cifraHQ Enterprise
Architecture

One database per customer. No exceptions.

The only scalable isolation pattern for LATAM regulatory compliance. This is how cifraHQ Enterprise is designed from migration one.

Request a demo See compliance
The pattern

Three decisions that hold each other up

Isolation

Database per tenant

Not row-level, not schema-per-tenant. Each customer gets their own SQL Server database. Clean backup, restore and offboarding per customer.

Economics

Azure SQL elastic pools

Thousands of databases sharing DTU/vCore. Scales to 5,000+ tenants without linear per-instance cost.

Control plane

CiferaHQ_master

Master catalog in its own elastic pool with geo-replication. Tenants, licenses, health — separated from the data plane.

The diagram

Three layers, one truth

License Server Master catalog Tenant A Tenant B Tenant C Database per tenant
Physical isolation in SQL elastic pool

The service layer compiles once and deploys to every tenant. The data layer is physically partitioned: each customer is its own database. The control layer (CiferaHQ_master + license server) governs who gets in, into which tenant, with what permissions.

Why this way

What physical isolation buys you

  • Data residency. When a regulator asks where your information lives, the answer is a specific database — not a WHERE TenantId = ? predicate.
  • Per-customer backup. Point-in-time restore per tenant. If one customer does something catastrophic, no one else is dragged along.
  • Clean offboarding. When a customer ends their contract, their database is exported and deleted. No residue in shared tables.
  • CFDI / NF-e / SUNAT compliance. Mexico, Brazil and Peru demand demonstrable separation of tax data. Row-level won't cut it.
  • Async provisioning. Creating a tenant is a Hangfire saga (create DB → migrate schema → seed COA → blob → admin → email), not an INSERT.
  • Proven isolation. Cross-tenant fuzz tests are part of the CI pipeline — not an annual audit.
Stack

The pieces, named

  • .NET 10 + EF Core for the service plane. Blazor Server + Radzen for the operational frontend.
  • Azure SQL Database with elastic pools per region. CiferaHQ_master isolated in its own pool.
  • Hangfire for all background work: provisioning, daily FOREX, fiscal rollover, email delivery, blob reconciliation.
  • Azure Blob Storage for binary files (attachments, PDFs, logos). Never inside the database.
  • Stimulsoft for archival PDF. Radzen Blazor for interactive dashboards.

Let's talk isolation in detail

Technical demo on provisioning, per-tenant backup and isolation testing.

Schedule demo