Platform Architecture.
Built for production. Operating in sandbox today.
Danipa is engineered the way a tier-1 bank engineers payment infrastructure — zero-trust security, Vault-managed secrets, multi-jurisdiction compliance wiring, and 80%+ test coverage end-to-end. The platform is feature-complete in sandbox; production launch is scheduled post-funding on Azure/AWS.
Currently sandbox-only · production environment after fundingNon-negotiables, not roadmap line items.
Zero-Trust Security
Per-service mTLS via Vault PKI. TLS 1.3 everywhere including infra listeners — Postgres, Redis, Kafka, Consul, Keycloak. Client-auth is enforced on every inter-service call; no cleartext data crosses the network.
Secrets Management
HashiCorp Vault is the only source of secrets. KV paths are scoped per environment, rotation has an audit trail, and no service ships with secrets in its config repo or environment variables outside Vault.
Data Privacy & Compliance
PCI DSS-compliant card processing via Stripe. PII masking is enforced in logs by ArchUnit guards that block card / phone / email leakage at the architecture layer. Tiered KYC with Ghana Card is wired; row-level security isolates multi-tenant data.
Multi-Jurisdiction Readiness
Ghana statutory compliance (KYC / AML) shipped. CAD and USD banking corridors wired via Stripe Connect with per-country routing. The provider model is extensible — adding a new country's payment rail does not require re-architecting the core.
Testing & Observability
80%+ test coverage across every service — unit, integration, and end-to-end. ArchUnit guards flag wildcard imports and PII-logging violations at build time. