Privacy Principles
Antei’s commitment to privacy, including how we handle data collection, access, and usage in compliance with global standards.
Privacy Principles
At Antei, privacy is not just a compliance requirement — it is a foundational principle that guides how we design, build, and operate our platform. This page outlines our approach to data privacy and protection.
1. Data Minimization
We only collect data necessary to deliver the functionality you’ve explicitly enabled — nothing more. For every integration or module, the scope of access is limited to the minimal set of fields required for indirect tax operations.
✅ Example: We fetch invoice and transaction data but never access full payment methods or card details.
2. Purpose Limitation
All collected data is used only for the specific purpose it was obtained for. If you’re syncing invoice data from Stripe, it is used strictly for tax computation, reconciliation, and compliance tracking.
3. User Control
You have complete control over:
- Which integrations are connected
- What data is synced
- How often data is updated
- When to disable or disconnect an integration
🔐 You can disconnect or pause syncs at any time from your Org Settings → Integrations panel.
4. Data Isolation
Your data is fully isolated at the organization level. No data is ever shared across tenants. All internal operations, background tasks, and validations are scoped to your org’s unique ID.
5. Secure Processing by Default
- All syncs run over HTTPS
- Tokens and secrets are encrypted
- Access control is enforced across all internal systems
- Background jobs are sandboxed and scoped to read-only processing unless explicitly configured
6. Region-Aware Storage
Antei stores PII and sensitive data based on your organization’s regional jurisdiction:
| Region | Storage Location | Notes |
|---|---|---|
| EU | EU Data Center | Fully isolated and stored within the EU |
| IND | IND Data Center | Stored within India-based infrastructure |
| USA & RoW | USA (Global) | United States-hosted by default for all other clients |
- Non-sensitive operational data (e.g., audit logs, validation results) is stored in our USA-hosted global systems
- This structure supports GDPR, DPDP, and similar jurisdictional requirements
🛰️ Infrastructure providers like Cloudflare, Railway, and Render are selected for their support of regional residency and encryption guarantees.
7. Logging and Transparency
Every integration event, sync job, and background validation is logged and traceable in the audit trail.
You can access this under Org Settings → Audit Logs for full transparency and governance.