Privacy & Compliance
GDPR & DPDP Compliance
How Antei supports core requirements under GDPR (EU) and DPDP (India) for lawful, transparent, and accountable data processing.
GDPR & DPDP Compliance
Antei enables customers to meet their obligations under major global data protection laws, including:- GDPR (General Data Protection Regulation – European Union)
- DPDP (Digital Personal Data Protection Act – India)
Legal Basis for Processing
Antei processes customer data based on:- Contractual necessity — to provide the agreed functionality and services
- Legitimate interest — for performance monitoring, security operations, and system health
- User consent — for integrations requiring explicit authorization (e.g., Gmail, Stripe)
Rights We Support
| Right | Description |
|---|---|
| Right to Access | Request a summary of data stored or synced via Antei |
| Right to Rectification | Correct inaccurate or outdated synced/mapped records |
| Right to Erasure | Remove data on request, per org or entity scope |
| Right to Restrict Processing | Temporarily pause background jobs or integrations |
| Right to Portability | Export structured data (e.g., JSON, CSV, PDF) |
| Right to Withdraw Consent | Disconnect integrations and revoke scopes anytime |
Regional Storage & Transfers
Antei ensures that PII and jurisdiction-sensitive data is stored regionally by design:| Client Region | Data Residency Location | Notes |
|---|---|---|
| EU Customers | EU servers | GDPR-compliant, full data isolation in EU |
| IND Customers | IND servers | Hosted within India, separate from other jurisdictions |
| US & RoW | US (Global Server) | Default server location for all other regions |
- Non-PII operational data may be stored in global systems (USA)
- No cross-region transfers unless explicitly authorized by the customer
- Data is encrypted at rest and in transit
- Subprocessor activity is scoped to regional guarantees and contracts
Data Processing Agreement (DPA)
A formal DPA is available for enterprise customers, covering:- Processor vs Controller obligations
- Subprocessor scopes and commitments
- Retention, deletion, and data request protocols
- Breach handling and communication SLAs
Responding to Data Subject Requests
If you are a data subject whose information was synced into Antei:- Please contact the Antei customer (data controller) first.
- If necessary, Antei will assist in fulfilling the request in accordance with our DPA and internal workflows.
Infrastructure Partners
Antei uses secure infrastructure platforms with regional storage capabilities:- Cloudflare R2 for asset and document storage
- Railway and Render for service orchestration and microservices
- All providers meet SOC 2 or equivalent compliance standards