Security at Anker.
Funds and founders use Anker to hold sensitive material — pitch decks, LP letters, cap tables, capital calls. Here's how we protect it.
Six controls that matter most.
Encryption everywhere
TLS 1.3 in transit. AES-256 at rest. Database connections encrypted end-to-end via Neon's HTTP serverless driver. Backups encrypted with separate keys.
Least-privilege access
Production credentials are scoped per-service. Engineering team access is reviewed quarterly. No shared accounts. All admin operations are audit-logged.
Audit logging
Every admin action, login attempt, API key change, and bulk export is recorded with a timestamp + actor + IP. Logs retained 18 months.
Data isolation
Multi-tenant by row-level scoping. LP portal queries are double-checked against the LP's email-derived memberships on every request — no client-side trust.
Backups & retention
Continuous WAL backups via Neon, with point-in-time recovery up to 7 days. Weekly snapshots retained 90 days. Account-level export available on request.
Secrets management
API keys (AI providers, news sources, Resend) live in encrypted environment variables. Per-tenant overrides stored in system_settings — never in source.
Find a vulnerability?
Email security@an-ker.de with a description and steps to reproduce. We acknowledge within 48 hours and aim to resolve material issues within 30 days. We won't pursue legal action against researchers acting in good faith.
- · Do not exfiltrate data — a single proof-of-access is enough
- · Do not access other users' accounts without explicit permission
- · Do not perform DoS or social engineering
- · Give us a reasonable window to fix before public disclosure
If a breach happens.
We follow a written incident-response playbook: contain, investigate, notify within 72 hours where personal data is involved, remediate, and publish a post-mortem. Affected customers receive a direct email with the scope, timeline, and remediation steps.
Questions?
Security reviews, SOC 2 questionnaires, custom DPAs — email security@an-ker.de.