Privacy Principles
Antei’s commitment to privacy, including how we handle data collection, access, and usage in compliance with global standards.
Privacy Principles
At Antei, privacy is not just a compliance requirement — it is a foundational principle that guides how we design, build, and operate our platform. This page outlines our approach to data privacy and protection.
1. Data Minimization
We only collect data necessary to deliver the functionality you’ve explicitly enabled — nothing more. For every integration or module, the scope of access is limited to the minimal set of fields required for indirect tax operations.
✅ Example: We fetch invoice and transaction data but never access full payment methods or card details.
2. Purpose Limitation
All collected data is used only for the specific purpose it was obtained for. If you’re syncing invoice data from Stripe, it is used strictly for tax computation, reconciliation, and compliance tracking.
3. User Control
You have complete control over:
- Which integrations are connected
- What data is synced
- How often data is updated
- When to disable or disconnect an integration
🔐 You can disconnect or pause syncs at any time from your Org Settings → Integrations panel.
4. Data Isolation
Your data is fully isolated at the organization level. No data is ever shared across tenants. All internal operations, background tasks, and validations are scoped to your org’s unique ID.
5. Secure Processing by Default
- All syncs run over HTTPS
- Tokens and secrets are encrypted
- Access control is enforced across all internal systems
- Background jobs are sandboxed and scoped to read-only processing unless explicitly configured
6. Region-Aware Storage
Where possible, Antei stores data in infrastructure close to the region of origin. This is designed to support regulatory frameworks like GDPR and DPDP.
🌍 We use cloud providers with global region support (e.g. Cloudflare, Railway, Render) and can configure region-specific storage for enterprise clients.
7. Logging and Transparency
Every integration event, sync job, and background validation is logged and traceable in the audit trail.
You can access this under Org Settings → Audit Logs for full transparency and governance.