Compliance

Clex maintains a complete customer-facing security and data-protection document set. Each document is drawn from verified source material, version-controlled, approved by the CEO before release, and kept current with the product.

At a glance

Security posture

Clex is designed around local processing. User-entered free text remains on the device or in the browser. Server-side requests are limited to pictogram identifiers and language codes; no free text, no keystroke logging. Production hosting is on EU infrastructure in Germany. The GDPR Questions and Answers on this site covers the most common questions; the customer document pack below goes into greater depth on each topic.

What is in the customer document pack

Each document answers the questions a procurement team or DPO will ask. Request the pack to receive the current versions as PDFs.

Company and Service Overview

The legal entity, ownership structure, registered addresses, product portfolio, operating footprint, and the contracting structure for each market. Useful for vendor onboarding forms that ask about corporate structure.

Security Management Overview

Governance, risk management, access principles, and how security decisions are made. Covers the organisational side of security: who owns what, how we handle privileged access, and how we maintain security awareness.

Secure Development and Product Security

Software development lifecycle, separation of development and production environments, code review, testing, vulnerability management, and penetration testing. For product-security teams assessing whether Clex Keyboard or Clex Web meets OWASP-class security requirements.

Infrastructure and Operational Security

Hosting, network security, hardening, logging, monitoring, backup, and patch management. Describes where Clex runs, how it is secured, and how operational changes are managed.

Business Continuity, Incident Response and Disaster Recovery

Continuity planning, incident-management process, recovery objectives, and backup and restore testing. For procurement questions about what happens when something goes wrong - and how we know our recovery plan works.

Data Protection and Sub-processors

Complete sub-processor list, server locations, third-country transfer mechanisms, and the GDPR posture for each data flow. Answers the questions procurement teams and DPOs most often ask: where does data go, and on what legal basis.

Service Level Agreement

Availability commitments, response times for issue categories, and the service commitments Clex makes in a customer contract. Use the SLA document as a starting point for contract negotiation.

GDPR Questions and Answers

Fifteen plain-language questions and answers covering Clex’s full GDPR scope - from what happens to text on the device, through sub-processor geography, to how data is deleted when a device is retired. Often the document DPOs use to approve a Clex deployment.

Request the pack

To keep sensitive security and SLA documentation away from automated scrapers, we send the pack by email on request rather than publishing it openly. Your request reaches a named person, not a ticket queue:

• Danish customers: Flakron Sojeva - fs@clex.ai
• Swedish customers: Ron Karlsson - rk@clex.ai
• Technical follow-up: Uffe Gorm Pal Hansen - ugh@clex.ai
• German customers: Jonas Henrik Lund - jhl@clex.ai

We respond within one working day. Procurement officers and DPOs receive the full current pack; we can arrange specific subsets on request (for example, DPIA inputs only).

Quick answers

If you don’t need the full pack, the FAQ covers the fifteen most common procurement, DPO, and IT-department questions with plain short answers.