Architecture & Security

On your hardware.
Under your control.

Ayudh runs entirely on your infrastructure. Three local AI models, five processing roles, zero external API calls. Every decision logged. Every change traceable.

The Enterprise AI Stack

Six layers. Most companies
skip four.

The standard approach to enterprise AI starts with a model and wraps an interface around it. That gives you layers 1 and 6. The four layers in between — knowledge, retrieval, reasoning, and verification — are where production AI systems succeed or fail.

Ayudh covers all six layers. Infrastructure at the base. Knowledge indexing with embeddings and document graphs. Semantic retrieval via Graph RAG. Multi-model reasoning with role-specific AI. Verification through audit trails, source attribution, and confidence scoring. Application delivery through a browser-based interface with live progress and email output.

Built from the bottom up — because that is the only order that works.

06
Application
Delivered where work happens — browser, email, workflows. No new tools. No disruption.
05
Verification
Every output is validated and traceable. Audit trails, source attribution, and confidence scoring built in.
04
Reasoning
Role-specific AI models. Swappable and controlled. The model is a component — not the system.
03
Retrieval
Finds the exact relevant information — not keyword search. The right data, for the right decision.
02
Knowledge
Documents converted into structured knowledge — not scattered files. Organised, indexed, and ready for use.
01
Infrastructure
Runs on your infrastructure. Your data, your governance, your access control.
Most companies have layers 1 and 6. Ayudh is all six.
How it runs

Three models. Five roles.
Zero external calls.

Ayudh uses three local AI models — Parser, Oracle, and Drafter — serving five distinct processing roles. No inference leaves your machine. Every document is processed in its own isolated directory with a complete, append-only audit log.

The system runs a Next.js front-end with a FastAPI back-end. PostgreSQL for persistent storage. Redis and Celery for job queuing. FalkorDB for graph-based RAG. Each processing run is isolated — its own working directory, its own audit log.

The Ayudh team installs the system on your infrastructure. Your IT controls network access. Your compliance team reviews the audit trail. Your lawyers review every output.

System architecture — on-premise
Term Sheet
Negotiated terms
Boilerplate
Contract template
Rules Engine
Human-reviewed rules boundary
Ayudh Pipeline
Extract Embed Match Plan Edit
Clean Contract
→ Client
Track Changes
→ Lawyer
Audit Log
→ Compliance
RBAC SSO MFA Audit Trail Analytics Graph RAG Document Chat Email Delivery OAuth No External API
Why on-premise matters

Not a preference.
A requirement.

Attorney-Client Privilege
When legal documents are processed by third-party APIs, privilege may be waived. On-premise processing keeps every document within the privilege boundary. No data leaves your control.
Regulatory Compliance
RBI, SEBI, and enterprise no-cloud policies require that sensitive data never leaves organisational infrastructure. Ayudh is architecturally compliant — not policy-compliant.
Data Residency
Your data stays on your hardware, in your jurisdiction. No cross-border transfers. No third-party storage. No ambiguity about where your documents are processed or stored.
Security

Architecturally enforced.
Not policy-dependent.

Ayudh does not rely on policies or promises to keep your data safe. Security is built into the architecture. There is no external data flow to block — because there is no external data flow.

01
MFA with TOTP
Multi-factor authentication using TOTP authenticator apps. No SMS fallback. No weak factors.
02
JWT + HTTP-only Cookies
Secure token handling with HTTP-only cookies. No client-side token storage. No XSS exposure.
03
bcrypt Password Storage
Industry-standard password hashing. Salted. Computationally expensive. No plaintext. No reversible encryption.
04
Granular RBAC
Per-user, per-document-type role-based access control. Permissions enforced at every API endpoint.
05
Append-only Audit Log
Every action recorded. Immutable. Complete chain of custody for every document and every decision.
06
Masked API Responses
Sensitive settings masked in all API responses. No accidental credential exposure. Defence in depth.
See the architecture in action.
Request a technical walkthrough.
Request Demo
Garima Gairola, Founder  ·  [email protected]