Security is a
promise.

Deemarc uses Microsoft Graph with app-only authentication. Concretely: no end user is ever signed in, no token is ever issued in your name.

We require only read permission on the reporting mailbox (Mail.Read or Mail.ReadBasic.All), plus Organization.Read.All for tenant metadata. No write access, no mailbox manipulation, no access to other data.

Every tenant gets its own SQLite database on the filesystem, chmod 600, in the directory /var/lib/deemarc/tenants/<TenantId>.db. No shared tables, no logical tenant filters, no missing-WHERE-clause bugs waiting to leak.

Cross-tenant queries are technically impossible at the code layer — the repository pattern operates per tenant connection by definition. An accidental cross-tenant read would fail at compile time, not at runtime.

Every write operation at platform level (tenant onboarding, config change, key rotation) is persisted in a separate audit log — with actor, timestamp, affected entity and before/after values where meaningful.

On request we export the audit log for your tenant in a compliance- ready format (CSV or JSON) for reviews and audits.

Deemarc runs on a dedicated server at Hetzner in Nuremberg (datacenter NBG1). No US hyperscaler, no CLOUD-Act exposure, no chain of dozens of third-party sub-processors.

Operations team: Switzerland. Data: EU. Microsoft Graph calls necessarily go to Microsoft — that is the only third party in the data chain and is explicitly named in the Data Processing Agreement (DPA).

Please send security-relevant findings directly to info@solvia.ch with subject "Security Disclosure". We acknowledge within one business day.

No public bug bounty (V1) — but we honour responsible reports with a personal thank-you and, depending on severity, a public acknowledgement on this page.