Demiton
Demiton
ISO 27001 Informed Architecture

How Demiton handles your data

Demiton is built on a zero-trust model. Credentials never exist in plaintext on a disk. Data never leaves Australian infrastructure. Every action is identity-bound and logged immutably.

Three non-negotiable pillars

The foundation of how we protect your operational data.

Australian Data Residency

All production data, keys, and logs reside exclusively in Microsoft Azure Australia East (Sydney). Nothing leaves Australian infrastructure.

  • Primary: Australia East (Sydney)
  • Backup: Australia Southeast (Melbourne)

AES-256 Encryption

Data at rest is encrypted with AES-256. In transit we enforce TLS 1.3. External system handshakes use RSA-4096 key exchange.

  • Envelope encryption
  • Automated key rotation

Hardware Isolation

Integration secrets and private keys are never stored in the application database. They are isolated in hardware-backed Azure Key Vault.

  • Azure Key Vault integration
  • Just-in-time access
Controlled Pipeline

Sensitive data never touches a disk

Most integration platforms store data payloads on temporary disks during processing. If that server is compromised, your operational data is exposed.

Demiton processes sensitive data exclusively in volatile memory:

  1. Ingestion - Data is pulled from source systems into an ephemeral RAM buffer.
  2. Transformation - Data is aligned, validated, and cryptographically signed in memory.
  3. Delivery - The buffer streams directly to the target system via an encrypted tunnel.
  4. Closure - Once delivery is confirmed, the memory address is zeroed and the audit trail is sealed.
Source Systems
Business Central · Assignar · KeyPay
Memory Layer
Transform.Align.Encrypt()
No disk I/O
ACTIVE
Controlled Output
Reports · Dashboards · Audit Trail

Technical Controls

A detailed breakdown for your CISO or Risk Officer.

Control AreaImplementation
Application SecurityAutomated dependency scanning (Snyk), static analysis (SAST), and regular penetration testing.
Access Control (RBAC)Enforced multi-factor authentication (MFA). Role-based access control tied to Azure Entra ID.
Network SecurityAzure VNet Peering, Private Link, and strict egress allow-listing for integration endpoints.
Audit LoggingImmutable logs of every transaction attempt, IP address, and outcome. Retained for 7 years in cold storage.
Disaster RecoveryGeo-redundant backups across Sydney and Melbourne zones. RPO: 5 minutes. RTO: 4 hours.

Responsible Disclosure

If you identify a potential vulnerability, contact security@demiton.io directly. We respond to all verified reports within 48 hours.