Privacy Principles

At Antei, privacy is not just a compliance requirement — it is a foundational principle that guides how we design, build, and operate our platform. This page outlines our approach to data privacy and protection.


1. Data Minimization

We only collect data necessary to deliver the functionality you’ve explicitly enabled — nothing more. For every integration or module, the scope of access is limited to the minimal set of fields required for indirect tax operations.

✅ Example: We fetch invoice and transaction data but never access full payment methods or card details.


2. Purpose Limitation

All collected data is used only for the specific purpose it was obtained for. If you’re syncing invoice data from Stripe, it is used strictly for tax computation, reconciliation, and compliance tracking.


3. User Control

You have complete control over:

  • Which integrations are connected
  • What data is synced
  • How often data is updated
  • When to disable or disconnect an integration

🔐 You can disconnect or pause syncs at any time from your Org Settings → Integrations panel.


4. Data Isolation

Your data is fully isolated at the organization level. No data is ever shared across tenants. All internal operations, background tasks, and validations are scoped to your org’s unique ID.


5. Secure Processing by Default

  • All syncs run over HTTPS
  • Tokens and secrets are encrypted
  • Access control is enforced across all internal systems
  • Background jobs are sandboxed and scoped to read-only processing unless explicitly configured

6. Region-Aware Storage

Antei stores PII and sensitive data based on your organization’s regional jurisdiction:

RegionStorage LocationNotes
EUEU Data CenterFully isolated and stored within the EU
INDIND Data CenterStored within India-based infrastructure
USA & RoWUSA (Global)United States-hosted by default for all other clients
  • Non-sensitive operational data (e.g., audit logs, validation results) is stored in our USA-hosted global systems
  • This structure supports GDPR, DPDP, and similar jurisdictional requirements

🛰️ Infrastructure providers like Cloudflare, Railway, and Render are selected for their support of regional residency and encryption guarantees.


7. Logging and Transparency

Every integration event, sync job, and background validation is logged and traceable in the audit trail.

You can access this under Org Settings → Audit Logs for full transparency and governance.


Next Steps