GDPR & DPDP Compliance
How Antei supports core requirements under GDPR (EU) and DPDP (India) for lawful, transparent, and accountable data processing.
GDPR & DPDP Compliance
Antei enables customers to meet their obligations under major global data protection laws, including:
- GDPR (General Data Protection Regulation – European Union)
- DPDP (Digital Personal Data Protection Act – India)
We do this by adhering to privacy-by-design principles, region-specific storage, access minimization, and complete auditability across the platform.
Legal Basis for Processing
Antei processes customer data based on:
- Contractual necessity — to provide the agreed functionality and services
- Legitimate interest — for performance monitoring, security operations, and system health
- User consent — for integrations requiring explicit authorization (e.g., Gmail, Stripe)
Rights We Support
| Right | Description |
|---|---|
| Right to Access | Request a summary of data stored or synced via Antei |
| Right to Rectification | Correct inaccurate or outdated synced/mapped records |
| Right to Erasure | Remove data on request, per org or entity scope |
| Right to Restrict Processing | Temporarily pause background jobs or integrations |
| Right to Portability | Export structured data (e.g., JSON, CSV, PDF) |
| Right to Withdraw Consent | Disconnect integrations and revoke scopes anytime |
These rights can be exercised by reaching out to the Antei customer (data controller) or through the platform’s Org Settings where applicable.
Regional Storage & Transfers
Antei ensures that PII and jurisdiction-sensitive data is stored regionally by design:
| Client Region | Data Residency Location | Notes |
|---|---|---|
| EU Customers | EU servers | GDPR-compliant, full data isolation in EU |
| IND Customers | IND servers | Hosted within India, separate from other jurisdictions |
| US & RoW | US (Global Server) | Default server location for all other regions |
- Non-PII operational data may be stored in global systems (USA)
- No cross-region transfers unless explicitly authorized by the customer
- Data is encrypted at rest and in transit
- Subprocessor activity is scoped to regional guarantees and contracts
Data Processing Agreement (DPA)
A formal DPA is available for enterprise customers, covering:
- Processor vs Controller obligations
- Subprocessor scopes and commitments
- Retention, deletion, and data request protocols
- Breach handling and communication SLAs
To request a signed copy, email legal@antei.com.
Responding to Data Subject Requests
If you are a data subject whose information was synced into Antei:
- Please contact the Antei customer (data controller) first.
- If necessary, Antei will assist in fulfilling the request in accordance with our DPA and internal workflows.
Infrastructure Partners
Antei uses secure infrastructure platforms with regional storage capabilities:
- Cloudflare R2 for asset and document storage
- Railway and Render for service orchestration and microservices
- All providers meet SOC 2 or equivalent compliance standards