GDPR & DPDP Compliance

Antei enables customers to meet their obligations under major global data protection laws, including:

  • GDPR (General Data Protection Regulation – European Union)
  • DPDP (Digital Personal Data Protection Act – India)

We do this by adhering to privacy-by-design principles, region-specific storage, access minimization, and complete auditability across the platform.


Antei processes customer data based on:

  • Contractual necessity — to provide the agreed functionality and services
  • Legitimate interest — for performance monitoring, security operations, and system health
  • User consent — for integrations requiring explicit authorization (e.g., Gmail, Stripe)

Rights We Support

RightDescription
Right to AccessRequest a summary of data stored or synced via Antei
Right to RectificationCorrect inaccurate or outdated synced/mapped records
Right to ErasureRemove data on request, per org or entity scope
Right to Restrict ProcessingTemporarily pause background jobs or integrations
Right to PortabilityExport structured data (e.g., JSON, CSV, PDF)
Right to Withdraw ConsentDisconnect integrations and revoke scopes anytime

These rights can be exercised by reaching out to the Antei customer (data controller) or through the platform’s Org Settings where applicable.


Regional Storage & Transfers

Antei ensures that PII and jurisdiction-sensitive data is stored regionally by design:

Client RegionData Residency LocationNotes
EU CustomersEU serversGDPR-compliant, full data isolation in EU
IND CustomersIND serversHosted within India, separate from other jurisdictions
US & RoWUS (Global Server)Default server location for all other regions
  • Non-PII operational data may be stored in global systems (USA)
  • No cross-region transfers unless explicitly authorized by the customer
  • Data is encrypted at rest and in transit
  • Subprocessor activity is scoped to regional guarantees and contracts

Data Processing Agreement (DPA)

A formal DPA is available for enterprise customers, covering:

  • Processor vs Controller obligations
  • Subprocessor scopes and commitments
  • Retention, deletion, and data request protocols
  • Breach handling and communication SLAs

To request a signed copy, email legal@antei.com.


Responding to Data Subject Requests

If you are a data subject whose information was synced into Antei:

  1. Please contact the Antei customer (data controller) first.
  2. If necessary, Antei will assist in fulfilling the request in accordance with our DPA and internal workflows.

Infrastructure Partners

Antei uses secure infrastructure platforms with regional storage capabilities:

  • Cloudflare R2 for asset and document storage
  • Railway and Render for service orchestration and microservices
  • All providers meet SOC 2 or equivalent compliance standards

Next Steps