> ## Documentation Index
> Fetch the complete documentation index at: https://docs.antei.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Trust FAQ

> Frequently asked questions around Antei’s security, compliance, and data protection practices.

<Icon icon="circle-question" size={26} color="#4B5563" />

# Trust FAQ

Below are answers to the most common questions our customers ask about Antei’s infrastructure, compliance, and data protection policies.

***

<Expandable title="Does Antei store sensitive financial data like card numbers or payment methods?">
  No. Antei does not store or process sensitive financial information such as card numbers, CVVs, or payment methods. We only ingest scoped, read-only fields necessary for indirect tax computation — such as invoice totals, tax rates, and customer metadata.
</Expandable>

<Expandable title="Where is customer data stored?">
  Antei uses a **region-aware storage model**:

  * **EU customer PII** is stored in data centers located in the EU
  * **IND customer PII** is stored within the IND
  * **USA and Rest of World PII** is stored in USA (Global server)
  * Non-sensitive and operational data is centrally processed in India

  All data is encrypted at rest and scoped per organization to maintain compliance and isolation.
</Expandable>

<Expandable title="How does Antei ensure secure authentication for integrations?">
  Antei uses **OAuth 2.0 Authorization Code Flow** for all supported integrations. Tokens are:

  * Scoped to each organization
  * Stored encrypted (never in local storage)
  * Regularly refreshed and revoked on inactivity or disconnect
</Expandable>

<Expandable title="What happens if an integration sync fails?">
  Sync failures trigger our **retry logic with exponential backoff**. If retries continue to fail:

  * The incident is logged under **Org Settings → Logs**
  * Optionally, a notification is sent to Admins
  * Manual re-sync or override is available through the UI
</Expandable>

<Expandable title="Can I delete my data or request removal of synced records?">
  Yes. Antei fully supports **GDPR and DPDP data erasure workflows**. You can request deletion at:

  * Entity level (e.g., invoices, contacts)
  * Org-wide level (entire workspace)

  Deletion requests are irreversible and logged for audit traceability.
</Expandable>

<Expandable title="Does Antei allow for IP whitelisting or restricted access?">
  Yes — **IP-based access controls** are available for enterprise plans. These can be applied to:

  * Dashboard login access
  * Public APIs
  * Vault document access routes

  Contact [support@antei.com](mailto:support@antei.com) to enable IP restrictions.
</Expandable>

<Expandable title="Is Antei SOC 2 compliant?">
  We are currently **SOC 2 Type I compliant** and undergoing **SOC 2 Type II certification**. Our systems align with SOC 2 principles for:

  * Access control and role-based permissions
  * Session and token management
  * Logging, observability, and incident response

  Audit reports are available to enterprise customers under NDA.
</Expandable>

<Expandable title="Do you sign DPAs or custom agreements?">
  Yes. We offer **Data Processing Agreements (DPAs)** and can support additional contractual clauses (e.g., SCCs, jurisdictional routing) upon request.

  Contact [legal@antei.com](mailto:legal@antei.com) to initiate the process.
</Expandable>

<Expandable title="How does session and token security work in Antei?">
  * Session tokens expire after **10 minutes** of inactivity
  * Vault sessions expire after **5 minutes** and require password re-entry
  * All API tokens are encrypted and validated against **user + org scope**
  * No tokens are ever stored in browser local storage
  * All APIs are **rate-limited** and pass through **multi-layered authorization checks**
</Expandable>

***

## Still Have Questions?

Reach out anytime at [support@antei.com](mailto:support@antei.com) — we’re happy to assist with legal, compliance, or security queries.
