Core Technologies

Earna AI’s financial platform is built on a carefully selected stack of best-in-class technologies, each chosen for specific capabilities that enable enterprise-grade financial services at scale.

Technology Selection Criteria

Every technology in our stack was evaluated against these criteria:

Financial-grade reliability (99.99%+ uptime)
Regulatory compliance capabilities
Horizontal scalability for millions of users
Developer experience and documentation
Open-source availability when possible

Core Technology Stack

Technology Stack

TigerBeetle - Immutable financial ledger with double-entry accounting
Plaid - Banking data aggregation across 12,000+ institutions
Supabase - Full-stack backend infrastructure and authentication
Hyperswitch - Multi-processor payment orchestration platform

Detailed Specifications

TigerBeetle

TigerBeetle (Deployed)

Overview

TigerBeetle is our production financial ledger deployed on GKE, providing mission-critical safety and performance. It serves as the immutable double-entry accounting system with ACID guarantees for all financial transactions on the Earna AI platform.

Why TigerBeetle

Financial-Grade Reliability

Double-entry accounting enforced at database level
ACID guarantees for all transactions
Immutable audit trail for compliance
Zero financial data loss architecture

Extreme Performance

1+ million TPS throughput
< 1ms latency for transactions
Optimized for NVMe storage
10MB binary with minimal resource usage

Built for Finance

Native debits and credits support
Automatic balance calculations
Multi-currency handling
Designed for regulated environments

Architecture Integration


┌─────────────┐     ┌──────────────┐     ┌──────────────┐
│   Console   │────▶│Credit Engine │────▶│ TigerBeetle  │
│  (Frontend) │     │   (Backend)  │     │   (Ledger)   │
└─────────────┘     └──────────────┘     └──────────────┘
                            │                     │
                            ▼                     │
                    ┌──────────────┐             │
                    │   Supabase   │◀────────────┘
                    │  (Metadata)  │   (Analytics)
                    └──────────────┘

Implementation Details

Account Structure


interface TigerBeetleAccount {
  id: bigint              // 128-bit unique identifier
  ledger: number          // Ledger ID for multi-ledger support
  code: number            // Account type code
  flags: AccountFlags     // Account behavior flags
  debits_pending: bigint  // Pending debit amount
  debits_posted: bigint   // Posted debit amount
  credits_pending: bigint // Pending credit amount
  credits_posted: bigint  // Posted credit amount
}

Transfer Operations


interface Transfer {
  id: bigint              // Unique transfer ID
  debit_account_id: bigint
  credit_account_id: bigint
  amount: bigint          // Amount in smallest currency unit
  pending_id: bigint      // For two-phase commits
  timeout: number         // Timeout for pending transfers
  ledger: number
  code: number            // Transfer type code
  flags: TransferFlags
  timestamp: bigint       // Nanosecond precision
}

Use Cases in Earna

User Wallets: Track user balances and transactions
Credit Tracking: Monitor credit utilization and payments
Investment Ledger: Record investment transactions
Business Accounts: Multi-account business banking
Tax Tracking: Immutable tax-related transactions
Audit Trail: Complete financial history

Production Deployment (September 2025)


GKE Cluster Configuration:
  - Platform: Google Kubernetes Engine (GKE) Standard
  - Region: us-central1
  - Nodes: 3 × c3-standard-4-lssd (dedicated pool)
  - Storage: 375GB local NVMe SSD per node
  - Memory: 15GB RAM per node
  - CPU: 4 vCPUs per node
  - Network: External LoadBalancer (104.154.31.249:3003)
 
Monitoring Stack:
  - Metrics: Prometheus + StatsD Exporter
  - Dashboards: Grafana (http://34.172.102.114)
  - Alerts: Configured for replica health, latency, storage
 
Performance Achieved:
  - Throughput: 10,000+ TPS verified
  - Latency: Sub-millisecond p99
  - Availability: 99.99% uptime target
  - Recovery: Automated with StatefulSet

Plaid

Overview

Plaid provides secure, reliable connectivity to 12,000+ financial institutions across the US, Canada, and Europe. It enables Earna AI to aggregate account data, verify identities, and initiate payments.

