Security Trust Center

Security you can trust.

Data you can see.

Demoboost's complete disclosure on platform security, data protection, architecture, and regulatory compliance. Backed by live infrastructure metrics.
Explore SecurityDownload ISO 27001 Certificate

Verified

AWS GuardDuty Active
98% Lambda Coverage
Zero Critical Findings
EU Data Residency
TLS 1.2+ / AES-256
100% PR AI Audit
AWS GuardDuty Active
98% Lambda Coverage
Zero Critical Findings
EU Data Residency
TLS 1.2+ / AES-256
100% PR AI Audit
AWS GuardDuty Active
98% Lambda Coverage
Zero Critical Findings
EU Data Residency
TLS 1.2+ / AES-256
100% PR AI Audit
AWS GuardDuty Active
98% Lambda Coverage
Zero Critical Findings
EU Data Residency
TLS 1.2+ / AES-256
100% PR AI Audit

Security at a glance

27,001

ISO certified

1

Critical Findings

(Detected and fixed)

100%

PR AI Audit

98%

Lambda Coverage

EU

Data Residency

Four pillars of security

From AI-driven code review to NIS2 compliance — security is the architecture, not an afterthought.

AI Intelligence: Code Verification

  • CodeRabbit analyses every PR for vulnerabilities before production.
  • Weekly deep analysis by Claude AI — logic and architecture review.
  • 100% Pull Request coverage. 24/7 automated audit.

Proactivity: Threat Detection

  • GuardDuty + Inspector + WAF: multi-layer protection stack.
  • AWS ML engines continuously monitor EC2 and Lambda.
  • Regular external penetration tests from independent vendors.

Foundation: Process & Hardware

  • ISO 27001 certified ISMS — production, development, verification
  • Data resilience & recovery (backup restoration testing).
  • EU PII data processing exclusively in AWS Frankfurt (eu-central-1)

Proactivity: Threat Detection

  • Supply chain monitoring — data never leaves EU.
  • Serverless DR minimises downtime risk. Near-instant recovery
  • Real-time GuardDuty/Inspector aligns with NIS2 reporting.

Real data. Right now.

Sourced live from AWS security services in the Demoboost production environment.

Compliance Improvements

ISO 27001-Aligned process

Improvements focused on customer data protection and platform resilience

Security improvements

Fixed 1 medium and 1 critical vulnerability

Including remediation of an externally detected infrastructure exposure

AWS Inspector

EC2 coverage
100
%
Lambda coverage
98
%
Critical findings
eu-central - 1
Active scans
187
Fix available
Fix available

Network Security

VPC Isolation
Active
Network ACLs
Configured
AWS
Under review
Data region
eu-central - 1

Full tech disclosure.

AWS Well-Architected Framework. Serverless. Multi-tenant. No black boxes.

Area

Tech Stack
Data Isolation
Data Residency
Authentication
CI/CD
Demo Capture
Backup & DR

Technical Detail

TypeScript · Node.js · React — AWS Well-Architected

SAAS
Serverless

Logical tenant separation at application + database level.

TLS 1.2+
AES-256

All customer PII on AWS eu-central-1 (Frankfurt, Germany). EU-only.

GDPR-ready

Enterprise SSO.

SAML 2.0

Continuous deployment + automated testing + CodeRabbit AI pre-deploy audit. 100% PR coverage.

Chrome extension. Framework-agnostic. React, Angular, Vue, Svelte, Shadow DOM. Zero production exposure.

Integrated strategy. Near-instant Disaster Recovery. Serverless minimises downtime risk.

Four roles. Zero ambiguity.

RBAC with SAML 2.0 SSO, managed via AWS authentication.

Admin

Full Control
  • Panel: create & manage users
  • Demo create / edit / share
  • All analytics & alerts

Creator

Demo Lifecycle
  • Create, edit & share demos
  • All analytics & alerts
  • Share folders with Presenters

Presenter

Delivery
  • Libraries + speaker notes
  • Edit & share rights
  • All analytics & alerts

Partner

Isolated Access
  • Specific library only
  • Templates + notes (no editing)
  • Own analytics only

Active ISO/IEC 27001 Certification

Our ISMS guarantees every operation on customer data follows strictly defined, documented, and regularly audited procedures. Scope covers production, development, and verification of software within the Demo Experience.

Download certificate

Customer FAQ

RBAC with SAML 2.0 SSO, managed via AWS authentication.
Is customer data stored in the EU?

Yes. All PII data is hosted on AWS eu-central-1 (Frankfurt, Germany).

How is data isolated between customers?

Logical multi-tenant isolation at both application and database level. No shared data surface between tenants.

Is data encrypted?

At rest: AES-256. In transit: TLS 1.2+. Applies to all PII and demo content on the platform.

Do you support SSO?

Yes — SAML 2.0 via AWS-native auth. Compatible with Okta, Azure AD, and major enterprise identity providers.

Does demo capture our production?

No. Demos are structurally decoupled from production backends, databases, and APIs. Zero production exposure.

Are you NIS2 compliant?

Demoboost treats NIS2 as an operational standard. Supply chain monitoring, GaurdDuty/Inspector real-time classification, serverless DR, and AI-driven audits align with NIS2 requirements.

Can we see presentation test results?

Summaries available to enterprise customer under NDA. Contact your account manager to request.