Military-Grade Security

Your privacy and security are our top priority. We implement industry best practices to protect your data.

🔒 AES-256🛡️ GDPR⚖️ HIPAA✅ SOC 2🔐 ISO 27001

Our Commitment to Security

At Anto, we understand that mental health data is extremely sensitive. That is why we built our platform from the ground up with security as a fundamental priority. Every byte of information is protected with multiple layers of security.

Certifications and Compliance

🇪🇺

GDPR Compliant

Full compliance with the EU General Data Protection Regulation. Your rights are fully protected.

Learn more about GDPR →
🇺🇸

HIPAA Compliant

Compliance with the U.S. Health Insurance Portability and Accountability Act for protected health data.

Learn more about HIPAA →

SOC 2 Type II

Independent audit verifying our security, availability, processing, confidentiality, and privacy controls.

Certification in progress
🔐

ISO 27001

International standard for information security management systems. We implement all required controls.

Certification in progress

Implemented Security Measures

🔐

End-to-End Encryption

All conversations are encrypted with AES-256, the same standard used by banks and governments. Encryption keys are unique per user and stored securely.

  • AES-256 for data at rest
  • TLS 1.3 for data in transit
  • Unique encryption keys per user
  • Automatic key rotation
🛡️

Multi-Factor Authentication

Robust authentication system with multiple security layers to protect your account.

  • Two-factor authentication (2FA)
  • Secure JWT tokens with expiration
  • Suspicious access detection
  • Security notifications
🔍

Monitoring and Detection

Continuous 24/7 monitoring to detect and prevent security threats.

  • Real-time monitoring
  • Intrusion detection (IDS)
  • Anomalous behavior analysis
  • Automatic alerts
🚫

Attack Protection

Multiple layers of protection against various types of cyberattacks.

  • Rate limiting and DDoS protection
  • Web application firewall (WAF)
  • SQL injection protection
  • Input sanitization
💾

Backups and Recovery

Your data is securely backed up with geographic redundancy.

  • Daily automatic backups
  • Storage in multiple locations
  • Regular recovery testing
  • RTO (Recovery Time Objective) < 4 hours
👥

Access Control

Principle of least privilege: only authorized personnel can access specific data.

  • Role-based access control (RBAC)
  • Access auditing
  • Environment separation (dev/staging/prod)
  • Dual authentication for employees

Transparency and Reports

We believe in full transparency about our security practices

📊 Security Reports

We publish quarterly reports on our security status, incidents (if any), and improvements implemented.

View Latest Report

🔒 Responsible Disclosure Policy

If you find a security vulnerability, we encourage you to report it responsibly. We have a rewards program.

Report Vulnerability

✅ External Audits

We conduct regular security audits with independent firms to ensure our controls are effective.

Last audit: Q4 2025

Frequently Asked Security Questions

Your data is stored on secure servers in enterprise-grade data centers with SOC 2 and ISO 27001 certifications. We use industry-leading cloud providers that guarantee redundancy, automatic backups, and physical server protection.

Only you can access your conversations. Not even our administrators can read the content of your messages due to end-to-end encryption. The AI system processes your messages securely without humans being able to view them.

In the unlikely event of a security breach, we will notify you immediately (within 72 hours per GDPR) and take all necessary measures to mitigate the impact. We have a documented incident response plan that is tested regularly.

You can review our public security reports, certifications, and policies. We also offer security reports under NDA for enterprise clients. If you have specific questions, contact our lead developer at marcelo.ull@antoapps.com.