Security is our
Operating System.
We process critical financial data for regulated entities. We do not take shortcuts. Our architecture is built on Zero Trust principles and strict Australian Data Sovereignty.
Hybrid Sovereignty
Region: Australia East (Sydney)
We utilize a split-stack architecture. Application logic resides on Google Cloud (Sydney), while sensitive Banking Credentials are hardware-isolated in Microsoft Azure Key Vault (Sydney).
Encryption Standards
At Rest: AES-256 (Azure HSM)
In Transit: TLS 1.3 (API) & SSH-2 (SFTP)
Banking payloads are additionally armored using RSA-4096 PGP encryption before leaving the Ephemeral Memory buffer.
The Smart Vault
We utilize Azure Key Vault backed by FIPS 140-2 Level 2 Hardware Security Modules (HSM). Banking private keys are never exposed to the application layer in plaintext.
Identity Governance
Internal access to production environments is restricted via Entra ID PIM (Privileged Identity Management). We enforce Phishing-Resistant MFA (YubiKey) for all engineering staff.
Infrastructure as Code
Our infrastructure is immutable and defined in Terraform. We use hardened 'Distroless' container images to minimize the OS attack surface. Vulnerability scanning occurs on every commit.
Penetration Testing
We engage independent third-party security firms to conduct annual penetration tests of our application logic and infrastructure. Summary reports are available to Enterprise customers.
Compliance Frameworks
The Digital Vendor Pack
Accelerate your procurement process. Our vendor pack includes our SIG Lite questionnaire, Penetration Test Summary, and Certificate of Currency (Insurance).
*Access requires a signed NDA.
Found a vulnerability? We run a private bug bounty program.
Please contact security@demiton.io before disclosure.