Core Capabilities

Account Aggregation

Real-time balances across all accounts
Transaction history with enriched data
Account verification and ownership
Liability data for loans and credit cards

Transaction Enrichment

Merchant identification and logos
Category classification (500+ categories)
Location data and recurring detection
Clean transaction names

Identity Verification

Account ownership verification
KYC/AML compliance support
Document verification
Phone and email verification

Payment Initiation

ACH transfers (same-day and standard)
Wire transfers for large amounts
Account funding verification
Payment status tracking

Integration Architecture


// Plaid Service Architecture
class PlaidService {
  // Link Token for Plaid Link
  async createLinkToken(userId: string): Promise<LinkToken> {
    return await plaidClient.linkTokenCreate({
      user: { client_user_id: userId },
      products: ['transactions', 'accounts', 'investments'],
      country_codes: ['US', 'CA'],
      language: 'en'
    })
  }
 
  // Exchange public token for access token
  async exchangeToken(publicToken: string): Promise<string> {
    const response = await plaidClient.itemPublicTokenExchange({
      public_token: publicToken
    })
    return response.data.access_token
  }
 
  // Sync transactions incrementally
  async syncTransactions(accessToken: string): Promise<Transaction[]> {
    const response = await plaidClient.transactionsSync({
      access_token: accessToken
    })
    return this.processTransactions(response.data)
  }
}

Data Flow

User Authorization
- User initiates Plaid Link
- Selects financial institution
- Provides credentials
- Grants permission
Initial Sync
- Fetch all accounts
- Pull 2 years of transactions
- Get current balances
- Store in TigerBeetle
Ongoing Updates
- Webhook notifications
- Incremental transaction sync
- Balance updates
- Error handling

Security & Compliance

Bank-level encryption (AES-256)
SOC 2 Type II certified
PCI DSS compliant
OAuth 2.0 authentication
Tokenized credentials (no password storage)

Rate Limits & Best Practices


Rate Limits:
  - Transactions: 1 request/second per item
  - Accounts: 5 requests/second per item
  - Auth: 1 request/second per item
  - Identity: 1 request/second per item
 
Best Practices:
  - Use webhooks for real-time updates
  - Implement exponential backoff
  - Cache account data appropriately
  - Handle ITEM_LOGIN_REQUIRED errors
  - Implement update scheduling

Supabase

Overview

Supabase provides a complete backend platform combining PostgreSQL database, authentication, real-time subscriptions, and edge functions. It serves as the metadata layer complementing TigerBeetle’s ledger.

Core Components

PostgreSQL Database

Row-level security for multi-tenancy
JSON support for flexible schemas
Full-text search capabilities
PostGIS for location data

Authentication System

Email/password authentication
OAuth providers (Google, Apple, GitHub)
Multi-factor authentication
Session management
Role-based access control

Real-time Subscriptions

Database changes via websockets
Presence for online status
Broadcast for peer-to-peer
Low latency updates

Edge Functions

Serverless compute at the edge
TypeScript support
Automatic scaling
Global deployment

Database Schema


-- Users table (managed by Supabase Auth)
CREATE TABLE profiles (
  id UUID REFERENCES auth.users PRIMARY KEY,
  email TEXT UNIQUE NOT NULL,
  full_name TEXT,
  avatar_url TEXT,
  created_at TIMESTAMPTZ DEFAULT NOW(),
  updated_at TIMESTAMPTZ DEFAULT NOW()
);
 
-- Financial institutions
CREATE TABLE institutions (
  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
  plaid_institution_id TEXT UNIQUE,
  name TEXT NOT NULL,
  logo_url TEXT,
  primary_color TEXT,
  url TEXT
);
 
-- User accounts
CREATE TABLE accounts (
  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
  user_id UUID REFERENCES profiles(id),
  institution_id UUID REFERENCES institutions(id),
  plaid_account_id TEXT UNIQUE,
  tigerbeetle_account_id BIGINT UNIQUE,
  account_name TEXT,
  account_type TEXT,
  account_subtype TEXT,
  created_at TIMESTAMPTZ DEFAULT NOW()
);
 
-- Enable Row Level Security
ALTER TABLE accounts ENABLE ROW LEVEL SECURITY;
 
-- RLS Policies
CREATE POLICY "Users can view own accounts" ON accounts
  FOR SELECT USING (auth.uid() = user_id);
 
CREATE POLICY "Users can insert own accounts" ON accounts
  FOR INSERT WITH CHECK (auth.uid() = user_id);

Real-time Features


// Real-time balance updates
const balanceSubscription = supabase
  .channel('balance-changes')
  .on('postgres_changes',
    {
      event: 'UPDATE',
      schema: 'public',
      table: 'accounts',
      filter: `user_id=eq.${userId}`
    },
    (payload) => {
      updateUIBalance(payload.new)
    }
  )
  .subscribe()
 
// Presence for collaboration
const roomOne = supabase.channel('room_one')
roomOne
  .on('presence', { event: 'sync' }, () => {
    const state = roomOne.presenceState()
    console.log('Online users:', state)
  })
  .subscribe()

Storage


// File upload for documents
const { data, error } = await supabase
  .storage
  .from('documents')
  .upload(`tax-docs/${year}/${filename}`, file, {
    cacheControl: '3600',
    upsert: false
  })
 
