Resources
We do not run a content factory. We publish the materials our buyers actually use during evaluation, and we send substantive evidence packs on request rather than gating them behind forms.
Public checklist
You should ask these of every vendor you shortlist, including us. Below each question is our short answer. Compare them with whatever a competitor sends back.
European customers run in European AWS regions; MENA customers run in AWS Middle East regions. Data is processed by region-resident sub-processors by default, with EU/EEA preference where the law requires it. Cross-border access requires explicit contractual safeguards. We document this in our DPA, not in marketing copy.
Native. The product was designed under GDPR from inception in 2012, not retrofitted to comply later. Lawful basis tracking and data-subject rights workflows are part of the product surface, not bolted on by a checklist. We apply GDPR as the minimum privacy baseline across every deployment, including MENA — local frameworks (PDPL, NDMO, etc.) layered on top per market.
The same platform deploys on AWS regions worldwide — HIPAA-aware in the US, PIPL/MLPS-aware in mainland China, GDPR-baseline elsewhere. Customer data does not commingle across regions. You sign one master agreement and add region-specific schedules as needed.
Every model recommendation is logged with inputs, version, and the operator who acted on it. Recommendations can be replayed and explained to internal audit and external regulators. EU AI Act-aligned by design.
Engineering and operations are European-based, with 15+ years of AWS engineering experience. 24/7 on-call. Breach notifications follow the GDPR Article 33 timeline as the global minimum. Status, SLA, and incident history are reported to customers continuously.
Yes to both. CEX Solutions is on the AWS Marketplace, so customers who already run on AWS can sign up, validate, and procure under existing AWS spend commitments. Delivery comes in two flavours: fully managed by us as SaaS, or installed on your own AWS account and operated as your internal cloud — you keep the keys, we ship the software.
On request
We do not gate these behind marketing forms. Tell us who you are and we send the relevant package — usually within one business day.
ISO 27001 certificate, latest pen-test summary, sub-processor list, and our standard DPA. Sent under mutual NDA within one business day.
Request the packA structured spreadsheet mapping current effort and risk in your incentives process to the savings observed across CEX deployments. Use it before you talk to procurement.
Request the worksheetA short, opinionated playbook drawn from the AstraZeneca CEE-BA rollout — sequencing, pitfalls, and what to expect cycle by cycle.
Request the playbookThirty minutes with a founder, on the record, no sales pitch. Best used after you have read /trust and /platform and want to pressure-test the substance.
Book office hoursLive across Europe and MENA under a GDPR-native baseline. Deployable on AWS in the Americas, Asia-Pacific, Oceania, and Africa — fully managed by us, or on your own AWS account run as your internal cloud. Your data stays in your jurisdiction.