Open app

Access & authentication

How people get into Demerzel — and what’s recorded when they do — is designed to remove whole classes of risk rather than manage them.

Passwordless by design

There are no passwords, so there is no password database to breach, no reuse across sites, and no phishable shared secret. You sign in one of two ways:

  • Email code — a 6-digit code sent to your address. It is single-use, short-lived, rate-limited, and stored only as a keyed hash.
  • Social sign-in — Google, GitHub, Microsoft, GitLab, Discord or Slack. A social account is only linked to yours when the provider confirms the email is verified, which prevents someone from claiming your account with an unverified address.

Least privilege

Every member has one of three roles:

RoleScope
OwnerFull control, including billing-level actions, granting ownership and deleting the organization.
AdminManage members, notifications and data; act on alerts.
Read-onlyView everything; change nothing.

Roles are enforced on the server (see Tenant isolation), and an organization is never left without an owner.

Sessions

Sessions are server-side and the session identifier is regenerated on sign-in to defeat fixation. Signing out ends the session immediately.

A complete audit trail

Every meaningful action is recorded in an append-only activity log — sign-ins, invitations, role changes, member removals, alert-channel changes and the decisions taken on alerts. Each entry captures the member, the request IP and user agent, and a precise timestamp. Owners and admins can review and filter it at any time.

Deletions are auditable forever. An organization’s activity log is deleted with the organization — so Demerzel keeps a separate, permanent record of every organization deletion (who requested it, the owner at the time, when, and from where). See Your data: ownership & deletion.