Build this with alleex
Apps for regulated sectors — compliance-by-construction, not by hope
Healthcare portals, financial dashboards, HR case-management tools: all require EU residency, data minimisation, audit trails, and a DPA. alleex gives you all four before you write a line of business logic.
ShieldCheck
Compliance-by-construction
EU residency, data minimisation, consent capture, and an audit log are composed into the app before any business logic. You build on a GDPR-compliant foundation, not retrofit it.
FileText
DPA-ready before you build
We sign a Data Processing Agreement covering your EU Neon instance and Cloudflare Workers deployment before you write your first module. Your DPO can review the stack before data is collected.
Download
Audit log export for regulators
Hash-chained, CSV/JSON export from the control panel. Chain heads witnessed in Sigstore Rekor so a regulator or external auditor can verify integrity independently.
How it works
Compose these modules
Healthcare internal operations portal
A staff-facing portal for managing patient appointments, consent records, and internal data flows — with EU hosting, GDPR Article 9 (special category) data handling configuration, and a full audit log. Not a medical device.
compliance-eu module + Better Auth with RBAC + audit-log module
Financial services internal dashboard
An internal dashboard for financial advisors or back-office teams — field-level access control, full audit trail, EU-only data processing. Satisfies internal audit requirements without a bespoke build.
audit-log module + Better Auth with RBAC + shadcn/ui admin scaffold
HR case management tool
A case management tool for HR teams handling sensitive employee personal data — disciplinary records, absence management, performance review — with consent capture, retention policies, and DSAR portal.
compliance-eu module + audit-log module + Better Auth
Legal client matter portal
A client-facing portal for law firms managing matter documents and communications — EU-hosted, behind SSO, with a hash-chained audit log of every access and document action.
Better Auth SAML module + audit-log module + Cloudflare R2 (EU region)
DSAR centre for regulated verticals
A DSAR centre that handles requests for special-category personal data (health, financial, HR) — with sector-appropriate handler configuration and a verifiable audit trail for the regulator.
compliance-eu module
Customer stories
Real customer stories — none yet.
We are in private beta. The first case studies will feature named customers who share real results. We do not publish testimonials we have not earned.
Become a design partner →FAQ
Common questions
Is alleex a medical device?
No. alleex produces internal operations tools and dashboards — not clinical decision-support systems. Whether a specific app you build with alleex is subject to EU MDR or IVDR depends on its intended purpose. That determination is your responsibility; consult your regulatory counsel. alleex does not process diagnostic data and does not influence clinical decisions by design.
How does alleex handle GDPR Article 9 special-category data?
The compliance-eu module includes configuration for Article 9 data processing — you specify the legal basis (explicit consent, vital interest, etc.) and the retention period. The module enforces consent capture and generates a DSAR portal that handles access and erasure for special-category data. Legal basis selection is your responsibility; this is not legal advice.
Can a financial services firm use alleex for regulated activities?
alleex produces internal operational tools — not regulated financial products (trading systems, payment processing infrastructure, licensed financial services). Whether a specific tool you build is subject to sector-specific financial regulation (MiFID II, PSD2, etc.) depends on its function and your regulatory status. Consult your compliance counsel.
Where exactly is my data stored?
Your customer app database is a dedicated Neon Postgres project in the EU region (Frankfurt). Your app runs on Cloudflare Workers in the EU zone. These specifics are committed in the DPA we sign before you build — available at /dpa.
Can I get a data flow diagram for my DPO?
Yes. The /compliance page describes the alleex data flow. A detailed data-flow diagram covering which subprocessors handle which data categories is available at /docs/data-flow. Your DPO can review this alongside the DPA before you deploy.
Regulated sector apps. Compliance-by-construction.
Book a demo and we will walk through how alleex handles your sector's data requirements, show the DPA, and answer questions about the audit log for your specific use case.
Free €0 · Pro €29/mo · Business €59/mo · Enterprise custom. See full pricing. Prices may change before general availability.