Architecture Overview
High-Level Architecture
Section titled “High-Level Architecture”Guardline is a cloud-native, single-tenant SaaS platform running on Kubernetes and deployed across 3 availability zones in a multicloud model, designed for high availability.
The platform is structured into seven horizontal layers, from the consumers at the top down to the cross-cutting observability layer at the bottom:
- Clients and Integrators
- Edge Layer
- API Gateway and Identity Management
- Kubernetes Cluster (three availability zones)
- Integration Hub (external providers)
- Object Storage (S3-compatible)
- Observability
The diagram above is a layered component view: each band groups components that share a responsibility and a security/networking boundary. Arrows show the high-level traffic direction from consumers to data and external dependencies; observability is cross-cutting and attaches to every layer at runtime.
Layer 1, Clients and Integrators
Section titled “Layer 1, Clients and Integrators”The entry points through which external consumers reach the platform: human users, mobile and embedded experiences, programmatic integrators, asynchronous notifications, and third-party data sources.
| Component | Detail | Description |
|---|---|---|
| Web Portal | — | Browser-based access to the platform. |
| WebView SDK | — | Embedded SDK rendered inside a host application’s web view. |
| REST API | Integrators | REST interface consumed by integrating partners. |
| Webhooks | HMAC-SHA256 | Outbound event notifications, signed with HMAC-SHA256. |
| External Providers | BR, AR, Global Lists | Third-party sources spanning Brazil, Argentina, and global lists. |
Layer 2, Edge Layer
Section titled “Layer 2, Edge Layer”The perimeter security and content-delivery tier. It shields the platform from malicious traffic and accelerates static content before requests reach the gateway.
| Component | Detail | Description |
|---|---|---|
| WAF | OWASP, Bot Mgmt | Web Application Firewall with OWASP rule coverage and bot management. |
| DDoS Protection | L3, L4, L7 | Distributed Denial-of-Service mitigation across network (L3 and L4) and application (L7) layers. |
| Global CDN | Static Assets | Content Delivery Network serving static assets from the edge. |
| DNS | Automatic Failover | DNS with automatic failover for resilience. |
Layer 3, API Gateway and Identity Management
Section titled “Layer 3, API Gateway and Identity Management”The control point for ingress traffic management and identity. It terminates TLS, enforces access policies, and manages cryptographic material.
| Component | Detail | Description |
|---|---|---|
| API Gateway | TLS 1.3, Rate Limiting, Routing | Single ingress point handling TLS 1.3 termination, rate limiting, and request routing. |
| IAM | OAuth 2.0, OIDC, MFA, RBAC | Identity and Access Management using OAuth 2.0 / OIDC, multi-factor authentication, and role-based access control. |
| Secrets Management | mTLS, Certificates | Centralized management of secrets, mutual TLS, and certificates. |
Layer 4, Kubernetes Cluster
Section titled “Layer 4, Kubernetes Cluster”Layer attributes: single-tenant per client, HPA (Horizontal Pod Autoscaler), inter-service mTLS.
This is the core compute tier. Each customer gets a dedicated cluster (single-tenant). Elasticity is handled by HPA, and internal east-west traffic is encrypted with inter-service mTLS.
The cluster is composed of three identical zones (Zone A, Zone B, Zone C), each described as a Tier 3 Data Center. Every zone contains the same set of components:
| Component | Detail | Description |
|---|---|---|
| Nginx Ingress | — | In-cluster ingress controller for the zone. |
| ONP Pod | KYC, KYB, Biometrics, Document Verification, Scoring | Onboarding workload: identity (KYC) and business (KYB) verification, biometrics, document verification, and scoring. |
| FPP Pod | Anti-fraud, less than 300ms, UBA, Device Intel | Fraud prevention workload, targeting under 300ms latency, with User Behavior Analytics and device intelligence. |
| AML Pod | Sanctions, PEP, UBO, Typologies, COAF | Anti-Money-Laundering workload: sanctions, politically exposed persons, ultimate beneficial owners, typologies, and COAF reporting. |
| CMP Pod | Case Management, Queues, Approvals, Kevin AI | Case management workload with queues, approval levels, and the Kevin AI assistant. |
| HPA | — | Horizontal Pod Autoscaler for the zone. |
| Guardline Core | Decision Engine, Scoring, Auth | Central service providing the decision engine, scoring, and authentication. |
| PostgreSQL | PRIMARY (Zone A) / REPLICA (Zones B and C) | Relational database; primary instance in Zone A, replicas in Zones B and C. |
| Cache | PRIMARY (Zone A) / REPLICA (Zones B and C) | Caching layer; primary in Zone A, replicas in Zones B and C. |
High-availability topology
Section titled “High-availability topology”Data persistence follows a primary and replica model across the three zones:
- PostgreSQL: the PRIMARY instance resides in Zone A; Zones B and C hold REPLICA instances.
- Cache: the PRIMARY resides in Zone A; Zones B and C hold REPLICA instances.
Combined with the three Tier 3 data-center zones and per-zone HPA, this delivers high-availability and elasticity at the compute and data tiers.
