Architecture

The why behind a 4–6 week go-live.

Multi-tenant by default, single-tenant on demand. Event-driven core, API-first surface, cloud-native on AWS Mumbai. The product moves fast because the architecture lets it.

Architectural pillars

Six choices made on day one.

Multi-tenant by default

Logical tenant isolation. Per-tenant configuration of products, workflows, branding and reporting. Cross-tenant queries are physically prevented at the DB layer.

Single-tenant on demand

For enterprise NBFCs and co-op banks: dedicated infrastructure, per-customer encryption keys, custom maintenance windows.

Event-driven core

Every state change emits an event. Audit trail, downstream integrations and AI-decisioning agents subscribe to the same event stream.

API-first

REST + webhook surface for every workflow. Pre-built integrations for KYC vendors, bureaus, payment partners, core banking systems.

Cloud-native on AWS Mumbai

ap-south-1 region. Multi-AZ. RDS Postgres with point-in-time recovery. S3 for documents. KMS for encryption keys.

Observability

Structured logs, distributed tracing, real-time dashboards. SLA monitoring on the critical-path APIs.

The stack

What we run, and why we run it.

Application

TypeScript / Node.js services + Python AI workers

TS for the workflow engine and APIs; Python for ML / agent orchestration.

Workflow engine

Temporal for long-running orchestration

Loan applications, KYC loops and collections cycles are days-long state machines. Temporal makes them durable.

Data

PostgreSQL primary + DuckDB / ClickHouse for analytics

Strict consistency on the operational ledger; columnar analytics for reporting and dashboards.

Events

Kafka (MSK) for the event bus

Every state change is an event. The audit log, the analytics warehouse and the AI agents all subscribe to the same stream.

Files

S3 with server-side encryption + KMS

KYC documents, signed agreements, statement uploads — encrypted at rest with per-tenant keys.

AI inference

Hosted LLM gateway + in-house vision

Frontier LLMs via gateway with cost controls; document vision pipeline runs in-VPC for data residency.

Infrastructure

AWS Mumbai (ap-south-1) on Terraform + ECS Fargate

India-resident, multi-AZ, infra-as-code so single-tenant copies are reproducible.

Integrations

Pre-built where it counts.

40+ pre-built integrations across the Indian lending stack. Listed are the most common — others available on request.

KYC / verification

Hyperverge, Karza, Signzy, IDfy, Surepass, NSDL e-KYC, Digilocker

Credit bureaus

CIBIL, Experian, Equifax, CRIF Highmark, RBI CIC reports

Payment & disbursement

Razorpay X, Cashfree Payouts, M2P, Decentro, Yes Bank API, ICICI API

Core banking

Finacle, Flexcube, Oracle FCUBS, in-house RDBMS via JDBC

Accounting

Tally, Zoho Books, QuickBooks, SAP Business One

Communication

WhatsApp Business Cloud API, Karix, Gupshup, Exotel, Knowlarity

Scale & SLA

What you can hold us to.

Published SLAs apply to production tier. Single-tenant deployments get tighter SLAs by contract.

99.9%

platform availability on multi-tenant tier

99.95%

platform availability on single-tenant tier

< 250 ms

p95 API latency for application APIs

< 90 s

median KYC turnaround for a complete digital file

24×7

incident response for Severity-1

4 hrs

RTO on production tier

15 min

RPO on production tier

Daily

cross-region backup snapshot

Security

What sits between attacker and data.

Data

India-resident, KMS-encrypted

All customer and borrower data physically resident in AWS Mumbai (ap-south-1). Per-tenant KMS CMKs on single-tenant tier. TLS 1.3 in transit.

Access

Zero-trust, MFA-enforced

No standing access to production. Just-in-time access via short-lived role assumption. MFA enforced on all internal tooling.

Audit

Tamper-evident logs

Every state change is append-only and hash-chained. Pre-signed inspection mode for regulators and statutory auditors.

Testing

VAPT, code, dependencies

Quarterly third-party VAPT. SAST + DAST in CI. Dependency scanning with same-day patch SLA on critical CVEs.

Certifications

ISO 27001, SOC 2 — in progress

SOC 2 Type II and ISO 27001 audit cycles scheduled for 2026. CERT-In compliance and incident reporting active today.

BCP / DR

Cross-region backup

Daily backup snapshots to a separate AWS region. Quarterly disaster-recovery drill with restore-time and data-loss benchmarks documented.

Want a deeper dive?

We'll send the architecture pack.

Diagrams, integration patterns, the security questionnaire and runbook summaries — shared under NDA.

Request the pack Back to home