Skip to main contentSkip to main content
Corporate Governance

Responsibility is not a feature
— it is our foundation.

Caelex manages sensitive compliance data for the European space industry. This commits us to the highest standards in data protection, ethics, and corporate governance.

100%
EU Data Residency
0
Data Incidents
AES-256
Encryption
GDPR
by Design
Framework

Governance Structure

Our governance framework is built on three pillars — they define how we make decisions, manage risk, and take responsibility.

Corporate Leadership

Governance
  • Clear decision structures and responsibilities
  • Regular review of business processes
  • Transparent communication with customers and partners
  • Documented policies for all business areas

Risk Management

Risk & Compliance
  • Systematic identification and assessment of risks
  • Continuous monitoring of regulatory changes
  • Incident response processes with defined escalation paths
  • Automated security scans and internal code reviews on every deployment

Customer Responsibility

Accountability
  • Equal treatment of all customers regardless of size
  • Fair and transparent pricing
  • Open feedback culture with fast response times
  • Long-term partnerships over short-term optimization
Codex

Caelex Corporate Codex

Six binding principles that guide our actions. They apply to every decision, every product, and every business relationship.

I

Data Sovereignty

Customer data is the property of the customer. Caelex processes data exclusively to deliver the contractually agreed service. No sale, transfer, or other monetization of customer data takes place — neither directly nor indirectly.

II

Regulatory Integrity

Caelex provides regulatory knowledge — not legal advice. Our platform reflects the current state of European space regulation and aids understanding. Compliance decisions are made by the customer based on qualified legal counsel.

III

Transparency

All pricing, service scope, and contract terms are clearly and fully documented. There are no hidden costs, no dark patterns, and no manipulative design elements in our software.

IV

Responsible AI

AI-generated content is always clearly labeled in our platform. AI features serve as support tools — never as autonomous decision-makers. Customer data is not used to train AI models. Our AI usage complies with the requirements of the EU AI Act.

V

Independence

Caelex is an independent software company. We do not offer consulting services and have no conflicts of interest with regulatory authorities, consultants, or other market participants. Our software delivers facts — not opinions.

VI

Sustainable Growth

We are committed to responsible growth. This applies to our infrastructure (efficient resource usage, EU hosting) and our business model (sustainable customer relationships over short-term profit maximization).

ESG

Environmental, Social & Governance

Sustainability is not a marketing label for Caelex. We measure ourselves by concrete actions across all three ESG dimensions.

Environmental

Environment & Resources

EU-Only Cloud Infrastructure

AWS eu-central-1 (Frankfurt) — carbon-neutral region with 100% renewable energy matching

Efficient Software Architecture

Optimized database queries and serverless architecture to minimize resource consumption

Paperless Processes

Fully digital compliance documentation, audit trails, and report generation

Social

People & Society

Equal Treatment

Identical service quality and price transparency for all customers — regardless of company size

Knowledge Access

Free assessment, public guides, and glossaries for access to regulatory knowledge

Transparent Regulatory Communication

Clear presentation of complex regulation — public blog, glossary, and guides for the entire industry

Governance

Leadership & Control

Documented Policies

Privacy policy, terms of service, and cookie policy — publicly accessible

Compliance Monitoring

Continuous monitoring of regulatory requirements and automated audit trails

Automated Audit Trails

Comprehensive logging of all security-relevant actions — fully traceable at any time

Compliance

Regulatory Frameworks

Caelex adheres to the strictest European regulations — without compromise.

GDPR

Achieved

Privacy by design, data protection impact assessments, DPO

EU AI Act

Achieved

Transparency obligations, human oversight, risk classification

NIS2 Directive

Achieved

Security measures per Art. 21, incident reporting

Technical security details
Risk Management

Systematic Protection

Four core risk areas that we address through defined measures, processes, and controls.

Information Security

  • AES-256-GCM encryption of sensitive data
  • Role-based access control (RBAC)
  • Automated security scans on every deployment
  • Multi-layered rate limiting and DDoS protection

Data Protection

  • Data minimization and purpose limitation
  • Automatic anonymization of IP addresses
  • Encrypted backups with EU data residency
  • Right to erasure and data portability

Business Continuity

  • Automatic failover and redundancy
  • Zero-downtime deployments
  • Real-time monitoring with alerting
  • Documented incident response processes

Regulatory Risks

  • Continuous monitoring of European legislation
  • Proactive adaptation to new requirements
  • Automated compliance checks in the CI/CD pipeline
  • Automated dependency checks and secret scanning in the CI/CD pipeline
Policies

Ethics & Compliance Policies

Binding policies that apply to all product development and business relationships.

Privacy Policy

  • No transfer or monetization of customer data
  • No third-party tracking — exclusively self-hosted analytics
  • GDPR-compliant data processing with documented legal bases
  • Automatic deletion after contract termination and upon request

AI Ethics Policy

  • Labeling requirement for all AI-generated content
  • No training of AI models with customer data
  • Human-in-the-loop for all safety-critical decisions
  • Regular review for bias and fairness

Anti-Corruption Policy

  • Zero tolerance for bribery and undue advantage
  • No dark patterns or manipulative design elements
  • Transparent business relationships without conflicts of interest
  • Whistleblower protection for internal and external reporters
Reporting

Transparency & Reporting

Three dedicated channels for responsible communication — confidential, protected, and with guaranteed response times.

Whistleblower System

Confidential reporting of violations against our Code of Conduct or applicable laws. Anonymous reports are possible. We guarantee protection against retaliation in accordance with the EU Whistleblower Directive.

ethics@caelex.eu

Security Response

Responsible disclosure for security vulnerabilities. We acknowledge receipt within 24 hours and provide updates on remediation progress.

security@caelex.eu

Data Protection Officer

Point of contact for all questions regarding data protection, data subject rights, and data processing. Requests are handled within the statutory deadlines.

dpo@caelex.eu
Documents

Governance Documentation

Core policies and documents — publicly accessible.

Privacy PolicyAvailable

GDPR-compliant processing of personal data

Terms of ServiceAvailable

Contractual basis for platform usage

Cookie PolicyAvailable

Transparent information about technologies used

Legal NoticeAvailable

Company information and legal responsibility

Questions about our governance?

We are committed to open dialogue — about governance, data protection, or how we work.

Get in TouchSecurity & Compliance