// Secure file access
const { data: signedUrl } = await supabase
  .storage
  .from('documents')
  .createSignedUrl(path, 3600)

Edge Functions


// Edge function for AI processing
import { serve } from 'https://deno.land/std@0.168.0/http/server.ts'
 
serve(async (req) => {
  const { transaction } = await req.json()
 
  // Call AI service
  const category = await categorizeTransaction(transaction)
 
  // Store in database
  const { data, error } = await supabase
    .from('transaction_categories')
    .insert({
      transaction_id: transaction.id,
      category,
      confidence: category.confidence
    })
 
  return new Response(JSON.stringify({ category }))
})

Performance & Scaling


Infrastructure:
  - Database: Dedicated instance with 8 vCPUs, 32GB RAM
  - Connection Pooling: PgBouncer with 100 connections
  - Read Replicas: 2 replicas for read scaling
  - CDN: Global edge network for assets
 
Limits:
  - API: 1000 requests/minute
  - Database: 100 concurrent connections
  - Storage: 100GB included
  - Bandwidth: 250GB/month

Hyperswitch

Overview

Hyperswitch is an open-source payment orchestrator that enables intelligent routing across multiple payment processors. It provides a unified API for payments while optimizing for cost, success rate, and performance.

Key Features

Multi-Processor Support

40+ processors integrated
Stripe, Adyen, PayPal and more
Regional processors for global reach
Cryptocurrency processors

Intelligent Routing

Cost optimization routing
Success rate optimization
Latency-based routing
Rule-based routing
ML-powered decisions

Payment Methods

Cards: Credit, debit, prepaid
Bank transfers: ACH, SEPA, Wire
Wallets: Apple Pay, Google Pay
BNPL: Klarna, Affirm
Crypto: Bitcoin, Ethereum, USDC

Compliance & Security

PCI DSS Level 1 certified
Network tokenization
3D Secure 2.0
Fraud detection
KYC/AML integration

Architecture


// Hyperswitch Integration
class PaymentService {
  async createPayment(params: PaymentRequest): Promise<Payment> {
    const payment = await hyperswitch.payments.create({
      amount: params.amount,
      currency: params.currency,
      customer_id: params.customerId,
      routing: {
        type: 'priority',
        data: [
          {
            processor: 'stripe',
            priority: 1,
            conditions: { amount: { max: 10000 } }
          },
          {
            processor: 'adyen',
            priority: 2,
            conditions: { amount: { min: 10000 } }
          }
        ]
      },
      capture_method: 'automatic',
      authentication_type: 'three_ds',
      metadata: params.metadata
    })
 
    return this.recordInLedger(payment)
  }
 
  async recordInLedger(payment: Payment): Promise<Payment> {
    // Record in TigerBeetle
    await tigerbeetle.createTransfer({
      id: BigInt(payment.id),
      debit_account_id: payment.source_account,
      credit_account_id: payment.destination_account,
      amount: BigInt(payment.amount),
      code: TransferCode.PAYMENT,
      flags: TransferFlags.NONE
    })
 
    return payment
  }
}

Routing Configuration


Routing Rules:
  # Cost-optimized routing
  - name: minimize_cost
    conditions:
      - payment_method: card
      - amount: { min: 10, max: 1000 }
    actions:
      - route_to:
          processors: [stripe, square]
          algorithm: lowest_fee
 
  # High-value routing
  - name: high_value_payments
    conditions:
      - amount: { min: 10000 }
    actions:
      - route_to:
          processors: [adyen, checkout]
          algorithm: highest_success_rate
      - enable_3ds: required
      - fraud_check: enhanced
 
  # Regional routing
  - name: eu_payments
    conditions:
      - customer_country: [DE, FR, ES, IT]
      - currency: EUR
    actions:
      - route_to:
          processors: [adyen, mollie]
          algorithm: lowest_latency

Payment Flows

Standard Payment Flow

Payment Intent Creation
- Customer and amount details
- Routing configuration
- Risk assessment
Processor Selection
- Apply routing rules
- Check processor availability
- Calculate optimal route
Payment Processing
- Send to selected processor
- Handle 3DS if required
- Capture or authorize
Settlement & Recording
- Record in TigerBeetle
- Update payment status
- Send webhooks

Subscription Flow


// Recurring payment setup
const subscription = await hyperswitch.subscriptions.create({
  customer_id: customerId,
  plan: {
    amount: 9999, // $99.99
    currency: 'USD',
    interval: 'month',
    interval_count: 1
  },
  payment_method: paymentMethodId,
  metadata: {
    product: 'premium_plan',
    user_id: userId
  }
})
 
// Automatic retry logic
const retryConfig = {
  max_attempts: 3,
  retry_interval: 86400, // 1 day
  dunning_emails: true,
  final_action: 'cancel'
}

