Architecture

This page provides a brief, high-level overview of how Hadinet Africa is built. For a deeper technical dive, see the Architecture section.

High-Level Data Flow

User (Browser)
    |
    v
Frontend (Next.js + Privy Wallet Auth)
    |
    v
Attestor Service (TEE)
    |
    |---> KYC Provider (Smile ID / Plaid)
    |         via zkFetch TLS tunnel
    |         generates 14 ZK proofs per request
    |
    |---> IPFS (Pinata) -- encrypted document storage
    |
    +---> Cartesi Rollup (RISC-V Linux VM)
              |
              +---> SQLite deterministic database
                        |
                        +---> Arbitrum L2 (settlement layer)

Key Components

Component	Role
Frontend	Next.js PWA handling wallet auth, KYC flow, dashboard, and document vault
Attestor Service	Runs in a TEE; orchestrates KYC, creates ZK proofs, encrypts documents
KYC Providers	Smile ID and Plaid perform the actual identity verification
Cartesi Rollup	Full Linux VM on-chain; stores verification records and vault metadata in SQLite
IPFS (Pinata)	Decentralized storage for encrypted document files
Arbitrum L2	Settlement layer providing finality, fraud proofs, and input ordering

Design Principles

• Privacy by design — Personal data is never stored. Only non-PII metadata and ZK proofs are recorded on-chain.
• User sovereignty — Your wallet is your identity. No registration, no passwords, no centralized accounts.
• Verifiable computation — The Cartesi rollup is deterministic and fraud-provable via Arbitrum.
• Defense in depth — Three layers of encryption protect data at rest, in transit, and on-chain.

Learn More

• System Overview — Detailed component breakdown
• Data Flow — Step-by-step KYC verification flow
• Blockchain Layer — Cartesi and Arbitrum details
• Encryption — Three layers of encryption explained