-compliant soft deletion, automatic data purging, and user-initiated account deletion with full cascade cleanup.
Dependency Scanning
Regular automated scanning of dependencies for known vulnerabilities. Critical patches are applied within 24 hours.
Security Practices
- No production data in development or test environments
- Principle of least privilege for all service accounts
- Regular penetration testing and security reviews
- Incident response plan with defined escalation paths
- Security training for all engineering team members
- Bug bounty program (coming soon)
Report a Vulnerability
Found a security issue? We appreciate responsible disclosure and will respond promptly.
Contact Security Team