Read-only architecture. EU residency. Immutable evidence.
Six structural commitments. Each is enforced at the architecture layer, not at the policy layer. Misconfiguration cannot violate them.
Read-only by design
Inform, Don't Act. The platform reads Azure metadata via Resource Graph and never holds write permissions on customer subscriptions. There is no write-path, no policy push, no resource modification — and no code path that could be enabled to add one.
Tenant isolation
Row-level security at the database layer. Every query is scoped by tenant identifier extracted from the JWT — never the request body. No cross-tenant data path is architecturally possible under any failure mode.
Network
Azure Front Door fronts every public surface, with WAF (Web Application Firewall) running OWASP CRS 3.2 and BotManager 1.0 in Prevention mode on production. Backend PaaS services sit behind private endpoints; no SQL or storage account is reachable from the public internet.
Data residency
All data is processed and stored exclusively within Azure North Europe (Ireland) and West Europe (Netherlands). The legal entity is Irish-incorporated and Irish-law governed. No data leaves the EU under any flow.
Evidence immutability
Compliance evaluation records are write-once at the database layer. Historical state is permanent — never updated, never deleted. Tamper-evident audit trail. Seven-year retention.
Identity
Authentication runs on Microsoft Entra External ID (CIAM). Customer Azure subscription onboarding uses the multi-tenant admin-consent flow — no long-lived credentials are stored anywhere on the platform.
DPA available on request — mulang.mika@equalistech.com