> ## Documentation Index
> Fetch the complete documentation index at: https://docs.antei.com/llms.txt
> Use this file to discover all available pages before exploring further.

# GDPR & DPDP Compliance

> How Antei supports core requirements under GDPR (EU) and DPDP (India) for lawful, transparent, and accountable data processing.

<Icon icon="scale-balanced" size={26} color="#4B5563" />

# GDPR & DPDP Compliance

Antei enables customers to meet their obligations under major global data protection laws, including:

* **GDPR** (General Data Protection Regulation – European Union)
* **DPDP** (Digital Personal Data Protection Act – India)

We do this by adhering to privacy-by-design principles, region-specific storage, access minimization, and complete auditability across the platform.

***

## Legal Basis for Processing

Antei processes customer data based on:

* **Contractual necessity** — to provide the agreed functionality and services
* **Legitimate interest** — for performance monitoring, security operations, and system health
* **User consent** — for integrations requiring explicit authorization (e.g., Gmail, Stripe)

***

## Rights We Support

| Right                            | Description                                          |
| :------------------------------- | :--------------------------------------------------- |
| **Right to Access**              | Request a summary of data stored or synced via Antei |
| **Right to Rectification**       | Correct inaccurate or outdated synced/mapped records |
| **Right to Erasure**             | Remove data on request, per org or entity scope      |
| **Right to Restrict Processing** | Temporarily pause background jobs or integrations    |
| **Right to Portability**         | Export structured data (e.g., JSON, CSV, PDF)        |
| **Right to Withdraw Consent**    | Disconnect integrations and revoke scopes anytime    |

These rights can be exercised by reaching out to the Antei customer (data controller) or through the platform's Org Settings where applicable.

***

## Regional Storage & Transfers

Antei ensures that **PII and jurisdiction-sensitive data** is stored regionally by design:

| Client Region     | Data Residency Location | Notes                                                  |
| :---------------- | :---------------------- | :----------------------------------------------------- |
| **EU Customers**  | EU servers              | GDPR-compliant, full data isolation in EU              |
| **IND Customers** | IND servers             | Hosted within India, separate from other jurisdictions |
| **US & RoW**      | US (Global Server)      | Default server location for all other regions          |

* Non-PII operational data may be stored in global systems (USA)
* No cross-region transfers unless explicitly authorized by the customer
* Data is encrypted at rest and in transit
* Subprocessor activity is scoped to regional guarantees and contracts

***

## Data Processing Agreement (DPA)

A formal DPA is available for enterprise customers, covering:

* Processor vs Controller obligations
* Subprocessor scopes and commitments
* Retention, deletion, and data request protocols
* Breach handling and communication SLAs

To request a signed copy, email [legal@antei.com](mailto:legal@antei.com).

***

## Responding to Data Subject Requests

If you are a **data subject** whose information was synced into Antei:

1. Please contact the Antei **customer (data controller)** first.
2. If necessary, Antei will assist in fulfilling the request in accordance with our DPA and internal workflows.

***

## Infrastructure Partners

Antei uses secure infrastructure platforms with regional storage capabilities:

* **Cloudflare R2** for asset and document storage
* **Railway** and **Render** for service orchestration and microservices
* All providers meet **SOC 2** or equivalent compliance standards

***

## Next Steps

* [→ Privacy Principles](/trust-center/Privacy%20and%20Compliance/privacy-principles)
* [→ Data Retention & Deletion](/trust-center/Privacy%20and%20Compliance/data-retention-deletion)
* [→ Explore Security Practices](/trust-center/Security/data-security)
