Platform architecture

Built once. Inherited everywhere.

Clario360 is platform-first: a configurable core of shared engines, behind one gateway, with one identity and one audit trail. Applications consume these services — they never re-implement them. That is the whole economic argument, expressed in architecture.

Request a technical deep-dive Deployment & sovereignty

System context

Clario360 in its world

One platform serves every enterprise role and connects to the systems a Kingdom institution actually runs.

Enterprise users, IT & data teams, risk/legal/PMO, executives and board

Customer identity — Active Directory / Entra, single sign-on

Government platforms — Najiz, ZATCA and sector regulators

Regulators — NCA, SAMA, PDPL alignment built in

One login · one audit · Arabic-first

API GATEWAY · GO

DataStream

4 apps

Business+

5 apps

ClarioSec

4 apps

ClarioInsight

2 apps

AI Services · copilots & detection

Data · events · sovereign infrastructure

The platform core

Twelve engines every application consumes

Configured by administrators, not redeployed by engineers. Build a workflow, a form, an integration or an automation once — every suite can use it. Select any engine for detail.

Workflow Engine

Configurable approvals, stage gates and state machines

Forms Engine

Admin-built forms and data capture, no redeploy

Automation Engine

Runbooks, drills and event-triggered actions

Integration Engine

Source and target adapters, gov-platform connectors

IAM

One login, RBAC and tenant isolation across the platform

File Service

Sovereign document storage, legal hold and evidence

Notifications

Email, SMS and in-app alerting, centrally governed

Licensing

Per-tenant entitlement and packaging control

AI Services

Copilots, contract review and detection, RAG-ready

API Gateway

AuthN/Z, rate limits, routing and versioning · Go

Event Bus

Ordered, per-tenant, replayable domain events

Observability

RPO/RTO/latency SLOs and platform-wide audit

Master view

The target architecture, top to bottom

ExperienceWeb · React (RTL/LTR) · Mobile · Partner & Public APIs · Admin Studio

GatewayAPI Gateway · authN/Z · rate limits · routing · versioning · Go

SuitesDataStream (Go) · Business+ (NestJS) · ClarioSec · ClarioInsight

Platform CoreWorkflow · Forms · Automation · Integration · IAM · Files · Notify · Licensing · AI

Event BusOrdered · partitioned per tenant · schema registry · replayable

FoundationData · sovereign object storage · observability · audit

The signature · Cross-suite flows

The bus is the boundary

Every application publishes facts as domain events. No service calls another service's database; no synchronous cross-suite chains exist. This single rule is why suites can ship, scale and fail independently.

EHKAM

risk.events

MahamaTech

delivery.events

Watheeq

legal.events

DataStream

data.cdc

Platform Core

automation.triggers

Event BusOrdered · partitioned per tenant · schema registry · replayable

risk.eventsdelivery.eventslegal.eventsdata.cdcaudit.*

BOSALAH

exec views

ClarioDWH

analytics

Automation

runbooks

Notifications

alerts

Audit Service

attest

Events carry facts, not commands. The bus absorbs what coupling would otherwise break.

Tenancy & isolation

Multi-tenant, with hard boundaries

Every tenant is isolated at the data and event layer. The bus is partitioned per tenant; no application reads across tenant boundaries, and no service reaches into another service's database.

Per-tenant event partitions with a shared schema registry

Branding, frameworks and entitlements configured per tenant

Identity federated to each customer's own IdP

Audit trail scoped, immutable and exportable per tenant

1Login across the whole platform

1Audit trail, immutable

NTenants, fully isolated

0Cross-database calls, by rule

Walk the architecture with our team

From C4 context down to the replication core and the event bus — a working session mapped to your environment.

Request a demo Explore the architecture