Data Classification & Storage
Understand how Antei classifies and stores data across its systems to ensure security, auditability, and compliance.
Data Classification & Storage
Antei classifies all incoming data across integrations, uploads, and APIs into structured categories. This enables consistent handling, secure storage, and proper routing across internal services.
Data Classification Model
Each field in the platform is tagged with metadata to guide its treatment across ingestion, mapping, validation, and downstream usage.
| Classification | Description |
|---|---|
| Core Identifier | Fields required to uniquely identify entities (e.g. contact_id, txn_id) |
| Jurisdictional | Fields that impact region-specific logic (e.g. country, state, tax_id) |
| Financial | Monetary fields like amount, tax, currency, exchange_rate |
| Derived | Computed or post-processed fields (e.g. reverse_charge_applied) |
| Sensitive | Personally identifiable or regulatory-sensitive (e.g. email, ip_address) |
| Audit Metadata | Sync metadata such as source, sync_time, extracted_id, mapping_tag |
Each record (invoice, transaction, product, contact) is processed using these classifications.
Storage Architecture
Antei uses a layered storage model based on data sensitivity and processing stage:
| Layer | Description |
|---|---|
| Ingestion Layer | Temporary staging of raw integration payloads (used during transformation) |
| Validation Layer | Intermediate storage for normalized and enriched records |
| Primary Database | System-of-record for validated data, powered by Xano |
| Document Store | File storage (e.g. invoices, registrations) managed via Cloudflare R2 |
| Logs & Metadata | Process logs and metadata maintained through Railway and Render |
📌 Sensitive documents (e.g. tax notices) are never stored in plaintext. Access is scoped and logged.
Regional Data Residency
PII and jurisdictional data is stored based on the customer’s region:
| Client Region | Data Residency Location | Scope of Application |
|---|---|---|
| EU Customers | EU servers | All sensitive fields + Vault + logs |
| India Customers | IND servers | PII, transaction metadata, file uploads |
| Other Clients | US (Global server) | Default server unless region-specific setup exists |
- PII is regionally hosted; generalized data (e.g. classification metadata) may reside in USA
- All traffic is encrypted and scoped with access controls
- Region assignment is configurable at org level
Encryption & Access Control
| Layer | Protection Applied |
|---|---|
| At Rest | AES-256 / Cloud provider encryption (PostgreSQL, R2) |
| In Transit | HTTPS (TLS 1.2+) with forced SSL enforcement |
| Access Control | Token-based access, scoped per user and org, with audit logs |
| Field-level | Sensitive fields excluded from logs and stored encrypted if required |
Field Metadata Example
Every mapped field carries classification and sync metadata. For example:
Retention Defaults
| Data Type | Retention Period | Notes |
|---|---|---|
| Core Transaction Data | Persistent | Stored indefinitely for audit and compliance |
| Validation Logs | 90 days | Auto-deleted unless marked as critical |
| Uploaded Files | 12 months | Cleaned periodically unless retained manually |
| Audit Logs | 180 days | Visible under Org Settings → Audit Trail |
Retention can be customized for enterprise clients upon request.
Next Steps
Questions?
Need help with data classification and storage?
Email support@antei.com