Screen reference — the compliance portal
Every screen of the compliance team’s portal — claim, fill, DORA, unlock, sign, account, team — with each one shown by the one region it exists for, and its other controls named in the text. Use it to look one thing up. To be walked through it as a lived compliance-team session, start with the walkthrough The compliance team →.
Opening a claim & signing in
The engineer’s regixo invite produces a link like
app.regixo.com/claim/clm_<token> and a RoPA_DRAFT.pdf. Opening the
link needs no account — reading is free. Everything lives on that one page: two tabs
(Record (RoPA) · DORA register), a mini-nav (Overview · Still needs you (N) ·
Sign & seal), the record, the fill surface, the unlock and the sign-&-seal block. There is
no separate “fill”, “team” or “record” address — those are sections you reach once you sign in.
The page opens with the promise and the provenance — “Your GDPR Article 30 Record of Processing — drafted from your own systems”, then what left their machine: metadata only … No row values, ever — and is honest, up front, about what it does not cover: a coverage banner names every source that was unreachable at the last scan.
- What this is — the list of how your company uses people’s personal data — the “Record of Processing” most EU organisations must keep.
- Where it came from — your engineering team mapped your real database with Regixo, which drafted this from your actual tables.
- What’s done — the data inventory is mapped for you.
- What needs you — 10 legal calls are still blank — security measures, recipients, purpose, your lawful basis and more. Your team fills them below; then you sign.
- Your privacy — metadata only (names, types, owners). No row values ever left your team’s machine.
- What’s not covered —
snowflake-dwh,stripe(unreachable at the last scan).
Forwarded draft — received 2026-07-10 · what left their machine: metadata only — 4 dataset names and types + 9 personal-data flags. No row values, ever. No account needed to review. · what changed → · who is Regixo? →
How your team works this record: a viewer reads · a preparer fills · an approver confirms & signs · an admin manages the team.
Signed out, a needs you field is a link, not a form: + Fill this jumps to the sign-in block on the same page. To fill fields or manage your team, sign in: enter your work email and press Email me a sign-in link (or use SSO where configured). The link is one-time and lasts 15 minutes. Because corporate mail scanners open links, you’ll first see a “Confirm it’s you” page — press Continue to sign in → (that’s what actually consumes the link).
The record & the fill surface
The record lists your activities, each one a card you open (Activity detail & gaps), with every legal field badged needs you / suggested / confirmed (mechanical facts show found; special-category rows carry ⚠ Art. 9). Once you sign in, each of those rows grows its own inline editor in place of the link — below, the open Lawful basis row on Manage customer accounts, as an approver sees it:
-
Manage customer accountsaccounts · customers
Activity detail & gaps
Lawful basis Choose an Art. 6(1) lawful basis needs you + Fill this
- Open it with + Fill this (empty) or ✎ edit (filled).
- Lawful basis → a picker “— pick an Art. 6(1) basis —” listing all six grounds, plus a free-text “…or type the basis in your own words”.
- Art. 9(2) ground (only on special-category rows) → “— pick an Art. 9(2) ground —” with all ten.
- Purpose · Retention · Transfers · Security · Recipients · Data subjects → free-text (Recipients placeholder “e.g. Stripe, AWS, Intercom”).
Who can do what is role-gated: a preparer fills a field (it saves as “provided by you”); an approver (or admin) sees the checkbox “Confirm as legally reviewed — your act as approver; Regixo never confirms a legal field for you.” and can Revert to Regixo’s suggestion. A running “Still needs you” index lists every activity with open fields so nothing is missed.
regixo annotate … --confirm; the full field-by-field guidance is in
Fill the RoPA.DORA fill
The DORA register tab carries its own count — “11 of 15 sections need you” — and the page is 15 sections (B_01.01 … B_99.01), each badged auto-filled / partly auto / needs you. Signed out you can read all of it: a cell you’d have to fill reads “sign in to fill”, a call only an approver may make reads “sign in to rule”, and an empty table reads “No rows yet — sign in to add”.
This is your DORA Register of Information, forwarded with the record — the free DRAFT. Turning it into the checked, sealed xBRL-CSV (the €12,000 plan) is done on your engineer's own Regixo, not on this forwarded record.
Why draft from your real systems: in the European Supervisory Authorities’ DORA dry-run exercise, only about 6.5% of manually-built registers passed all 116 validation checks.
procurement → contracts & costs · legal/treasury → LEI & in-scope · ICT-risk → criticality.
