Security is our
Operating System.
We process critical financial data for regulated entities. We do not take shortcuts. Our architecture is built on Zero Trust principles and strict Australian Data Sovereignty.
Azure Native
Region: Australia East (Sydney)
We are a single-region deployment locked to Australian soil. All Compute, Database, and Key Vault resources reside within the Azure Australia East region for data sovereignty.
Encryption Standards
At Rest: AES-256 (Managed Disks)
In Transit: TLS 1.3 (API) & SSH-2 (SFTP)
Banking payloads are additionally armored using RSA-4096 PGP encryption before leaving the Ephemeral Memory buffer.
HSM Key Vault
We utilize Azure Key Vault backed by FIPS 140-2 Level 2 Hardware Security Modules (HSM). Banking private keys are never exposed to the application layer in plaintext.
Identity Governance
Internal access to production environments is restricted via Entra ID PIM (Privileged Identity Management). We enforce Phishing-Resistant MFA (YubiKey) for all engineering staff.
The Iron Layer (RAM)
Our "Ghost Protocol" ensures sensitive payment data is processed in volatile memory only. Once the encrypted packet is transmitted to the bank, the RAM buffer is wiped. No unencrypted artifacts are ever written to disk.
Penetration Testing
We engage independent third-party security firms to conduct annual penetration tests of our application logic and infrastructure. Summary reports are available to Enterprise customers via NDA.
Compliance Frameworks
The Digital Vendor Pack
Accelerate your procurement process. Our vendor pack includes our SIG Lite questionnaire, Penetration Test Summary, and Certificate of Currency (Insurance).
*Access requires a signed NDA.
Found a vulnerability? We run a private bug bounty program.
Please contact security@demiton.io before disclosure.