Skip to content

Architecture Overview

Guardline is a cloud-native, single-tenant SaaS platform running on Kubernetes and deployed across 3 availability zones in a multicloud model, designed for high availability.

The platform is structured into seven horizontal layers, from the consumers at the top down to the cross-cutting observability layer at the bottom:

  1. Clients and Integrators
  2. Edge Layer
  3. API Gateway and Identity Management
  4. Kubernetes Cluster (three availability zones)
  5. Integration Hub (external providers)
  6. Object Storage (S3-compatible)
  7. Observability

The diagram above is a layered component view: each band groups components that share a responsibility and a security/networking boundary. Arrows show the high-level traffic direction from consumers to data and external dependencies; observability is cross-cutting and attaches to every layer at runtime.

The entry points through which external consumers reach the platform: human users, mobile and embedded experiences, programmatic integrators, asynchronous notifications, and third-party data sources.

ComponentDetailDescription
Web PortalBrowser-based access to the platform.
WebView SDKEmbedded SDK rendered inside a host application’s web view.
REST APIIntegratorsREST interface consumed by integrating partners.
WebhooksHMAC-SHA256Outbound event notifications, signed with HMAC-SHA256.
External ProvidersBR, AR, Global ListsThird-party sources spanning Brazil, Argentina, and global lists.

The perimeter security and content-delivery tier. It shields the platform from malicious traffic and accelerates static content before requests reach the gateway.

ComponentDetailDescription
WAFOWASP, Bot MgmtWeb Application Firewall with OWASP rule coverage and bot management.
DDoS ProtectionL3, L4, L7Distributed Denial-of-Service mitigation across network (L3 and L4) and application (L7) layers.
Global CDNStatic AssetsContent Delivery Network serving static assets from the edge.
DNSAutomatic FailoverDNS with automatic failover for resilience.

Layer 3, API Gateway and Identity Management

Section titled “Layer 3, API Gateway and Identity Management”

The control point for ingress traffic management and identity. It terminates TLS, enforces access policies, and manages cryptographic material.

ComponentDetailDescription
API GatewayTLS 1.3, Rate Limiting, RoutingSingle ingress point handling TLS 1.3 termination, rate limiting, and request routing.
IAMOAuth 2.0, OIDC, MFA, RBACIdentity and Access Management using OAuth 2.0 / OIDC, multi-factor authentication, and role-based access control.
Secrets ManagementmTLS, CertificatesCentralized management of secrets, mutual TLS, and certificates.

Layer attributes: single-tenant per client, HPA (Horizontal Pod Autoscaler), inter-service mTLS.

This is the core compute tier. Each customer gets a dedicated cluster (single-tenant). Elasticity is handled by HPA, and internal east-west traffic is encrypted with inter-service mTLS.

The cluster is composed of three identical zones (Zone A, Zone B, Zone C), each described as a Tier 3 Data Center. Every zone contains the same set of components:

ComponentDetailDescription
Nginx IngressIn-cluster ingress controller for the zone.
ONP PodKYC, KYB, Biometrics, Document Verification, ScoringOnboarding workload: identity (KYC) and business (KYB) verification, biometrics, document verification, and scoring.
FPP PodAnti-fraud, less than 300ms, UBA, Device IntelFraud prevention workload, targeting under 300ms latency, with User Behavior Analytics and device intelligence.
AML PodSanctions, PEP, UBO, Typologies, COAFAnti-Money-Laundering workload: sanctions, politically exposed persons, ultimate beneficial owners, typologies, and COAF reporting.
CMP PodCase Management, Queues, Approvals, Kevin AICase management workload with queues, approval levels, and the Kevin AI assistant.
HPAHorizontal Pod Autoscaler for the zone.
Guardline CoreDecision Engine, Scoring, AuthCentral service providing the decision engine, scoring, and authentication.
PostgreSQLPRIMARY (Zone A) / REPLICA (Zones B and C)Relational database; primary instance in Zone A, replicas in Zones B and C.
CachePRIMARY (Zone A) / REPLICA (Zones B and C)Caching layer; primary in Zone A, replicas in Zones B and C.

Data persistence follows a primary and replica model across the three zones:

  • PostgreSQL: the PRIMARY instance resides in Zone A; Zones B and C hold REPLICA instances.
  • Cache: the PRIMARY resides in Zone A; Zones B and C hold REPLICA instances.

Combined with the three Tier 3 data-center zones and per-zone HPA, this delivers high-availability and elasticity at the compute and data tiers.

