How deeplinq is built
A four-layer architecture designed for sovereignty, auditability, and integration.
The four layers
Each layer is independently replaceable. The whole stack runs inside the perimeter the institution already controls, with RBAC and audit trail as cross-cutting concerns.
- Connector Hub
- Reads and writes to your existing systems : SAP, Oracle, Salesforce, Microsoft Dynamics, Temenos, Finastra, Murex, Avaloq, document stores, MES, SCADA, custom APIs. The platform meets your stack where it is — no data migration required.
- RAG Engine + Index
- Semantic indexing of documents, structured data, and conversational state. Hybrid retrieval combines keyword and semantic search, with source citations on every answer the agent returns.
- LLM Router + Orchestration
- Routes requests to the appropriate model. Cloud APIs (OpenAI, Anthropic, Mistral, Google) where the workload allows, or self-hosted open weights (Llama, Qwen, Mistral, Gemma, Falcon) where sovereignty requires it. Model versions are pinned ; multi-LLM is the default.
- Agent Orchestrator
- Where business teams interact via deployed agents — scoped per team, per use case, per role. Multiple agent types coexist : relationship-manager briefing, compliance research, operations triage, executive summary.
Cross-cutting concerns
Three concerns wrap every layer.
Sovereignty
Four deployment modes : on-premise, air-gapped, your own cloud (AWS / Azure / GCP), or a deeplinq-managed multi-tenant cloud. The same platform binary runs in all four — sovereignty becomes a deployment choice, not a separate product.
Evidence
Append-only audit trail. Every prompt, retrieval, model call, routing decision, and agent action is hash-chained and signed. Tampering is detectable. Exports are formatted for the regulator, the DPO, and the internal auditor.
RBAC
Scoped access control by user, team, and agent. Document-level, record-level, and field-level controls. Retention, redaction, and residency travel with the access policy — one model, applied across the stack.
Deployment modes
The same platform binary, four envelopes. Choose by data class, regulatory regime, and CISO posture.
On-premise
Inside the institution's data centre. Models, vector stores, orchestration, and logs live on infrastructure the CISO already controls. For private banking, healthcare with strict residency, and public-sector workloads.
Air-gapped
No external network path. Inference, retrieval, and orchestration entirely on local infrastructure. Model updates and audit exports via controlled physical transfer. For classified workloads and offline industrial environments.
Your own cloud
Deploy into AWS, Azure, Google Cloud, or a sovereign-cloud region you choose. You own infrastructure, we provide platform — residency and data paths defined by your contract, not deeplinq's.
deeplinq-managed cloud
For workloads where the institution's compliance posture allows a managed-platform service. Tenant isolation, encryption, and evidence-trail discipline preserved at the platform layer.
Model agnosticism
The platform runs against the model that fits the institution's sovereignty and compliance posture. Cloud APIs for non-sensitive workloads — OpenAI, Anthropic, Mistral, Google. Open-weights models for on-premise or air-gapped deployments — Llama, Qwen, Mistral open, Gemma, Falcon. Switch per use case, per team, or per policy. Model-version pinning means the output produced today reconstructs the same reasoning twelve months later. The choice belongs to the institution, not the platform.
Integration with existing systems
Connector categories supported out of the box. Custom connectors built per engagement when the institution's stack requires it.
Core banking & wealth
Temenos, Finastra, Murex, Avaloq, Mambu, custom-built cores.
ERP & finance
SAP, Oracle, Microsoft Dynamics, Workday, NetSuite.
CRM & customer engagement
Salesforce, Microsoft Dynamics 365, HubSpot, custom CRMs.
Document & content
SharePoint, Box, document-management systems, internal archives.
Operational & industrial
MES, SCADA, AMOS, ARMS, FRMS, EFB, NMS, ticketing, change-control.
Custom
Any system reachable by REST, GraphQL, ODBC, or message queue. Per-engagement scoping.
For full architecture review
We share the deeplinq architecture document, deployment-mode mapping, and integration catalogue under NDA with prospective institutional customers.