Technical Brief
How Integrius Works
The platform in one page: architecture, security model, deployment model, compliance coverage, and the numbers behind them. Written for the engineers and security teams who will evaluate it.
Architecture
Sources In. Governed Data Products Out.
N sources and M consumers normally means N times M point-to-point pipelines. Integrius collapses that to N plus M: every source connects once to the unified layer, every consumer reads governed data products through stable, versioned APIs.
1 · Sources
16 connector types
Each with connection testing, schema discovery, AES-256-GCM credential encryption, and SSRF-aware URL validation.
2 · Unified layer
Standard Fields
An organization-wide canonical schema. Sources map into it through governed field mappings with approval workflows.
3 · Data products
Owned, versioned, audited
Composed from sources or other data products. Entity-keyed joins in real time. Each has an accountable owner and one stable API endpoint.
4 · Consumers
Apps, SDK, Search, Optic
Applications via the typed SDK, federated search, and Optic: plain-English AI analytics with RBAC enforced upstream.
Dependency graph and blast radius: every data product knows what it depends on and what depends on it. Schema changes, field removals, and access revocations show their full downstream impact before anything is changed.
Security model
Designed for the Security Review
Identity & access
- ·RBAC with 4 built-in roles and 24 granular permissions, evaluated on every request
- ·TOTP MFA, OIDC SSO, SAML 2.0, SCIM 2.0 provisioning
- ·Scoped API keys with IP allowlists and per-key rate limits
Data protection
- ·Source credentials encrypted at rest with AES-256-GCM
- ·SSRF-aware validation on every outbound connector URL
- ·Field-level access control on data products
Audit & integrity
- ·Tamper-evident audit log: HMAC or Ed25519 hash-chained, with an append-only database trigger
- ·21 CFR Part 11 e-signatures: re-authentication plus stated reason, chained into the audit row
- ·Field mapping changes pass through approval workflows
Integration surface
- ·Signed webhooks for verifiable event delivery
- ·WebSockets for realtime updates, Prometheus metrics for observability
- ·Complete OpenAPI documentation, generated from the platform
Deployment model
Your Infrastructure. All of It.
Self-hosted, always
The entire platform runs inside your infrastructure: your VPC, your data center, or an air-gapped enclave. There is no SaaS control plane and no phone-home. Nothing to allowlist outbound.
AI inside the boundary
Optic, the AI analytics layer, performs inference on a local LLM via Ollama by default. Questions, schemas, and data stay inside your network. No OpenAI dependency, no per-query bill.
Governance enforced at runtime
Core is the runtime, not a catalog. The layer that documents ownership and policy is the same layer that serves the API call, so access rules cannot drift from enforcement.
Environments and domains
Tiers scale from 1 environment and 1 domain (Pilot) to 3+ environments and 3+ domains (Platform). Data products are environment-aware: dev, test, and prod stay separate.
Compliance
Compliance Matrix
The same platform primitives, ownership, RBAC, e-signatures, and the tamper-evident audit chain, map onto each framework.
| Framework | Industry | How Integrius Addresses It |
|---|---|---|
| 21 CFR Part 11 + ALCOA+ | Pharma & biotech | E-signatures with re-authentication and reason, tamper-evident hash-chained audit log, attributable records |
| GDPR | All (EU data subjects) | Atomic erasure endpoint deletes and anonymises in one transaction with a chained audit row; DPA template included |
| HIPAA | Healthcare | Self-hosted deployment keeps PHI inside your network; BAA template included |
| SOX 404 | Financial services | Tamper-evident audit chain provides verifiable evidence for internal controls over financial data flows |
| FISMA / NIST 800-53 | Government | Control families mapped: access enforcement, audit and accountability, identification and authentication |
| FedRAMP | Government | FedRAMP-aligned architecture for agency deployment paths |
| ITAR / EAR | Defense | Data residency by architecture: air-gap capable, zero outbound dependencies |
| SOC 2 / ISO 27001 | All | Platform controls mapped to support your certification audits |
| NERC CIP | Energy & utilities | Governed, audited access to operational data within your security perimeter |
| FERPA | Education | Student-record access controls with field-level permissions and full audit trail |
Performance
The Numbers
<50ms
p95 response for materialized data products: streaming pre-computed snapshots, refreshed on schedule or on events
280ms
p50 live-fetch across 10 sources simultaneously, demo scale baseline
1,028
passing tests across unit, end-to-end, and stress suites
N + M
integration complexity: each source connects once, each consumer reads governed products
Materialized products serve streaming pre-computed snapshots. Live products query sources directly. Both behind the same stable endpoint.
Commercials
Priced per Data Product, Not per Seat
No per-seat, per-connector, or per-API-call charges. You pay for governed data products in production.
Pilot
€5,000/mo
Up to 20 data products, 1 environment, 1 domain. Optic lite included.
Enterprise
€18,000/mo
Up to 50 data products, 2 environments. Search and Optic each €100k/yr add-ons.
Platform Lite
€22,000/mo
Up to 75 data products.
Platform
€320,000/yr
100+ data products, 3+ environments, 3+ domains. Search and Optic included.
Put it in front of your security team.
We will walk your engineers through the architecture, the audit chain, and a live deployment.