Technology stack
Verax is a headless, modular architecture. The sections below describe the system as designed; we are pre-authorisation and running only against synthetic data today. Third-party integrations with authorised institutions will be activated post-authorisation, subject to contract.
Compliance decisioning engine
A deterministic, policy-as-code decision layer for KYB, sanctions, PEP, adverse media, and dual-use screening. LLM agents (via Dify, GPT-4o and Claude 3.5) are used in an assistive, human-in-the-loop mode for amber cases — they do not make final decisions without review.
Orchestration & reconciliation layer
A routing layer that will, post-authorisation, mediate API calls between our customers and authorised payment/custody partners. The partner is not currently named publicly — selection and commercials are in negotiation. Verax itself will never hold client money.
Immutable ledger
Every compliance decision and reconciliation event is written to an append-only ledger with a cryptographic hash chain, a DEFERRABLE CONSTRAINT TRIGGER that rejects unbalanced entries at the database level, and a 6-year retention window. Designed for deterministic replay.
Encryption & data protection
TLS 1.3 in transit. KMS-managed keys. AES-256 at rest via AWS RDS and S3 with Object Lock. Personal data is processed under UK GDPR; retention and lawful-basis mapped per purpose. ICO registration pending prior to any live processing.
Operational resilience
Multi-AZ PostgreSQL RDS, Terraform-managed infrastructure, blue-green deploys, OpenTelemetry traces, Prometheus metrics, Grafana dashboards, Loki logs. Target uptime SLO 99.9%; figures we publish today are measured on internal staging, not against customer traffic.
Anything marked as a partner integration on this page describes the designed architecture. Verax does not yet have production contracts with the named categories of third parties, and any reference to specific vendors (e.g. Fireblocks, Chainalysis) is illustrative of the partner category we intend to use once authorised. Binding partner announcements will be made only when contracts are signed.
Want the architecture pack?
The diligence pack contains architecture diagrams, threat model, SBOM, CI/CD design and code-to-control trace matrix. Available to sophisticated counterparties under NDA.