Azure · AWS · GCPOpen model · no per-token lock-in

Built on Azure.
Runs in your tenant.
No exceptions.

NucleoBank is not a SaaS that holds your data. It deploys into your own Azure, AWS, or Google Cloud subscription and runs there.

Architecture

How it's built

Shown on Azure below — the same sovereign data plane runs on AWS or GCP. See the per-cloud service map underneath.

Any cloud

Deploy on the cloud you already use.

NucleoBank's architecture is cloud-agnostic by design. The same sovereign data plane — pipelines, private AI model, anomaly detection — runs on Azure, AWS, or Google Cloud.

AZU

Microsoft Azure

Native services

  • Azure Data FactoryPipelines / ETL
  • ADLS Gen2Data lake storage
  • Azure AI SearchVector + hybrid retrieval
  • Azure Managed ComputePrivate open model

★ Quantum Sentinel — native

Quantum Sentinel runs via Azure Quantum (IonQ, Quantinuum, Rigetti hardware).

AWS

Amazon Web Services

Native services

  • AWS GluePipelines / ETL
  • Amazon S3Data lake storage
  • Amazon OpenSearchVector + hybrid retrieval
  • Amazon BedrockPrivate open model

★ Quantum Sentinel — native

Quantum Sentinel runs via Amazon Braket (IonQ, Rigetti, IQM, QuEra hardware).

GCP

Google Cloud

Native services

  • Google DataflowPipelines / ETL
  • Cloud Storage / BigQueryData lake + analytics
  • Vertex AI Vector SearchVector + hybrid retrieval
  • Vertex AIPrivate open model

Quantum Sentinel — via cross-cloud

Quantum Sentinel is not yet natively available on Google Cloud. Premium GCP customers get cross-cloud quantum access via Azure or AWS, with only abstract circuits crossing cloud boundaries — never customer data.

+ Oracle Cloud and others — coming soon.

Stack

The stack

In your Azure tenant

Azure Data Factory

ETL orchestration

Azure Data Lake Gen2

Raw + curated storage

Azure AI Search

Vector + hybrid retrieval

Llama 3.3 / Phi-4

Open model, Managed Compute

Azure Key Vault

All credentials

Nixtla TimeGEN-1

Time-series anomaly detection

NucleoBank control plane

Prisma + Postgres

Control plane metadata

Next.js 14 App Router

Dashboard + query UI

Auth.js v5 + Entra ID

Multi-tenant authentication

Bicep IaC

One-command deployment into customer tenant

Qiskit → Azure Quantum

Quantum Sentinel (Premium, R&D engagement)

In-tenant AI

The AI model runs in your environment

NucleoBank uses open-weight models (Llama 3.3 70B, Phi-4) deployed on Azure Managed Compute inside your subscription. Prompts and outputs never leave your VNet. No per-token cost to external providers. Full version control.

nucleobank.config.yaml
# Your tenant. Your model.
model: Llama-3.3-70B-Instruct
compute: Azure Managed Compute (Standard_NC24ads_A100_v4)
location: your-subscription/your-vnet
data_egress: none

Pipeline

The pipeline

01

Connect

Linked services via admin-consent + scoped service principal. Credentials written to your Key Vault. Never stored by NucleoBank.

02

Ingest

ADF Copy + Data Flow activities. Schema auto-mapped. Raw data to ADLS Gen2 /raw partition. Versioned.

03

Transform

DataFlow normalizes, deduplicates, and types. Outputs to /curated partition. Lineage tracked in ADF.

04

Index

Embedding via text-embedding-ada-002 or open equivalent. Written to Azure AI Search. Hybrid (vector + BM25) retrieval.

Deployment

Deploy in 10 minutes

1

Sign in with Microsoft

Your Entra account. No new credential to create.

2

Grant admin consent

One click, scoped to one resource group. Nothing else.

3

NucleoBank deploys via Bicep

ADF, Data Lake, AI Search, Key Vault, private model endpoint — all into your subscription.

bash
$ az deployment group create \
  --resource-group rg-nucleobank-dataplane \
  --template-file nucleobank.bicep \
  --parameters @params.json