> For the complete documentation index, see [llms.txt](https://docs.ante.org/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.ante.org/security-and-trust.md). # Security & Trust ## Security For any security-related questions, feel free to contact us at . ### Infrastructure security We depend on the following subprocessors, roughly organized from most critical to least. Note that code data is sent up to our servers to power all of Cursor’s AI features (see [AI Requests section](https://www.cursor.com/security#ai)), and that code data for users on privacy mode (legacy) is never persisted (see [Privacy Mode Guarantee](https://www.cursor.com/security#privacy-mode-guarantee) section). Explore how each mode affects how data is sent and stored. * [AWS](https://aws.amazon.com/): Our infrastructure is primarily hosted on AWS, with servers located in the US, and backup servers distributed in Europe and Asia. * [Google Cloud Platform (GCP)](https://cloud.google.com/): Some secondary infrastructure is hosted on Google Cloud Platform (GCP). All of our GCP servers are in the US. * [MongoDB](https://mongodb.com/): We use MongoDB for some of our analytics data, for users who do not have privacy mode enabled. * [Amplitude](https://amplitude.com/): We use Amplitude for some of our analytics data. No code data is stored with Amplitude; only event data such as "number of Antes creation attempts". * [Slack](https://slack.com/): We use Slack as our internal communication tool. We may send snippets of prompts of non-privacy users in our internal chats for debugging. * [Google Workspace](https://workspace.google.com/): We use Google Workspace to collaborate. We may send snippets of prompts of non-privacy users in our internal emails for debugging. * [Linear](https://linear.app/):\ We use Linear to track issues and collaborate. ### Vulnerability disclosures If you believe you have found a vulnerability in Ante, please submit the report to We commit to acknowledging vulnerability reports within 10 business days, and addressing them as soon as we are able to. ## Trust Assumptions #### Ante Ante Vaults is a software interface that enables onchain crypto inheritance and asset recovery without centralized custody. Ante never holds, stores, generates, or has access to a user’s private keys, key shares, or assets at any point. Ante does not have control over any user accounts (wallets or Safes) and has no ability to steal or recover funds from user wallets or Safes. If the Ante app goes down, users can still access and withdraw funds from their vaults via 3rd-party interfaces. We recommend saving the Recovery Kit with instructions for doing so (access from your Vault Details page after creating a vault). #### Privy We use [Privy](https://docs.privy.io/) to generate wallets for people using email or other authentication methods. Privy is an MPC (multi-party computation) wallet where private key material is split between the user’s device and Privy’s infrastructure. 1. If you sign up via email and do not set up a backup, theoretically Privy could steal funds from your vault. This could be achieved by introducing malicious code into the Privy codebase. 1. In order to avoid this users should back up their account or set a passphrase AND they should also export their embedded wallet and keep the PK safe #### Guardians & Recipients 1. Guardians and Recipient could collude to prevent the owner from checking in order to withdraw funds from a vault 1. Recommendation: don't tell your Guardians/Recipient who other Guardians/Recipient are. 2. A malicious or inactive Guardian(s) could delay asset handoff indefinitely by never approving the handoff after the Dead Man's Switch fails. 1. Recommendation: Ask your Guardians to check in periodically so you know they are able to carry out the handoff, and rotate out Guardians if you don't trust them to approve handoff. Assign more than one Guardian so that a single inactive/malicious Guardian can't delay handoff indefinitely (e.g., 2 of 3 or 3 of 5) 3. If a vault has multiple owners, each owner implicitly trusts all the other owners of the vaults 1. Recommendation: only co-own vaults with people you trust to have full control over the vault 4. If you set the wrong address as a Recipient, you could end up handing off assets to the wrong person 1. Recommendation: Verify with your chosen Recipient that they have control of the email or wallet you specify and update if necessary. 5. If you don't set token allowances for the tokens you want to transfer to your Recipient, the tokens won't be handed off 1. The Ante app will let you know if you have tokens allowances missing, but we recommend double checking as well in the Recipient settings. #### Others 1. Email provider — email accounts are only as safe as you keep your email account 1. Recommendation: [Set up two-factor authentication](https://frameworks.securityalliance.org/community-management/google#configure-2fa) (2FA) on your email account, ideally using a hardware security key or authenticator app (avoid and disable SMS 2FA) 2. External interfaces — e.g. if you use the Safe{Wallet} interface or Etherscan to interact with Ante Vaults, you trust the source of the interface being loaded 1. Recommendation coming soon. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.ante.org/security-and-trust.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.