Access & authentication
How people get into Demerzel — and what’s recorded when they do — is designed to remove whole classes of risk rather than manage them.
Passwordless by design
There are no passwords, so there is no password database to breach, no reuse across sites, and no phishable shared secret. You sign in one of two ways:
- Email code — a 6-digit code sent to your address. It is single-use, short-lived, rate-limited, and stored only as a keyed hash.
- Social sign-in — Google, GitHub, Microsoft, GitLab, Discord or Slack. A social account is only linked to yours when the provider confirms the email is verified, which prevents someone from claiming your account with an unverified address.
Least privilege
Every member has one of three roles:
| Role | Scope |
|---|---|
| Owner | Full control, including billing-level actions, granting ownership and deleting the organization. |
| Admin | Manage members, notifications and data; act on alerts. |
| Read-only | View everything; change nothing. |
Roles are enforced on the server (see Tenant isolation), and an organization is never left without an owner.
Sessions
Sessions are server-side and the session identifier is regenerated on sign-in to defeat fixation. Signing out ends the session immediately.
A complete audit trail
Every meaningful action is recorded in an append-only activity log — sign-ins, invitations, role changes, member removals, alert-channel changes and the decisions taken on alerts. Each entry captures the member, the request IP and user agent, and a precise timestamp. Owners and admins can review and filter it at any time.