One schema. Compiled into the database, the API, the UI, the governance.
Kwerio is built around a single declarative schema. The schema describes the data, the permissions, the audit trail, the approval gates, the user interface. The platform compiles all of it from that one source. What you see in the UI, what an API call can return, what an AI agent is allowed to do, what the audit trail captures. All properties of the same compiled artefact.
"The schema is the contract. The compiler enforces it."
BIPA, Backend Integration Protocol API, is the foundation Kwerio sits on.
Most application platforms separate the database, the API, the UI, and the governance layer. Each is built and maintained independently. Permissions are enforced by application code. Audit trails are written by handlers. Validation is repeated across layers. When an AI agent acts on the system, the rules it follows depend on which layer the action passes through.
BIPA collapses the layers. A single schema describes the data structure, the permission policies, the audit hooks, the validation rules. The platform compiles that schema into the database, the API surface, the UI, and the governance enforcement, together.
Two consequences follow. First, the rules are uniform. A human user, an external API caller, and an AI agent all operate inside the same compiled governance, because there is only one. Second, the rules are verifiable. An auditor reading the schema can determine deterministically who can do what, to which records, with what evidence, without trusting the application code.
That is the structural difference between Kwerio and platforms that govern with policy. Policy is what you say will happen. Structure is what can happen.
Read the BIPA whitepaper →What gets built on it.
Kwerio is the substrate. What gets built on it is shaped by the operation it serves. Most engagements draw from a similar set of patterns.
Operational record-keeping
Customer data, contracts, accounts, contacts. Built around the client's actual customer model, not bent to fit a vendor's. Audit, RBAC, and segregation of duties inherited from the schema.
Document and content management
Structured document repositories, contract management, file-handling workflows. Permissions and audit trail at the document level.
Invoicing, billing, and approval flows
Invoice generation, approval gates, integration with accounting systems. The approval logic is part of the schema, not an application feature.
HR and people operations
Employee records, onboarding and offboarding flows, document signing, training records. The kind of operation where governance and audit matter from day one.
Inventory, resource, and scheduling
Stock, equipment, allocation, scheduling. Anywhere the operation depends on tracking what is where, owned by whom, doing what.
Approval and governance workflows
Review, sign, accept, refuse. First-class governance primitives at the data layer. Configurable per action: type-to-confirm, token-to-confirm, authenticator-to-sign. The justification for every decision is bound to the action and queryable.
AI-augmented operations
AI agents acting inside the same RBAC as humans. Retrieval-augmented generation over operational data, with audit trail. Multi-agent orchestration with human-in-the-loop where decisions matter. External orchestration via n8n, Make.com, or MCP.
External system orchestration
SAP, Salesforce, KYC platforms, customs systems, accounting software, custom legacy protocols. Coordinated through Kwerio's governance shell.
Audit trail and compliance evidence
Hash-chained, signed records of every state change. Queryable. Exportable. Verifiable by your audit team without access to the running system.
Reporting and BI
Operational dashboards, cross-module analytics, time-series reporting. Integration with Tableau and Power BI for advanced analytics needs.
These are not shrinkwrapped products. They are patterns Kwerio is built into, per engagement, on a substrate where the governance plumbing is already there.
Kwerio runs where it needs to run.
Application hosting
Imageplus-operated AWS EU. Your own AWS, GCP, or Azure account. Your own sovereign cloud. OVH, Scaleway, or another EU provider. Your own data centre. A hardware appliance in your DMZ for engagements where physical separation is the requirement.
Database hosting
Independent of where the application runs. The application can be in your AWS account while the database stays on-premises, or any other combination. No assumption that the data and the app live together.
Tenancy
Single-tenant, single-project. Single-tenant, multi-project. Shared multi-tenant. Hierarchical multi-tenant for partner-operated deployments. Chinese-walled single-tenant for engagements requiring complete isolation.
All of the above is configuration, not code forks. A client who starts with shared hosting and moves to a dedicated appliance two years later is changing one set of settings, not migrating to a different platform.
Twenty years of running regulated production has shaped what Kwerio commits to.
SLA-backed delivery
Defined uptime targets per engagement.
Disaster recovery, designed and tested annually
With RTO and RPO scoped to the operation's actual tolerance.
Encrypted backups
Taken daily, retained for thirty days by default, longer where the engagement requires it. Recovery tested yearly with documented evidence.
24/7 operational monitoring
Through a centralised observability stack.
Incident response
Defined detection, triage, and notification procedures. Post-incident reports within ten business days.
Backup, restore, and migration tooling
Audited as part of every deployment.
Seven public policies. Backup, residency, access control, encryption, multi-tenant isolation, audit trail, incident response. Documented in detail and available to any procurement team that asks.
Read the public policies →GDPR by design. NIS2-aligned. Architected for the EU AI Act.
Kwerio is GDPR-compliant by design, NIS2-aligned, and architected to support EU AI Act compliance. Right-to-be-forgotten, consent management, and data residency controls are properties of the platform, not features added per engagement.
Kwerio holds no third-party security certifications today. Our architecture and our public policies are openly documented. Client compliance teams have audited the platform across twenty years of regulated production. For procurement teams that need formal certification as a hard filter, that is a real consideration. For procurement teams that prefer architectural transparency to badges, the documentation is here to read.
For procurement and security →What Kwerio replaces. What it does not.
Kwerio replaces
- The spreadsheets coordinating work across systems
- The process documents nobody updates
- The point-in-time audit evidence that does not survive a serious audit
- The brittle integrations between tools held together by people
Kwerio does not replace
- Your accounting software, where you already have one that works
- Your communications stack
- Your identity provider. Kwerio integrates with Google, Microsoft, and other OIDC providers
- Your existing systems of record where they fit your operation. Kwerio sits above or alongside them