B_01.01 · Entity maintaining the register of information
auto-filled| Name of the entity | LEI | Country |
|---|---|---|
| Aurelia Payments Oy provided | 5493001KJTIIGC8Y1R12 provided | FI provided |
B_01.03 · List of branches
needs you| Branch name | Country |
|---|---|
| No rows yet — sign in to add | |
B_05.01 · ICT third-party service providers
partly auto| Provider name | Type of ICT service | Country of provision | Provider identifier (LEI) | In DORA scope? |
|---|---|---|---|---|
| Snowflake DWHauto | Cloud data warehouseauto | EUauto | sign in to fill | confirmed |
| Stripeauto | Payment processingauto | US (outside EU)auto | 5299007QVIQ7IO1L0962 provided | sign in to rule |
Signed in, each needs-you cell becomes an inline form (“add…” + Save); contract and
function tables get + Add a row. To fill many at once, use the CSV path: Download the
template (CSV) → Upload & preview → a check page (“Check these rows before they save …
Nothing is saved yet”, showing “Updates row X / Adds a new row”, skipping bad LEIs) → Apply N
rows. LEI cells are checked (ISO 17442 + mod-97) with a GLEIF pointer. Ruling a provider
confirm / exclude in scope, and marking a function’s criticality, are
approver-only acts (a legal judgment). CLI twins: regixo dora import/set; details
in The DORA register.
Check these rows before they save
2 rows from your file ready to save to Your IT third-party providers B_05.01. Nothing is saved yet — rows save when you apply them, each cell marked “provided”.
Skipped from the file: In DORA scope?
Your approver rules these on the row itself — they’re not written from a file. Everything else in those rows still saves.
Columns not on this table (ignored): notes.
- Row 4 — LEI fails its check digits (ISO 17442 mod-97) — row skipped
Look up an LEI on GLEIF search ↗ — the public register of legal-entity identifiers.
| Row reference | Provider name | Type of ICT service | Country of provision | Provider identifier (LEI) | What happens |
|---|---|---|---|---|---|
| stripe | Stripe | Payment processing | US (outside EU) | 5299007QVIQ7IO1L0962 | Updates row stripe |
| datadog | Datadog | Monitoring | EU | 5493001KJTIIGC8Y1R12 | Adds a new row |
Unlock & pay
Read this first: checkout is wired and offline-tested, but the live card-payment run is a launch gate — not switched on yet, so a licence may be issued by invoice today (Enterprise always is). The draft stays free either way. This is the flow it will run.
Inside “Make this record official,” two questions set your plan and its published price —
“How big is your organisation?” and “Are you a regulated financial firm (DORA applies)?”.
The price appears once both are answered (RoPA €6,000/yr · RoPA + DORA €12,000/yr ·
Enterprise from €18,000/yr, invoice). Press Continue to payment (card, via Stripe);
an overlay explains you’ll enter your card on Stripe’s secure page (“Regixo never sees or stores
them”). After returning you’ll see “✓ Payment received — activating your licence…”, then a receipt
with a downloadable invoice. On a €12k purchase the portal shows the engineer’s licence key to set as
REGIXO_LICENCE_KEY.
Choose your plan & pay
Regixo attests mechanical facts only — purpose, lawful basis and retention are confirmed and signed by you. This is not legal advice.
The block ends with a way out that isn’t a payment: “Prefer to talk it through first?” — Email us →, “a person answers. No obligation; the draft stays free either way.” On a record that already carries a licence, step 2 reads instead “Your plan is set by the licence on this record — nothing to choose or pay.”
Launch gate: checkout is wired and offline-tested; the live card-payment run
isn’t switched on yet, so a licence may be provided by invoice today (Enterprise always is). The CLI
twin (licence-key activation) is regixo verify.
Sign & seal
Signing is the last step — approver or admin only. A “Before you sign” gate names what you are about to do (it removes the DRAFT stamp and records a simple electronic signature under your name — not a qualified electronic signature), lists every legal entry still open, and states that those seal as flagged gaps: the seal never confirms one for you. It also names the controller (required, Art. 30(1)(a)) and asks for the registered legal name if your organisation isn’t named yet.
Before you sign
You are about to sign and seal this record as Dana Kessler (dana@acme.eu). This removes the DRAFT stamp and records a simple electronic signature (eIDAS Art. 25(1)) under your name.
- Manage customer accounts — lawful basis
- Manage customer accounts — security measures
- Uncategorised processing — purpose
- Uncategorised processing — lawful basis
- Uncategorised processing — retention
- Uncategorised processing — security measures
- Take and record payments — security measures
Press 🔓 Sign & seal and the record becomes OFFICIAL — the DRAFT stamp is gone and the page carries the seal block: Who signed · Timestamp · What kind of signature · the tamper-proof seal row · what’s still left for you · Your record, a “Technical details (for your auditor)” panel (sha256 content seal, attestation id, offline verifier), and Download the official PDF. Until the RFC 3161 counter-stamp is switched on (a launch gate), the timestamp row says so in as many words — vendor clock only:
✓ Sealed · 2026-07-11 — 7 legal calls below still need confirming
● OFFICIAL — signed & sealed
- Who signed — Dana Kessler (dana@acme.eu), on 2026-07-11T14:02:00Z. Identity verified by email sign-in link (magic link).
