Regixo compliance portal

Customer agreement

This is the agreement between South East 1 OÜ and the organisation named on the record. It is one instrument in 2 parts: Data processing agreement and Sub-processor list. Accepting it accepts all of them.

You accept it when you pay, and again when you sign — both times with a box you tick yourself. Nothing on this page accepts anything.

One commitment below is not yet in effect on this portal

The agreement commits to encrypting stored records; on this portal that is currently switched off, so records are stored as plain text. Who is Regixo? states the current position — ask the operator before uploading.

Part 1

Data processing agreement

Between South East 1 OÜ (Estonia, reg. 12608095, VAT EE101763466) — "Regixo", the processor — and the customer identified in the order — the controller.

This agreement applies only to the hosted Regixo portal. The free Regixo software runs on the customer's own machines and transmits nothing to Regixo; for that software, Regixo is not a processor.

1. What Regixo processes

Regixo processes a metadata-only snapshot of the controller's systems:

  • names of tables, columns, and data sources; data types; owners; and relationships between them;
  • the names and email addresses of the controller's own staff who use the portal;
  • billing contact details.

Regixo does not process the contents of the controller's databases. The scanner reads structure only. Values inside a column are never read, never transmitted, and never stored. A column named email is recorded as a column named email; the addresses within it are not seen.

The controller acknowledges that metadata can itself be sensitive (for example, a table named patients_oncology), and that this agreement treats it as confidential accordingly.

2. Purpose and instructions

Regixo processes this data only to provide the portal: to store the record, let the controller's staff read and complete it, seal it on their instruction, and bill for it. Regixo will not process it for any other purpose, and will not use it to train any model.

Regixo acts only on the controller's documented instructions, which are: this agreement, the order, and the actions the controller's own staff take in the portal.

3. Confidentiality

Everyone at Regixo with access to the data is bound by confidentiality. As of the date of this agreement, Regixo is operated by a single person, who is the data protection contact.

4. Security

  • The uploaded record is encrypted while stored, with a separate key per record (AES-256-GCM).
  • Access to a record requires either a private claim link or a verified sign-in.
  • Every access, change, seal and download is written to a per-record activity log the controller can read.
  • The server runs in the EU (Hetzner, Germany or Finland), with TLS in transit.

Stated limits, because the controller is entitled to know them: the account rows (email address, organisation name, amount paid) are not encrypted at rest. The activity log is a database table kept on Regixo's server; it is not cryptographically tamper-proof, and Regixo could in principle alter it. The sealed record is different: it carries an Ed25519 signature the controller can verify offline, without Regixo, and any change to the record invalidates it.

5. Sub-processors

The current sub-processors are listed at the sub-processor list and are, at the date of this agreement: Hetzner (EU), Twilio SendGrid (US), Stripe (US), HubSpot (EU).

SendGrid and Stripe are in the United States. SendGrid receives the recipient's email address and the title of the record an email concerns; Stripe receives the buyer's email, billing address and VAT number. Neither receives any scanned metadata.

Both are certified under the EU–U.S. Data Privacy Framework, which the European Commission has declared adequate. Transfers to them are therefore lawful on the same basis as a transfer inside the EU. Regixo has verified this on the official register (Twilio Inc., participant 5394 — EU-U.S. DPF Active; Stripe, LLC — certified).

Regixo will give the controller notice before adding a sub-processor that touches their data. If the controller objects, they may terminate.

6. If there is a breach

Regixo will notify the controller within 48 hours of becoming aware of a personal data breach affecting the controller's data, and will give what is known at the time rather than waiting for a complete picture.

Regixo does not notify a supervisory authority on the controller's behalf — under Art. 33(1) that is the controller's own duty, and their clock starts when Regixo tells them.

(Separately, and not under this agreement: for a breach of Regixo's own account data — customer names, email addresses, billing — Regixo is the controller and notifies the Estonian Data Protection Inspectorate within 72 hours.)

7. Assistance

Regixo will help the controller respond to data-subject requests, and with impact assessments, taking into account the nature of the processing — which, because Regixo holds metadata rather than personal records, is usually a short answer.

