Security is the product.
Maryah holds unaudited financials, customer contracts, and the fact that a company is for sale. This page describes the mechanisms that protect all of it. No badge wall: the actual architecture, in plain language.
Your organisation
Every other organisation
Format specimen, placeholder mandate names. The boundary is architectural, not a permission setting.
A deal file leaks in specific ways.
The threat model for M&A software is not abstract. A deal leaks through a session that outlives a departed employee, a password that was all an attacker needed, a colleague who could browse a mandate that was not theirs, a data room PDF forwarded outside the process, and an anonymous link nobody can pull back. Each mechanism below exists to close one of those paths.
Two design rules sit above all of them. First, security defaults are mandatory: there is no setting that turns two-factor off and no way to create an unaccountable link. Second, the sensitive path is the governed path: there is exactly one way material leaves the system, so there is exactly one thing to control, log, and revoke.
Seven mechanisms, in plain language.
Each one is enforced in the platform's code path, not offered as an option.
Revocable server-side sessions
Every sign-in creates a session that lives on the server, not a self-contained token that stays valid until it expires. When an advisor leaves a firm or a device is lost, the session is revoked and access ends at that moment. Sessions are visible per account, so you can see what is signed in and kill it.
Mandatory two-factor authentication
Every account enrolls a time-based one-time code (TOTP) at signup, and every sign-in requires it. There is no opt-out, no admin exemption, and no fallback that skips it. A stolen password alone does not open a deal file.
Accounts are approved, not open
Signing up does not grant access. Accounts are activated by approval, so the set of people who can reach the platform is a decision someone made, not a side effect of a form.
Cross-site request forgery defense
Every state-changing request must carry proof that it came from the application itself, using a custom header that a foreign website cannot set. A malicious page in another tab cannot piggyback on a signed-in session to act on your deals.
The hard organisational boundary
Every access to a deal passes through a single access check that enforces the firm boundary; there is no code path around it. Inside a firm, mandates have visibility levels, and a private mandate is visible to its owner only: not to colleagues, and not to the organisation's own admin. The platform operator role can manage accounts but is never granted deal data.
Watermarked, logged data rooms
Counterparties never share a generic login. Each admitted recipient gets their own view of the room, document views are watermarked to the viewer, and every open and download is logged. If a page surfaces where it should not be, you know which access produced it, and you can end that access on the spot.
Revocable share links, the only exit
The one way material leaves Maryah is a share link tied to a named recipient, and every such link can be revoked at any time, immediately. There are no anonymous links, no public links, and no way to generate an ungoverned export of the room.
Whose data it stays.
The commitments on what happens to client material once it is inside.
No training on client data
Deal documents and figures are never used to train models: not ours, and not our model providers'. Client material is processed to serve the mandate and nothing else.
Hosting you can inspect
Client data is stored with major cloud providers, encrypted in transit and at rest. We walk through the full infrastructure map, including where every store lives, in the demo, under NDA if you prefer.
Isolation by design
The marketing site and the application run as separate deployments, so the surface that holds deal data is not the surface that serves public pages.
Deletion that means it
When a mandate ends and the firm asks for removal, the deal file is deleted from the platform. Your deal record is not quietly retained as someone else's asset.
What Maryah does not do.
Often the sharper question. These are architectural facts, not policies that can drift.
No anonymous sharing
There is no feature that creates an unaccountable link. If it left the system, there is a named recipient and a log entry behind it.
No cross-firm visibility, ever
No aggregation, benchmarking, or “network insight” feature exposes one firm's deal data to another. The boundary has no marketing exceptions.
No silent staff access to deal files
Operating the platform means managing accounts and infrastructure. It does not mean reading mandates: the operator role carries no deal-data grant.
No security theatre
We are a young platform and we say so. What we claim here is what is built and enforced in code, and in the demo we will show you the mechanisms themselves rather than point at a badge. Bring your security reviewer; we like those calls.
Confidential by default. One governed exit. Every access named, logged, and revocable.
Put the architecture to the test.
Request a demo and bring your hardest security questions. We would rather lose an hour proving the boundary than win a client who never checked it.