- Timestamp — vendor clock only — no RFC 3161 counter-stamp attached.
- What kind of signature — A simple electronic signature. Under eIDAS (Art. 25(1)) it cannot be denied legal effect solely because it is electronic. It is not a qualified electronic signature.
- Tamper-proof seal — Locked: any later edit re-opens the signature. Anyone can check it’s genuine offline, without contacting us — see “Technical details”.
- What’s still left for you — 7 legal boxes below still need your confirmation, flagged in the record. The seal never confirms a legal call for you.
- Your record — Plan ropa · valid until 2027-07-11. Manage billing →
Technical details (for your auditor)
Content seal sha256:9f2c4d7a1b6e8035c9a2f4d7b1e6803559f2c4d7a1b6e8035c9a2f4d7b1e68035 — any later edit re-opens the signature.
Attestation att_7b3c9d1e5f2a8046b1c7 · key rgx-key-2026 · tenant ten_acme.
Verifiable offline: run node verify-attestation.mjs next to the exported attestation.json (key published in ATTESTATION_KEYS.md).
This attestation states a mechanical fact: the auto-filled fields were sourced from the connected systems as of 2026-07-10. The legal fields (purpose, lawful basis, retention, transfers) carry the judgment of the named signatory, who confirmed and signed them. This document is not legal advice.
A Version history card lists every seal with “what changed” diffs. If the data drifts after
signing, a banner flags “N activities need RE-SIGN” with Review & re-sign → (Regixo
never re-signs for you). CLI twins: regixo verify, regixo seal pull.
Full detail: Unlock, sign & maintain.
Account & billing
The account chip in the masthead (your initials + email) opens the cluster — Profile & sign-in · Notifications · Org profile · Billing — and every page of it carries that same left-hand nav:
- Profile & sign-in — edit the Name shown on a seal; see your verified email and SSO status; Sign out everywhere; request account closure (the operator actions it — never self-serve deletion).
- Notifications — “Email me about” toggles (Licence expiring, Re-signing, Sync stale, Product updates). Quiet by default; receipts and sign-in links are always sent.
- Org profile — registered entity, LEI (checksum-validated), country, data-protection contact, default security measures. Filling these across several records at once isn’t built — set the org profile on each record.
- Billing — one row per record: plan, status (Active / Expires in N days / Expired), and actions — Renew →, Upgrade to RoPA + DORA → (pay the €6,000 difference, expiry unchanged), and Billing in Stripe → (the Stripe Customer Portal — update the card, download invoices; there’s no subscription to cancel).
Team & roles
Admins manage the team on the record (“Roles are per record, never global”):
Your team
Who can do what on this record. Roles are per record, never global.
| dana@acme.eu | admin | you · added 2026-07-03 |
| omar@acme.eu | approver | change role |
| lena@acme.eu | viewer | change role |
Activity log → every touch of this record, in the append-only ledger your licence includes.
| Role | Can |
|---|---|
| Viewer | Read the record. |
| Preparer | Read, and fill the draft (RoPA fields & DORA cells) — saved “provided by you”. |
| Approver | Everything a preparer can, plus the legal acts: confirm a field, rule a DORA provider in/out of scope, and sign. |
| Admin | Manage the team (add people, set roles). The last admin can’t be removed — promote a colleague first. |
Add a colleague with Send invite (default viewer). Admins can also Generate a machine
token (ingest-only rgx_sync_*, shown once, can never unlock or sign) for automated
syncs. SSO status shows here and on Profile; connecting your IdP is operator/config work, not an
in-portal screen yet.
Activity log
Admins and approvers get an Activity log — “Every touch of this record — views, fills, confirmations, sign-ins, payments, seals, downloads — in the append-only ledger your licence includes. Read-only: nothing here can be edited or deleted, by anyone (that is the point).” It’s distinct from the What changed feed (which tracks changes in your systems as each re-scan reports them).
Activity log
Every touch of this record — views, fills, confirmations, sign-ins, payments, seals, downloads — in the append-only ledger your licence includes. Read-only: nothing here can be edited or deleted, by anyone (that is the point).
| When (UTC) | Who | What | Detail |
|---|---|---|---|
| 2026-07-11 14:02 | dana@acme.eu | seal.create | Record signed & sealed · RoPA |
| 2026-07-11 13:58 | dana@acme.eu | payment.received | RoPA · €6,000 · Stripe |
| 2026-07-10 09:20 | omar@acme.eu | field.confirm | Lawful basis · Manage customer accounts |