8. Retention and deletion

  • A record nobody claims is deleted 90 days after upload.
  • A record replaced by a newer version is erased 30 days after being replaced.
  • A signed record is retained as the controller's official record until they ask for it to be deleted, or the subscription ends.
  • On termination, Regixo deletes the controller's data on request, except where law requires otherwise. Erasure is available at any time via regixo admin.

9. Audit

Regixo will provide the information needed to demonstrate compliance with this agreement. The Regixo scanner is open source and can be read line by line.

The controller may audit Regixo's compliance with this agreement. In the first instance Regixo will provide its security description, the sub-processor list, and this agreement, which will normally answer the question.

If it does not, the controller may carry out an on-site audit, subject to: no more than once in any 12-month period (unless there has been an actual breach affecting them); 30 days' written notice; during business hours; for no more than one working day; at the controller's cost; and under confidentiality.

10. Liability, term, law

Governing law: Estonian law. Jurisdiction: the Estonian courts. This agreement is subject to the liability provisions of the terms of service and does not create a separate cap.


Annex

Sub-processor list

Status: FACTUAL — safe to publish. Every line below is checked against the code, not asserted. It is not legal advice, but it contains no legal judgment either: it is a list of which companies touch your data and what each one receives.

Last checked: 14 July 2026 · Regixo is operated by South East 1 OÜ (Estonia, VAT EE101763466).


The short version

Regixo's free software runs on your own machine and sends us nothing. If you never use the hosted portal, no sub-processor of ours touches your data at all.

If you do use the hosted portal, four companies are involved. Two of them are in the United States, and we would rather say so plainly than bury it. Neither of them ever receives the metadata Regixo scans from your systems.


The list

CompanyWhereWhat it doesWhat it receives
Hetzner Online GmbHGermany / Finland (EU)Runs the server the portal lives on.Everything the portal stores: your uploaded record, your account, the activity log. The record itself is encrypted.
Twilio SendGridUnited StatesSends sign-in links and notification emails.The recipient's email address, and the title of the record the email is about — normally your organisation's name. Not the record's contents.
StripeUnited StatesTakes card payments.The buyer's email address, billing address, VAT number, and the payment. No scanned data of any kind.
HubSpotEU infrastructure (eu1)Hosts the contact form on our website.Only what you type into that form. Nothing from the product.

What we hold, and for how long

What Regixo scans is metadata only — table names, column names, data types, owners. Never the values inside your data. A column called email is recorded as a column called email; the email addresses in it are never read, never sent, and never stored.

Encryption. Each uploaded record is encrypted while stored, with its own key (AES-256-GCM), so one record cannot unlock another. Note the honest limit: the account rows — your email address, company name, and what you paid — are not encrypted.

Retention. A record nobody claims is deleted after 90 days. A record replaced by a newer version is erased after 30 days. A record you have signed is yours, and is kept.


This is the first thing most compliance teams ask, so here it is up front.

SendGrid and Stripe are American. That means a US company sees:

  • from SendGrid: who is signing in, and the name of the organisation whose record it is;
  • from Stripe: who is paying, from what address, and their VAT number.

Neither ever sees a table name, a column name, or anything Regixo scanned.

Both are certified under the EU–U.S. Data Privacy Framework, which the European Commission has declared adequate. A transfer to a DPF-certified US company is treated in the same way as a transfer inside the EU.

CompanyCertified entityEU-U.S. DPFCheck it yourself
SendGridTwilio Inc.Active (non-HR data)dataprivacyframework.gov/participant/5394
StripeStripe, LLCCertified for EEA datastripe.com/legal/data-privacy-framework

Do not take our word for it. Both links go to the official register and to Stripe's own statement.

And the honest caveat. The Framework is under appeal at the Court of Justice (Latombe, C-703/25 P). The General Court upheld it in September 2025; the appeal is pending. Its predecessor, Privacy Shield, was struck down in 2020. We think it is right that you know that, rather than hear "DPF-certified" and assume the question is closed forever.

"EU-hosted" describes the server. It does not describe every company in the chain, and we will not pretend otherwise.

If this matters to you, tell us. It is a solvable problem — there are EU alternatives for both — and a customer asking is the reason we would move.


Changes

We will tell you before we add a sub-processor that touches customer data. If you object, you can end your subscription rather than accept the change.

← who is Regixo?