Architecture
How It Works
Local scanning. Cloud scoring. Zero data exfiltration — by design, not by promise.
The Complete Flow
Your Infrastructure — data stays here
Files
Databases
Cloud
Directory
ERP
Infra
APOLLO Agent (on-premise)
Scans locally. Detects PII. Extracts metadata only.
Read-only. No INSERT, UPDATE, DELETE. No file copy.
Raw data NEVER leaves this perimeter — files, rows, emails, IBANs stay here.
TLS 1.3 — encrypted in transit
↓
Counters & metadata only — no names, no emails, no file contents
↓
APOLLO Cloud Hub (EU)
Scoring Engine
129 risk scores across 4 modules
Breach Simulation
Financial exposure in € and $
Compliance Dashboard
GDPR, CCPA, NIS2, AI Act
PDF Reports
Executive, Risk, Compliance, Protection, Intelligence
What Stays vs What Transits
| Stays on your infrastructure | → Transits to the cloud |
|---|---|
| File contents | File count per type |
| Database rows | Table/column names + PII flags |
| Emails, names, IBANs | PII category counters (e.g. "156 IBAN detected") |
| Documents, spreadsheets | Metadata (size, date, permissions) |
| Passwords, tokens, credentials | Encryption status (yes/no) |
| AD users, LDAP entries | User counts, dormant accounts ratio, admin ratio |
Zero data persistence in the cloud.
No metadata is retained after report generation. Nothing is stored, sold, or shared.
Scan → Score → Act
①
Scan
Agent scans 11 source types locally. Files, DBs, Cloud, Directory, ERP, Infrastructure.
Completes in <48 hours for most environments.
②
Score
Cloud hub computes 129 risk scores across 4 modules in seconds.
All from anonymized counters — zero raw data involved.
③
Act
Dashboard shows € exposure, prioritized remediation plan (P1/P2/P3),
breach simulation, and compliance gaps with deadlines.
Architecture Detail
Agent (on-premise, pure collector) → Apollo Cloud Hub → Risk scores · Compliance dashboard Client (Linux/Windows) Cloud (Railway/EU) ┌──────────────────────────┐ ┌──────────────────────────┐ │ AGENT v1.7.R │ POST /api/v1/ │ CLOUD V3 │ │ Autonomous, scan only │ hub/ingest │ 100% scoring server │ │ scores=None │ ─────────────────>│ Dashboard (display) │ │ X-API-KEY per client │ JSON metadata │ PostgreSQL │ │ Rust I/O native module │ │ │ └──────────────────────────┘ └──────────────────────────┘
Agent — What It Is
- Pure collector — scans only, never computes scores locally
- Autonomous binary — packaged with PyInstaller, no dependencies required on client machine
- Unique X-API-KEY per client — isolates each customer's data
- Rust native I/O module — up to 1.16M rows/sec scan rate
- Read-only — no write operations on any data source
Cloud Hub — What It Does
- Receives anonymized metadata via
POST /api/v1/hub/ingest - Computes 129 scores across 4 modules (Risk, Compliance, Protection, Intelligence)
- Generates prioritized action plan with financial impact (€/$)
- Serves dashboard — display only, no raw data stored