Analytics & Monitoring


Metrics Tracked:
  - Payment success rate by processor
  - Average processing time
  - Cost per transaction
  - Decline reasons
  - Fraud detection rate
  - 3DS challenge rate
  - Chargeback rate
 
Monitoring:
  - Real-time dashboard
  - Webhook notifications
  - Prometheus metrics
  - Custom alerts
  - Anomaly detection

Cost Optimization

Processor	Card Fee	ACH Fee	International	Chargeback
Stripe	2.9% + $0.30	$0.80	+1.5%	$15
Adyen	2.7% + $0.25	$0.60	+1.2%	$12
Square	2.6% + $0.30	$1.00	+1.0%	$15
PayPal	2.9% + $0.49	$1.00	+1.5%	$20

Hyperswitch automatically routes to minimize costs while maintaining success rates.

Technology Integration Matrix

Component	TigerBeetle	Plaid	Supabase	Hyperswitch
Account Management	Ledger entries	Account sync	User profiles	Payment methods
Transactions	Immutable record	Raw data	Enriched metadata	Payment processing
Real-time Updates	Balance changes	Webhooks	WebSockets	Status updates
Analytics	Financial reports	Spending patterns	User analytics	Payment analytics
Compliance	Audit trail	Bank compliance	Data privacy	PCI compliance

Infrastructure Requirements

Minimum Production Setup


TigerBeetle Cluster:
  - 3 nodes (1 primary, 2 replicas)
  - 8 vCPUs, 32GB RAM per node
  - 1TB NVMe SSD per node
  - 10Gbps network
 
Application Servers:
  - 4 instances (auto-scaling 4-20)
  - 4 vCPUs, 16GB RAM each
  - Docker/Kubernetes deployment
 
Database (Supabase):
  - Dedicated instance
  - 8 vCPUs, 32GB RAM
  - 500GB SSD storage
  - 2 read replicas
 
Redis Cluster:
  - 3 nodes for HA
  - 4 vCPUs, 16GB RAM each
  - Persistent storage
 
Monitoring:
  - Prometheus + Grafana
  - Sentry error tracking
  - Custom dashboards

Scaling Considerations

Scaling Triggers

TigerBeetle: Add nodes at 70% capacity
Supabase: Add read replicas at 1000 QPS
Redis: Scale at 80% memory usage
App servers: Auto-scale on CPU/memory

Security Architecture

Defense in Depth

Network Security
- VPC isolation
- Private subnets
- WAF protection
- DDoS mitigation
Application Security
- JWT authentication
- Rate limiting
- Input validation
- SQL injection prevention
Data Security
- Encryption at rest (AES-256)
- Encryption in transit (TLS 1.3)
- Key management (AWS KMS)
- PII tokenization
Compliance
- SOC 2 Type II
- PCI DSS Level 1
- GDPR compliance
- CCPA compliance

Disaster Recovery

Backup Strategy

TigerBeetle: Continuous replication + hourly snapshots
Supabase: Daily automated backups with PITR
Redis: AOF persistence + daily snapshots
Documents: S3 versioning with cross-region replication

Recovery Targets

RTO (Recovery Time Objective): < 1 hour
RPO (Recovery Point Objective): < 5 minutes
Availability SLA: 99.99% (52 minutes/year)

Implementation Phases - Development timeline
Architecture Overview - System architecture
Design Structure Matrix - Dependencies
Implementation Guide - Execution plan

Core Technologies

Technology Selection Criteria

Core Technology Stack

Technology Stack

Detailed Specifications

TigerBeetle

TigerBeetle (Deployed)

Overview

Why TigerBeetle

Financial-Grade Reliability

Extreme Performance

Built for Finance

Architecture Integration

Implementation Details

Account Structure

Transfer Operations

Use Cases in Earna

Production Deployment (September 2025)

Plaid

Plaid

Overview

Core Capabilities

Account Aggregation

Transaction Enrichment

Identity Verification

Payment Initiation

Integration Architecture

Data Flow

Security & Compliance

Rate Limits & Best Practices

Supabase

Supabase

Overview

Core Components

PostgreSQL Database

Authentication System

Real-time Subscriptions

Edge Functions

Database Schema

Real-time Features

Storage

Edge Functions

Performance & Scaling

Hyperswitch

Hyperswitch

Overview

Key Features

Multi-Processor Support

Intelligent Routing

Payment Methods

Compliance & Security

Architecture

Routing Configuration

Payment Flows

Standard Payment Flow

Subscription Flow

Analytics & Monitoring

Cost Optimization

Technology Integration Matrix

Infrastructure Requirements

Minimum Production Setup

Scaling Considerations

Security Architecture

Defense in Depth

Disaster Recovery

Backup Strategy

Recovery Targets

Related Documentation