Architecture

Technical Trust & System Architecture

How Prefiler ensures reliability, transparency, and security in every compliance analysis — built for due diligence review.

Hybrid Intelligence Architecture

Risk scores, compliance flags, and materiality indices are computed by a versioned, deterministic rule engine — not AI. The same input always produces the same output.

AI is used exclusively for narrative summary generation and the clarification workflow. The AI layer receives structured derived data, never raw financial documents.

The scoring engine and AI layer are architecturally separated. Removing the AI component would eliminate summaries but not change a single risk score.

The clarification loop asks forensic-grade questions covering statutory exposure, capital assets, and financial patterns — refining narrative context without altering deterministic scores.

Structural Extraction Engine

Document parsing uses coordinate-based extraction: identifying table structures, column positions, and numeric fields through geometric document analysis — not AI text interpretation.

The system targets ≥98% structural extraction accuracy for major Indian and international bank statement formats.

Extraction confidence is computed per-document through balance reconciliation, polarity validation, and cross-page continuity checks.

When confidence falls below threshold, the system flags for manual review rather than producing unreliable outputs. Low-confidence pages are retried with alternative rendering parameters.

Risk Scoring Discipline

Risk levels are derived from an explicit scoring matrix with weighted rule triggers and defined thresholds — never prompt-decided.

Compound-risk escalation applies when multiple flags co-occur (e.g., high cash + vendor concentration), using defined escalation rules rather than simple summation.

All weights are versioned. Scoring engine updates are tested against benchmark datasets before production deployment.

Flag feedback (accept / dispute / note) allows practitioners to record professional judgment alongside system findings, creating an auditable oversight record.

Secure & Ephemeral Data Handling

Uploaded financial documents are processed in memory and deleted immediately after parsing. No raw financial document reaches long-term storage.

All data encrypted in transit (TLS 1.2+) and at rest (AES-256 equivalent). Row-level security policies enforce data isolation at the PostgreSQL level.

PII (PAN, Aadhaar, account numbers) is masked in all internal logs. The AI layer is architecturally prevented from echoing personal identifiers.

Payment processing handled by Razorpay (PCI-DSS compliant). Card details never touch our servers.

Audit & Reproducibility

Every analysis records: triggered rules, activated heuristics, confidence metrics, engine version, prompt version, model used, and token consumption.

Structured audit logs track analysis creation, credit events, team changes, data exports, and authentication events with timestamps and user attribution.

Synthetic dataset stress testing covers thousands of cases with injected anomalies, ambiguities, and regulatory edge cases.

Classification accuracy is measured through human-reviewed benchmark samples. Disagreement rates and calibration gaps are tracked across engine versions.

Vendor Neutrality & Resilience

Architecture enforces vendor abstraction: LLM provider, hosting infrastructure, and payment gateway can all be switched without affecting the deterministic scoring engine.

Prompt templates are version-controlled. The system supports A/B model comparison and cross-model adversarial review.

Graceful handling of LLM rate limits, timeouts, and partial failures. No single external dependency can compromise analysis integrity.

Country-specific compliance rules are modular, configuration-driven, and independently testable — no code duplication per jurisdiction.

Questions About Our Architecture?

Review our governance documentation or schedule a technical walkthrough.