Private beta. Founder-led onboarding.

Auth in four lines.
Hosted where your users live.

elvix is the European identity provider for B2B SaaS. Drop in passkeys, email OTP, Google sign-in, RBAC, and a self-serve /account surface your users can audit themselves. Frankfurt-only data residency. GDPR Art. 15 export built in. Four lines of code, then ship.

  • Frankfurt only. No US sub-processors.
  • GDPR Art. 15 export, built in.
  • 4-line Next.js drop-in.
D
Sign in to DanceClub
Pick how you want to continue.
or
By continuing, you agree to DanceClub's
Terms of Service·Privacy Policy
v0.10.0
This is a preview
The blocker

Auth is the slowest part of every sprint.
Then your compliance officer asks where the data lives.

You can roll your own and burn three weeks on session rotation, token revocation, OAuth callbacks, passkey ceremonies, password reset emails, and audit logs. Then start over when the GDPR questionnaire arrives and asks why your users sign in to a US host. Or you can stop fighting this.

3 weeks
DIY auth

Sessions, password resets, OAuth, passkeys, audit log, account deletion flow. Then again for every framework you ship on.

Cloud Act
US-hosted auth

Clerk and Auth0 are great until your buyer's compliance team asks where the data is processed and who has subpoena access.

0 transparency
The black box

Your users can't see what data they've handed over. The first GDPR Art. 15 request lands in your inbox, not theirs.

The promise

Identity, kept in Europe.
Everything sign-in needs. Nothing it doesn't.

Frankfurt-only residency

Database and backups in Frankfurt am Main. No US sub-processors that touch account data. Schrems II proof, ready for your DPA.

A real /account surface

Your users get a hosted page they can audit themselves: profile, sessions, factors, GDPR export. Less support load on you.

Compliance built in

GDPR Art. 15 data export with a 5-second click. DPA template ready. LDI NRW supervises. Privacy questionnaire becomes a one-pager.

Passkeys + OTP + Google

Three sign-in factors out of the box. WebAuthn passkeys phishing-proof. 6-digit codes for the holdouts. No passwords stored, ever.

Multi-app workspaces

One elvix workspace fronts every app you ship. Users sign in once, identity follows them across your product portfolio.

Webhooks + browser events

Signed server-to-server webhooks for every lifecycle event. SSE browser events for live cross-tab sign-out. Both Stripe-style.

Four lines to ship

Wrap your app.
Sign in tomorrow.

Drop the provider at the root, mount the sign-in component where you want it, verify tokens on your server against the JWKS endpoint. That is the entire integration. Works with Next.js, Remix, Astro, Express, Bun.

app/layout.tsx
# 1. Install
npm install @elvix.is/sdk

# 2. Wrap your app
import { ElvixProvider } from "@elvix.is/sdk/react"

# 3. Drop in the sign-in
<ElvixSignIn />

# 4. Verify on the server
import { verifyElvixToken } from "@elvix.is/sdk/server"
The differentiator

Your users get a real account page.
Not a black box.

Every elvix-signed-in user lands at /account and can audit themselves: their profile, every device they are signed in on, every social or passkey factor, every app they have signed into. They click one button to download everything elvix holds about them, GDPR Art. 15 compliant.

Clerk has a `<UserProfile />` widget. Auth0 has a support inbox. elvix has a full hosted surface your users can reach without a single support ticket.

  • Profile, addresses, languages, region. Self-serve.
  • Sign-in factors: primary OTP, social, archived emails, passkeys.
  • Live sessions across every device they have signed in on, one-tap revoke.
  • GDPR Art. 15 download, per-app and identity-level. Single-use, attached as zip.
Your account
Hi Maya.
Check out my account
How I sign in to my apps
Where I’m signed in right now
Download a copy of my data
Compliance receipts

Specific, not vague.
Forward this section to your compliance team.

Controller of record

elvix is an Einzelunternehmen registered at Jülicher Straße 72a, 52070 Aachen, Germany. Edvard Grei, founder. Real address, real liability.

Data centre

Hetzner, Frankfurt am Main. PostgreSQL hosted on the elvix-controlled Delvix cluster in the same region. Backups stay in EU.

No US sub-processors

For account data. Email delivery via Resend EU region. Google People API touched only with the user’s OAuth scopes.

GDPR Art. 15 export

Built into the /account surface. User clicks, OTP verifies, a single-use zip lands in their inbox. Disclosure block included.

Supervisory authority

LDI NRW (Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen). Named in every disclosure.

Breach response

72-hour notification to the regulator per Art. 33. Direct emails to affected users when risk is high. Post-mortem published.

The decision

elvix vs the alternatives.
Honest where we win, honest where we don’t.

elvixClerkAuth0
Frankfurt-only data residencyEU tier (paid plan)
EU-domiciled controller
End-user /account surfaceWidget
GDPR Art. 15 self-serve export
Passkeys, OTP, OAuth
SAML / SCIM enterprise SSORoadmap
Mobile SDKs (iOS, Android, RN)Roadmap
Years of polishMonths4 years10+ years
Pricing modelMAU-based, locked at sign-onMAU, tieredMAU, enterprise quote

If you need SAML/SCIM or mobile SDKs this quarter, Clerk is the safer pick today. If your buyer asks where the data lives and can't accept a US answer, you can't use Clerk at all. That's the wedge.

Private beta

Paid from day one.
Invitation only, while we onboard.

elvix is in private beta. Production-ready, paid from the first sign-in. Pricing scales with MAU; the rate you sign at is locked for 12 months. Beta teams get founder-led onboarding, direct Slack access, priority on the roadmap. We don't use a free tier because we don't need to: the wedge is sovereignty and transparency, not the cheapest seat at the table.

Auth in four lines.

Hosted in Frankfurt. Audited by your users. Ready before your next sprint review.

Request beta access