For Compliance Officers and Data Protection Officers
Internal GDPR tools your team actually uses — built in days, not quarters
DSAR workflows, consent ledgers, and data-inventory dashboards built on EU-hosted infrastructure with a tamper-evident audit log. No more ticketing the engineering backlog.
FileCheck
DSAR self-serve
Configure a branded data-subject-request portal in your instance. Access, portability, and erasure requests are verified by email token and fulfilled by a background job — every step hash-chained.
Lock
Tamper-evident audit log
Hash-chained, exportable, Sigstore-witnessed. Every action that modifies data produces an immutable audit record. The log is exportable as CSV/JSON from the control panel — no support ticket required.
FileText
DPA-ready by default
alleex processes data as a GDPR data processor. The DPA is ready to sign at /dpa — covering the Neon EU region, Cloudflare EU Workers, and all subprocessors.
What you can build
Common starting points
DSAR portal
A branded portal where data subjects submit access, portability, and erasure requests. Verified by email token, tracked to the 30-day deadline, every step logged.
compliance-eu module
Internal data inventory tool
A structured register of your personal data flows — what you collect, where it is stored, who processes it, and under what legal basis. Editable by your DPO team without an engineering ticket.
compliance-eu module + audit-log module
Consent audit dashboard
A dashboard showing consent records — what was consented to, when, at which version of the privacy policy, and whether re-consent is required. Each record is an Ed25519-signed receipt.
compliance-eu module
Processor agreement tracker
An internal tool for tracking data processor agreements across your vendor list — status, review dates, subprocessor notifications, and DPA version history.
compliance-eu module + audit-log module
Customer stories
Real customer stories — none yet.
We are in private beta. The first case studies will feature named customers who share real results. We do not publish testimonials we have not earned.
Become a design partner →FAQ
Common questions
Can I get an audit log export for regulators?
Yes. The audit log is exportable as CSV or JSON from the control panel at any time — no support ticket required. Each row includes the action, the user, the timestamp, the hash, and the previous hash. Chain heads are witnessed in Sigstore Rekor so a third party can verify integrity without access to your database.
What is alleex's subprocessor list?
The full list of alleex platform subprocessors is published at /subprocessors. Customer app subprocessors vary by installed modules and are published in the generated privacy policy for each app. You are notified of subprocessor changes before they take effect.
Is alleex SOC 2 or ISO 27001 certified?
No — and we say so plainly. SOC 2 Type II is a roadmap item (target Q4 2026, audit not yet started). ISO 27001 is planned after SOC 2. We do not display certification badges we have not earned. The alleex stack is GDPR-compliant by architectural design — the DPA is available now.
Can I use alleex to build a GDPR Article 30 records-of-processing register?
Yes. The internal data inventory use-case tile above describes exactly this. You compose the module, configure your data categories, and the tool generates a structured register your DPO team can maintain. It is not legal advice — consult your counsel for your specific obligations.
Where is alleex's DPA?
Our Data Processing Agreement is available at /dpa — a pre-signed PDF covering the Neon EU Postgres region, Cloudflare EU Workers, Resend EU transactional email, and all other alleex platform subprocessors. Download it, send it to your legal team, and return a countersigned copy to sign@alleex.com.
Internal GDPR tooling, without the engineering queue.
Book a demo and we will walk through how alleex handles your organisation's compliance requirements, show the audit log export, and answer questions about the DPA.
Free €0 · Pro €29/mo · Business €59/mo · Enterprise custom. See full pricing. Prices may change before general availability.