Decomplex is built on a robust and secure infrastructure designed for high availability, scalability, and data protection. Our architecture leverages modern cloud technologies to provide a reliable and performant platform for managing your family's complex affairs.
Hosting Environment
Data Sovereignty: All data resides within Switzerland, adhering to strict data privacy regulations.
High Security: Benefit from the cloud provider's physical and network security, complemented by our own stringent security measures.
Scalability: Kubernetes enables dynamic scaling of resources to meet evolving demands.
Core Components
Our infrastructure comprises several key components working in harmony:
DecomplexAI Web: The user interface, built with Next.js, providing a seamless and intuitive experience.
DecomplexAI API: The backend, built with Python/FastAPI/OpenAPI, handling all application logic and data interactions.
PostgreSQL Database: Serves as both the relational database and a vector store for efficient data management.
Workflow Engine (n8n): Automates tasks and integrations, streamlining complex processes.
S3 Object Storage: For secure and scalable storage of all documents and objects.
AWS Bedrock: Integrated for advanced AI functionalities (currently an MVP solution).
Keycloak: A centralized instance for federated authentication across all customers, ensuring secure access.
APISix: Centralized Ingress Management for secure external access to the platform.
Memgraph: A powerful graph database used for visualizing and managing complex family and business relationships.
Namespace Isolation
A cornerstone of our security and resource management strategy is namespace isolation. Each customer (family) is hosted within a dedicated Kubernetes namespace. This ensures:
Data Segregation: Your data and applications are logically and physically separated from other customers.
Resource Separation: Dedicated resources for each family prevent resource contention and ensure consistent performance.
Enhanced Security: Network policies enforce strict isolation, preventing unauthorized inter-namespace communication.
Security Measures
We implement comprehensive security measures across our infrastructure:
Data Encryption: All data is encrypted at rest and in transit using industry-standard protocols.
Kubernetes Security Best Practices: Adherence to best practices for RBAC (Role-Based Access Control) and network policies.
Regular Audits: Continuous security audits and vulnerability scanning to identify and address potential weaknesses.
Secure Authentication: Keycloak integration provides robust and federated authentication.
Optional VPN: For enhanced security, customers can configure a VPN connection to their dedicated namespace.
Scalability and Reliability
Our Kubernetes-based infrastructure is designed for inherent scalability and high reliability. The distributed nature of our components ensures that the platform remains available and performs optimally even under varying loads, providing uninterrupted access to your critical information.