Data residency & compliance
Where your data physically lives, and who can touch it, is often the first question a security review asks. Here are the plain answers.
Where your data lives
Your data is hosted in Canada, on OVHcloud infrastructure in Beauharnois, Québec. It stays in North America and does not leave Canadian jurisdiction. Canadian hosting keeps operational data under PIPEDA and close to North American users — low latency for US-based teams, without the data leaving the continent.
Who processes your data
Only Demerzel, on OVHcloud infrastructure. We use no third-party sub-processors that can see your operational data — no data brokers, no ad networks. The one party in the infrastructure chain is the hosting provider, OVHcloud; there is nobody else with access to your servers’ data.
Infrastructure certifications
The underlying infrastructure is operated by OVHcloud, whose data centers hold their own industry certifications — including ISO/IEC 27001 and SOC 2. The Beauharnois site is OVHcloud’s North American region; OVHcloud publishes the current certification list in its compliance documentation.
These certifications cover the hosting layer. For Demerzel’s own security posture, a data-processing agreement, or a completed security questionnaire, see below.
Encryption
All traffic is encrypted in transit over HTTPS. Agents authenticate to Demerzel with a per-agent certificate (mTLS) rather than a shared key — see Access & authentication and Security & mTLS identity.
Data-processing agreement & reviews
We’re happy to sign a DPA, walk through a security questionnaire, or answer specific residency and processing questions. Contact us and we’ll take it from there — no hand-waving.