Layer attributes: circuit breaker, retry, fallback, contract normalization.

A mediation tier that standardizes and protects calls to external data providers. The resilience patterns (circuit breaker, retry, fallback) limit blast radius when a downstream provider degrades, and contract normalization harmonizes heterogeneous provider interfaces.

ComponentDetailDescription
Integration HubThe mediation service applying the resilience patterns above.
Brazil ProvidersSerpro, Receita Federal, DETRAN, BureausBrazilian sources: Serpro, Receita Federal, DETRAN, and credit and data bureaus.
Argentina ProvidersUIF, Local BureausArgentine sources: UIF and local bureaus.
Global ListsOFAC, UN, PEPGlobal watchlists: OFAC, United Nations, and PEP lists.
Global ComplianceLGPD, BACEN, UIF, UK GDPR, FCA, BCURegulatory frameworks and authorities: LGPD, BACEN, UIF, UK GDPR, FCA, BCU.

Layer attributes: multi-zone replication, server-side encryption (SSE), per-tenant isolation.

S3-compatible object storage for unstructured artifacts produced and consumed during onboarding, fraud, AML, and case workflows.

BucketDetailDescription
Identity DocumentsStored identity documents.
Biometric ImagesStored biometric images.
COAF EvidenceAudit TrailCOAF-related evidence and audit trail.
OCR ResultsDocument VerificationOCR output and document-verification results.

Layer attributes: OpenTelemetry, Prometheus, Grafana, Traces, SLOs, Alerts.

A cross-cutting telemetry tier covering metrics, traces, dashboards, and alerting. Every other layer ships data here.

ComponentDetailDescription
OTel CollectorUnified CollectionOpenTelemetry collector providing unified telemetry collection.
PrometheusMetrics, AlertsMetrics storage and alerting.
Distributed TracesDistributed tracing of requests across services.
GrafanaDashboards, SLOsDashboards and Service Level Objective (SLO) visualization.

These properties apply across the platform and are reflected in multiple layers above:

CharacteristicWhere it surfaces
Cloud-NativeWhole platform
High AvailabilityThree zones, primary/replica data tier
Single-Tenant SaaSKubernetes layer (one cluster per client)
KubernetesCompute layer
Three Availability ZonesZones A, B, C
MulticloudDeployment model
Inter-service mTLSKubernetes layer
Autoscaling (HPA)Kubernetes layer, per-zone HPA
Encryption at rest (SSE)Object Storage layer
Per-tenant isolationObject Storage layer, Kubernetes single-tenancy

Onboarding Platform (ONP) manages the end-customer enrollment flow. The institution configures the journey steps (data collection, document verification, biometrics, list lookups) and ONP orchestrates the execution, delegating risk assessment and scoring to the Core.

Fraud Prevention Platform (FPP) lets analysts and managers monitor transactions in real time. Transactions go through the Core decision engine, which applies the institution’s configured rules and returns a decision (approve, reject, or send to manual review).

Case Management Platform (CMP) centralizes investigation and case management. Cases can be created automatically by the decision engine or manually by analysts. CMP records every action in the Core audit trail.

The Core provides shared services consumed by all modules:

  • Decision Engine: runs the rules, flows, and policies configured by the institution. Receives requests from the modules and returns structured decisions.
  • Authentication: manages identity and access for internal users, including SSO via SAML and OpenID Connect.
  • List Management: maintains internal lists (configured by the institution) and consumes external lists (PEP, OFAC, UN) with real-time updates.
  • Audit Trail: records every platform operation in an immutable log, accessible to the institution for audit and compliance purposes.
  • Notifications: dispatches alerts and communications to internal users based on configured rules.
  • Scoring: computes risk scores from models and parameters defined by the institution.

The platform consumes third-party services at two points:

  • ONP integrates with verification partners (biometrics, document forensics, identity validation) according to the institution’s configured journey.
  • The Core queries public sanctions and PEP lists (OFAC, UN, and others) and keeps them refreshed in real time.

The architecture is designed for compliance with the following regulations:

  • Brazil: BACEN Circular 3.978 (AML and CFT procedures, KYC, monitoring, and COAF reporting), COAF resolutions, LGPD
  • Argentina: BCRA and UIF requirements applicable to obliged entities
  • International standards: FATF recommendations for anti-money-laundering and counter-terrorism financing

The decision engine is configurable per jurisdiction, allowing the institution to define country-specific or operation-specific rules.