Data Retention & Deletion
How Antei retains, cleans, and deletes data across your organization in accordance with compliance and audit best practices.
Data Retention & Deletion
Antei applies structured retention and deletion policies across all core data entities to balance audit-readiness with privacy requirements.
Retention Principles
- Persistent by default for tax records: Transactional, invoice, and compliance data is retained indefinitely unless deletion is requested.
- Time-bound for operational data: Logs, background jobs, and temp files follow scheduled clean-up policies.
- User override for enterprise orgs: Enterprise customers can configure custom retention periods on request.
Default Retention Policies
Data Type | Retention Period | Notes |
---|---|---|
Core Transaction Data | Persistent | Stored indefinitely for audit and compliance |
Validation Logs | 90 days | Auto-deleted unless marked as critical |
Uploaded Files | 12 months | Cleaned periodically unless retained manually |
Audit Logs | 180 days | Visible under Org Settings → Audit Trail |
🔒 Files and logs are encrypted in storage and deleted using secure wipe methods upon expiry.
Deletion Options
Antei supports two types of deletion flows:
-
Soft Deletion (Default):
- Records are marked as deleted and hidden from UI
- Retained in backend for traceability and rollback
-
Hard Deletion (On Request):
- Irreversible purge of all associated metadata, logs, and references
- Requires owner-level approval or programmatic flag
⚠️ Deletion of tax-related records may impact audit traceability. Use with caution.
File Expiry
Uploaded files (e.g. CSV imports, document attachments) follow these rules:
- Retained for 12 months by default
- Auto-deleted unless marked for retention
- You can manually delete any file from your Vault or Uploads view
Data Subject Requests
If you are an end user of a customer using Antei and wish to request deletion of your data under GDPR or DPDP, please contact the controller directly.
Antei will assist the controller in fulfilling the request promptly under our Data Processing Agreement (DPA).