Security & trust

Built to earn the access it asks for.

Demerzel sits close to your infrastructure, so it’s designed around clear, verifiable boundaries — not promises.

A read-only, outbound-only agent

One lightweight agent runs on your servers. It observes and summarizes only — no inbound port, no command channel, nothing to exploit as a foothold.

It collects metadata, never secrets

The agent reports operational posture — metrics, versions, service and certificate status. It never reads passwords, config files, environment variables or user accounts.

EU hosting, encrypted in transit

Your data is hosted in the European Union (OVHcloud, Roubaix). Everything moves over HTTPS; agents authenticate with a per-agent certificate (mTLS).

No third-party sub-processors

OVHcloud is the only infrastructure provider in the chain. No external analytics, no data brokers, no services that can see your data.

Strict tenant isolation

Every request is scoped to one organization. There is no shared, cross-tenant view of data — ever.

Roles, audit trail & real deletion

Owner / admin / read-only roles enforced server-side, a complete activity log, and permanent deletion of your data on request.

Full technical detail lives in the security documentation.

Monitoring you can put in front of a security review.

Read-only by design, EU-hosted, and yours to delete. See it for yourself.

14-day free trial · No credit card required