Layer 5, Integration Hub
Section titled “Layer 5, Integration Hub”Layer attributes: circuit breaker, retry, fallback, contract normalization.
A mediation tier that standardizes and protects calls to external data providers. The resilience patterns (circuit breaker, retry, fallback) limit blast radius when a downstream provider degrades, and contract normalization harmonizes heterogeneous provider interfaces.
| Component | Detail | Description |
|---|---|---|
| Integration Hub | — | The mediation service applying the resilience patterns above. |
| Brazil Providers | Serpro, Receita Federal, DETRAN, Bureaus | Brazilian sources: Serpro, Receita Federal, DETRAN, and credit and data bureaus. |
| Argentina Providers | UIF, Local Bureaus | Argentine sources: UIF and local bureaus. |
| Global Lists | OFAC, UN, PEP | Global watchlists: OFAC, United Nations, and PEP lists. |
| Global Compliance | LGPD, BACEN, UIF, UK GDPR, FCA, BCU | Regulatory frameworks and authorities: LGPD, BACEN, UIF, UK GDPR, FCA, BCU. |
Layer 6, Object Storage (S3-Compatible)
Section titled “Layer 6, Object Storage (S3-Compatible)”Layer attributes: multi-zone replication, server-side encryption (SSE), per-tenant isolation.
S3-compatible object storage for unstructured artifacts produced and consumed during onboarding, fraud, AML, and case workflows.
| Bucket | Detail | Description |
|---|---|---|
| Identity Documents | — | Stored identity documents. |
| Biometric Images | — | Stored biometric images. |
| COAF Evidence | Audit Trail | COAF-related evidence and audit trail. |
| OCR Results | Document Verification | OCR output and document-verification results. |
Layer 7, Observability
Section titled “Layer 7, Observability”Layer attributes: OpenTelemetry, Prometheus, Grafana, Traces, SLOs, Alerts.
A cross-cutting telemetry tier covering metrics, traces, dashboards, and alerting. Every other layer ships data here.
| Component | Detail | Description |
|---|---|---|
| OTel Collector | Unified Collection | OpenTelemetry collector providing unified telemetry collection. |
| Prometheus | Metrics, Alerts | Metrics storage and alerting. |
| Distributed Traces | — | Distributed tracing of requests across services. |
| Grafana | Dashboards, SLOs | Dashboards and Service Level Objective (SLO) visualization. |
Cross-cutting characteristics
Section titled “Cross-cutting characteristics”These properties apply across the platform and are reflected in multiple layers above:
| Characteristic | Where it surfaces |
|---|---|
| Cloud-Native | Whole platform |
| High Availability | Three zones, primary/replica data tier |
| Single-Tenant SaaS | Kubernetes layer (one cluster per client) |
| Kubernetes | Compute layer |
| Three Availability Zones | Zones A, B, C |
| Multicloud | Deployment model |
| Inter-service mTLS | Kubernetes layer |
| Autoscaling (HPA) | Kubernetes layer, per-zone HPA |
| Encryption at rest (SSE) | Object Storage layer |
| Per-tenant isolation | Object Storage layer, Kubernetes single-tenancy |
Modules
Section titled “Modules”Onboarding Platform (ONP) manages the end-customer enrollment flow. The institution configures the journey steps (data collection, document verification, biometrics, list lookups) and ONP orchestrates the execution, delegating risk assessment and scoring to the Core.
Fraud Prevention Platform (FPP) lets analysts and managers monitor transactions in real time. Transactions go through the Core decision engine, which applies the institution’s configured rules and returns a decision (approve, reject, or send to manual review).
Case Management Platform (CMP) centralizes investigation and case management. Cases can be created automatically by the decision engine or manually by analysts. CMP records every action in the Core audit trail.
Guardline Core
Section titled “Guardline Core”The Core provides shared services consumed by all modules:
- Decision Engine: runs the rules, flows, and policies configured by the institution. Receives requests from the modules and returns structured decisions.
- Authentication: manages identity and access for internal users, including SSO via SAML and OpenID Connect.
- List Management: maintains internal lists (configured by the institution) and consumes external lists (PEP, OFAC, UN) with real-time updates.
- Audit Trail: records every platform operation in an immutable log, accessible to the institution for audit and compliance purposes.
- Notifications: dispatches alerts and communications to internal users based on configured rules.
- Scoring: computes risk scores from models and parameters defined by the institution.
External services
Section titled “External services”The platform consumes third-party services at two points:
- ONP integrates with verification partners (biometrics, document forensics, identity validation) according to the institution’s configured journey.
- The Core queries public sanctions and PEP lists (OFAC, UN, and others) and keeps them refreshed in real time.
Regulatory compliance
Section titled “Regulatory compliance”The architecture is designed for compliance with the following regulations:
- Brazil: BACEN Circular 3.978 (AML and CFT procedures, KYC, monitoring, and COAF reporting), COAF resolutions, LGPD
- Argentina: BCRA and UIF requirements applicable to obliged entities
- International standards: FATF recommendations for anti-money-laundering and counter-terrorism financing
The decision engine is configurable per jurisdiction, allowing the institution to define country-specific or operation-specific rules.