elvix is the European identity provider for B2B SaaS. Drop in passkeys, email OTP, Google sign-in, RBAC, and a self-serve /account surface your users can audit themselves. Frankfurt-only data residency. GDPR Art. 15 export built in. Four lines of code, then ship.
You can roll your own and burn three weeks on session rotation, token revocation, OAuth callbacks, passkey ceremonies, password reset emails, and audit logs. Then start over when the GDPR questionnaire arrives and asks why your users sign in to a US host. Or you can stop fighting this.
Sessions, password resets, OAuth, passkeys, audit log, account deletion flow. Then again for every framework you ship on.
Clerk and Auth0 are great until your buyer's compliance team asks where the data is processed and who has subpoena access.
Your users can't see what data they've handed over. The first GDPR Art. 15 request lands in your inbox, not theirs.
Database and backups in Frankfurt am Main. No US sub-processors that touch account data. Schrems II proof, ready for your DPA.
Your users get a hosted page they can audit themselves: profile, sessions, factors, GDPR export. Less support load on you.
GDPR Art. 15 data export with a 5-second click. DPA template ready. LDI NRW supervises. Privacy questionnaire becomes a one-pager.
Three sign-in factors out of the box. WebAuthn passkeys phishing-proof. 6-digit codes for the holdouts. No passwords stored, ever.
One elvix workspace fronts every app you ship. Users sign in once, identity follows them across your product portfolio.
Signed server-to-server webhooks for every lifecycle event. SSE browser events for live cross-tab sign-out. Both Stripe-style.
Drop the provider at the root, mount the sign-in component where you want it, verify tokens on your server against the JWKS endpoint. That is the entire integration. Works with Next.js, Remix, Astro, Express, Bun.
# 1. Install npm install @elvix.is/sdk # 2. Wrap your app import { ElvixProvider } from "@elvix.is/sdk/react" # 3. Drop in the sign-in <ElvixSignIn /> # 4. Verify on the server import { verifyElvixToken } from "@elvix.is/sdk/server"
Every elvix-signed-in user lands at /account and can audit themselves: their profile, every device they are signed in on, every social or passkey factor, every app they have signed into. They click one button to download everything elvix holds about them, GDPR Art. 15 compliant.
Clerk has a `<UserProfile />` widget. Auth0 has a support inbox. elvix has a full hosted surface your users can reach without a single support ticket.
elvix is an Einzelunternehmen registered at Jülicher Straße 72a, 52070 Aachen, Germany. Edvard Grei, founder. Real address, real liability.
Hetzner, Frankfurt am Main. PostgreSQL hosted on the elvix-controlled Delvix cluster in the same region. Backups stay in EU.
For account data. Email delivery via Resend EU region. Google People API touched only with the user’s OAuth scopes.
Built into the /account surface. User clicks, OTP verifies, a single-use zip lands in their inbox. Disclosure block included.
LDI NRW (Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen). Named in every disclosure.
72-hour notification to the regulator per Art. 33. Direct emails to affected users when risk is high. Post-mortem published.
| elvix | Clerk | Auth0 | |
|---|---|---|---|
| Frankfurt-only data residency | EU tier (paid plan) | ||
| EU-domiciled controller | |||
| End-user /account surface | Widget | ||
| GDPR Art. 15 self-serve export | |||
| Passkeys, OTP, OAuth | |||
| SAML / SCIM enterprise SSO | Roadmap | ||
| Mobile SDKs (iOS, Android, RN) | Roadmap | ||
| Years of polish | Months | 4 years | 10+ years |
| Pricing model | MAU-based, locked at sign-on | MAU, tiered | MAU, enterprise quote |
If you need SAML/SCIM or mobile SDKs this quarter, Clerk is the safer pick today. If your buyer asks where the data lives and can't accept a US answer, you can't use Clerk at all. That's the wedge.
elvix is in private beta. Production-ready, paid from the first sign-in. Pricing scales with MAU; the rate you sign at is locked for 12 months. Beta teams get founder-led onboarding, direct Slack access, priority on the roadmap. We don't use a free tier because we don't need to: the wedge is sovereignty and transparency, not the cheapest seat at the table.
Hosted in Frankfurt. Audited by your users. Ready before your next sprint review.
Request beta access