Data Flow Architecture

Overview

Solatis processes user data through multiple stages, with security controls and transformations at each layer.

Document Upload & Processing

Client Application
      ↓
[TLS 1.3 Encrypted]
      ↓
API Gateway (WAF, Rate Limit)
      ↓
Authentication & Authorization
      ↓
File Validation
- Size check (max 100MB)
- Format validation
- Virus scanning
      ↓
Blob Storage (AES-256)
      ↓
Document Ingestion Service
- Text extraction
- Metadata parsing
- Encryption
      ↓
Indexing Service
- Create search index
- Generate embeddings
- Store in encrypted database
      ↓
Ready for Analysis

Security Controls

1. Upload Phase

   • TLS encryption for upload
   • File size validation
   • Format whitelist enforcement
   • Antivirus scanning

2. Storage Phase

   • AES-256 encryption
   • Separate encryption keys per user
   • Access logging
   • Version control (encrypted)

3. Processing Phase

   • Sandboxed processing
   • No network access during processing
   • Memory cleared after processing
   • Encrypted temporary files

Document Analysis Flow

User Request
      ↓
[Authenticated API Call]
      ↓
Authorization Check
- User can access document?
- Sufficient quota?
      ↓
Analysis Service
- Load encrypted document
- AI model processing
- Generate results
      ↓
Results Storage (Encrypted)
      ↓
Audit Logging
      ↓
Return to User

Processing Steps

Step	Description	Security
1. Load	Retrieve from encrypted storage	Keys available only in memory
2. Extract	OCR/text extraction	Sandboxed processing
3. Analyze	LLM analysis	No external API calls with raw data
4. Structure	Format results	No data sent outside VPC
5. Store	Save encrypted results	New encryption keys used
6. Cleanup	Securely erase temp data	Overwrite memory + storage

Meeting Transcription Flow

Meeting Recording (Local or Cloud)
      ↓
Download (if cloud-based)
[TLS Encrypted]
      ↓
Transcription Service
- Audio segmentation
- Speech-to-text (local model)
- Timestamps
      ↓
Encrypted Storage
      ↓
Analysis Service
- Extract entities
- Generate summary
- Action item detection
      ↓
Store Results (AES-256)
      ↓
Notify User

Local vs. Cloud Processing

Local Processing (Recommended)

• Record meeting locally
• Upload after meeting ends
• Full data control
• No real-time transmission

Cloud Integration (Available)

• Zapier/Make webhook integration
• Real-time encryption
• Automatic upload
• Transparent processing

API Request Flow

Client Application
      ↓
HTTPS Request
- TLS 1.3
- API Key in header
      ↓
API Gateway
- Rate limiting
- WAF rules
- IP validation
      ↓
Authentication Service
- Validate API key
- Check scopes/permissions
- Rate limit check
      ↓
Authorization Service
- Verify resource access
- Check organization permissions
- Validate action allowed
      ↓
Service Handler
- Process request
- Retrieve encrypted data
- Apply transformations
      ↓
Audit Logging
- Log API call
- Log data accessed
- Log action taken
      ↓
Response (Encrypted)
- JSON response
- TLS transmission

Rate Limiting Strategy

┌─────────────────────┐
│  API Request        │
└──────────┬──────────┘
           │
     ┌─────▼─────┐
     │ Check Key │
     │ Rate Limit│
     └──┬───┬──┬─┘
        │   │  │
    Pass│   │  │Exceed
        │   │  └──► 429 Too Many Requests
        │   │
        ▼   ▼
    Check    Retry
    Wait

Data Retention Flow

Data Created
     ↓
┌─────────────────┐
│ Retention Timer │
│ (per policy)    │
└────────┬────────┘
         │
    ┌────▼─────┐
    │ Reaching │
    │ Expiry   │
    └────┬─────┘
         │
    ┌────▼──────────────┐
    │ User Defined      │
    │ - Delete now      │
    │ - Keep forever    │
    │ - Archive         │
    └────┬─┬────────┬───┘
         │ │        │
         │ │        └──► Archive (Encrypted)
         │ │
         │ └──────────► Keep (Encrypted)
         │
         └────────────► Delete
                        - Overwrite with zeros
                        - Remove from backups
                        - Log deletion

Real-time Monitoring Flow

User Actions
     │
     ├─► Document Upload
     ├─► Analysis Request
     ├─► Agent Execution
     ├─► API Call
     ├─► Settings Change
     │
     ▼
Security Monitoring
     │
     ├─► Threat Detection
     │   - Unusual activity?
     │   - Failed auth attempts?
     │   - Rate limit violations?
     │
     ├─► Logging
     │   - Store in encrypted log
     │   - Index for search
     │   - Archive old logs
     │
     └─► Alerting
         - Critical: Instant alert
         - High: Within 1 hour
         - Medium: Daily summary

Backup & Recovery Flow

Production Data
      │
      ├─► Daily Backup (00:00 UTC)
      │   - Full backup created
      │   - Encrypted with master key
      │   - Stored in redundant locations
      │
      ├─► Hourly Incremental
      │   - Only changes since last backup
      │   - Faster backups
      │   - Quick recovery
      │
      └─► Testing (Monthly)
          - Recovery test
          - Integrity check
          - Performance validation

Data Export Flow

User Request
      │
      ▼
Authorization Check
- Can user export?
- What data?
      │
      ├─► Approved
      │   - Retrieve encrypted data
      │   - Compile export
      │   - Encrypt with user's key
      │   - Generate download link
      │   - Log export action
      │   - Link expires in 24 hours
      │
      └─► Denied
          - Log attempt
          - Notify user

Audit Log Flow

Any Data Access
      │
      ▼
┌──────────────────┐
│ Audit Log Entry  │
├──────────────────┤
│ Timestamp        │
│ User ID          │
│ Action           │
│ Resource ID      │
│ Result           │
│ IP Address       │
│ User Agent       │
└──────┬───────────┘
       │
       ▼
Store in Audit DB
(Encrypted, append-only)
       │
       ├─► Available to Admin/User
       │   via UI or API
       │
       └─► Retained per policy
           (default: 1 year)

Third-Party Integration Flow

For integrations with external services:

User Authorizes Integration
      │
      ▼
OAuth/API Key Exchange
      │
      ├─► Store credentials
      │   - Encrypted at rest
      │   - Only in secure vault
      │
      ├─► When integration needed
      │   - Retrieve credentials
      │   - Use for API call
      │   - Verify response
      │   - Transform & store result
      │
      └─► Audit logging
          - Log external call
          - Log data transmitted
          - Log integration result

Zero-Knowledge Architecture

Where applicable, Solatis uses zero-knowledge principles:

End-to-End Encryption

• Data encrypted on client
• Solatis never has plaintext keys
• Decryption happens on client
• Server processes encrypted data only

Applies to:

• Private documents (opt-in)
• Sensitive analyses
• Custom data storage

Performance vs. Security Trade-offs

Component	Security Level	Performance	Use Case
Full Encryption	High	Standard	Default
Encrypted Storage	High	Fast	APIs
Compression	Medium	Very Fast	Large data
Caching	Medium	Very Fast	Read-heavy
Streaming	Medium	Fast	Large files

Data Minimization

Solatis follows data minimization principles:

• Collect: Only necessary data
• Process: Only required for function
• Store: Retain only as needed
• Delete: Remove when no longer needed

Questions about data flow? Contact security@solatis.team