# How it's built

### System Overview <a href="#system-overview" id="system-overview"></a>

Eli is built as a modern, cloud-native SaaS platform designed for global enterprise deployment. Our architecture prioritizes security, scalability, and compliance while maintaining high availability across multiple geographic regions.

### System Architecture Diagram <a href="#system-architecture-diagram" id="system-architecture-diagram"></a>

<figure><img src="/files/l9vWbuohIQcqIMYNG9Oa" alt=""><figcaption></figcaption></figure>

> **Note**: This diagram provides a simplified view of Eli's core architecture and its purpose is not to display all of its sub-processors. For a complete list of sub-processors and third-party services we work with, please refer to our [Who We Work With](/confidentialite-et-securite-en/service-overview/who-we-work-with.md) page.

### Application Architecture <a href="#application-architecture" id="application-architecture"></a>

#### Application layer <a href="#application-layer" id="application-layer"></a>

**Admin app (Front only) - `app.eliapp.io`**

* **Purpose**: Campaign management interface for organizational administrators, HR teams, and communication managers
* **Technology**: Next.js 15.2, React 19, TypeScript, Tailwind CSS
* **Platform**: Any browser, ES2022
* **Key Features**: Campaign creation, analytics dashboard, user management, content authoring
* **Authentication**: Multi-method support through Eli Authentication Service
* **API Integration**: Consumes Admin API

**Employee app (Front only) - `my.eliapp.io`**

* **Purpose**: Employee engagement platform for campaign participation, content consumption and employee interaction
* **Technology**: Next.js 15.2, React 19, TypeScript, Tailwind CSS
* **Platform**: Any browser, ES2022
* **Key Features**: Campaign participation, progress tracking, interactive challenges, online communities
* **Authentication**: Multi-method support through Eli Authentication Service
* **API Integration**: Consumes User API

**Mobile app - `m.eliapp.io`**

* **Purpose**: Employee engagement platform for campaign participation and content consumption and employee interaction
* **Technology**: Flutter framework for cross-platform deployment
* **Platforms**: Native iOS and Android applications
* **Key Features**: Campaign participation, progress tracking, enhanced interactive challenges, online communities, offline capabilities, push notifications, deep linking
* **Authentication**: Multi-method support through Eli Authentication Service
* **API Integration**: Consumes User API

**Auth app (Full-stack) - `auth.eliapp.io`**

* **Purpose**: Centralized authentication and session management for other Eli apps
* **Technology**: Next.js 15.2, React 19, Firebase Auth integration
* **Features**: SSO support, session management, security token generation
* **Integration**: Validates all requests across the platform ecosystem
* **Authentication methods**:
  * Sign in With Google
  * Sign in With Apple
  * Email / password
  * OTP via email

**API app (Back only) - `api.eliapp.io`**

* **Framework**: Express.js with Node.js runtime
* **API Design**: tRPC (Type-safe Remote Procedure Calls) for end-to-end type safety
* **Architecture**: Microservices pattern with three dedicated API endpoints:
  * **User API** (`/trpc/user`): Employee-facing features and mobile app support. Cookie-based auth.
  * **Admin API** (`/trpc/admin`): Administrative functions and campaign management. Cookie-based auth.
  * **Service API** (`/trpc/service`): External integrations, webhooks, and system callbacks. 164-chars Bearer tokens auth.

### Data layer

**Our database: MongoDB Atlas**

* **Configuration**: 3-replica set for high availability and data redundancy
* **Location**: Google Cloud Platform, Belgium region (europe-west1)
* **Features**: Automatic failover, point-in-time recovery, encryption at rest
* **ORM**: Prisma for type-safe database access and schema management. Prisma schemas (and API schemas) are shared to all apps through internal packages for bullet-proof consistency and safety.

**Our file storage: Firebase storage**

* **Location**: Belgium (europe-west1)
* **Use Cases**: User profile pictures, images shared in posts,...

### Infrastructure & Hosting

**Our primary hosting platform: Vercel**

* **Location**: Paris, France (AWS eu-west-3 region)
* **Features**:
  * Global CDN with edge computing capabilities
  * Automatic scaling based on traffic demand
  * Built-in DDoS protection and security filtering
  * Zero-downtime deployments

**Our queue management system: Upstash Qstash**

* **Use Cases**: Email sending, Push Notifications, background processing, scheduled tasks
* **Features**: Automatic retries, dead letter queues, monitoring and observability

**Our email delivery system: Resend**

* **Location**: Ireland (AWS eu-west-1 region)
* **Use Cases**: Transactional emails, campaign notifications, OTP delivery, system alerts
* **Features**: High deliverability rates, webhook support, email analytics, API-first design

### Scalability & Performance

**Auto-scaling capabilities**

* **Application layer**: Automatic horizontal scaling on Vercel based on traffic demand
* **Database**: MongoDB Atlas auto-scaling with performance optimization
* **Queue system**: Distributed processing with automatic retry mechanisms
* **CDN**: Global edge locations for optimal content delivery all around the globe

### Data Residency & EU compliance at a glance

* **Web Services**: Hosted in Paris, France (AWS eu-west-3 CDG1)
* **Database**: Hosted in Belgium (GCP europe-west1)
* **Compliance**: GDPR-compliant by design with EU data residency
* **Security**: All communications over HTTPS/TLS 1.3 encryption

## Development & Deployment

**Version control**

We use Gitlab for all our projects.

**Continuous Integration & Deployment**

**Web apps (all of them)**

* Vercel CI pipeline for build automation and deployment
* Zero-warning linting policy at high standards
* Staging environments and rollback capabilities

**Android app**

* Gitlab CI pipeline for build automation and Play Store deployment
* Zero-warning linting policy
* Staging environments and rollback capabilities

**iOS app**

* Gitlab CI pipeline for build automation and App Store deployment
* Zero-warning linting policy
* Staging environments and rollback capabilities

## Technology Stack Summary

**Frontend & mobile**: Next.js 15.2, React 19, TypeScript, Tailwind CSS, Flutter\
**Backend**: Node.js, Express.js, tRPC, Prisma ORM\
**Database**: MongoDB Atlas (3-replica set)\
**Authentication**: Firebase Auth\
**Storage**: Firebase Storage\
**Queue**: Upstash QStash\
**Email**: Resend\
**Hosting**: Vercel (Paris), GCP (Belgium)\
**CI/CD**: Vercel, GitLab CI, XCode Cloud

***

**For technical architecture questions, contact:** [security@eli.app](mailto:security@eliapp.io)

**Last Updated:** October 2025


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.eliapp.io/confidentialite-et-securite-en/service-overview/how-its-built.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.