NucleoBank is not a SaaS that holds your data. It deploys into your own Azure, AWS, or Google Cloud subscription and runs there.
Architecture
Shown on Azure below — the same sovereign data plane runs on AWS or GCP. See the per-cloud service map underneath.
Any cloud
NucleoBank's architecture is cloud-agnostic by design. The same sovereign data plane — pipelines, private AI model, anomaly detection — runs on Azure, AWS, or Google Cloud.
Microsoft Azure
Native services
★ Quantum Sentinel — native
Quantum Sentinel runs via Azure Quantum (IonQ, Quantinuum, Rigetti hardware).
Amazon Web Services
Native services
★ Quantum Sentinel — native
Quantum Sentinel runs via Amazon Braket (IonQ, Rigetti, IQM, QuEra hardware).
Google Cloud
Native services
Quantum Sentinel — via cross-cloud
Quantum Sentinel is not yet natively available on Google Cloud. Premium GCP customers get cross-cloud quantum access via Azure or AWS, with only abstract circuits crossing cloud boundaries — never customer data.
+ Oracle Cloud and others — coming soon.
Stack
In your Azure tenant
Azure Data Factory
ETL orchestration
Azure Data Lake Gen2
Raw + curated storage
Azure AI Search
Vector + hybrid retrieval
Llama 3.3 / Phi-4
Open model, Managed Compute
Azure Key Vault
All credentials
Nixtla TimeGEN-1
Time-series anomaly detection
NucleoBank control plane
Prisma + Postgres
Control plane metadata
Next.js 14 App Router
Dashboard + query UI
Auth.js v5 + Entra ID
Multi-tenant authentication
Bicep IaC
One-command deployment into customer tenant
Qiskit → Azure Quantum
Quantum Sentinel (Premium, R&D engagement)
In-tenant AI
NucleoBank uses open-weight models (Llama 3.3 70B, Phi-4) deployed on Azure Managed Compute inside your subscription. Prompts and outputs never leave your VNet. No per-token cost to external providers. Full version control.
# Your tenant. Your model. model: Llama-3.3-70B-Instruct compute: Azure Managed Compute (Standard_NC24ads_A100_v4) location: your-subscription/your-vnet data_egress: none
Pipeline
Connect
Linked services via admin-consent + scoped service principal. Credentials written to your Key Vault. Never stored by NucleoBank.
Ingest
ADF Copy + Data Flow activities. Schema auto-mapped. Raw data to ADLS Gen2 /raw partition. Versioned.
Transform
DataFlow normalizes, deduplicates, and types. Outputs to /curated partition. Lineage tracked in ADF.
Index
Embedding via text-embedding-ada-002 or open equivalent. Written to Azure AI Search. Hybrid (vector + BM25) retrieval.
Deployment
Sign in with Microsoft
Your Entra account. No new credential to create.
Grant admin consent
One click, scoped to one resource group. Nothing else.
NucleoBank deploys via Bicep
ADF, Data Lake, AI Search, Key Vault, private model endpoint — all into your subscription.
$ az deployment group create \ --resource-group rg-nucleobank-dataplane \ --template-file nucleobank.bicep \ --parameters @params.json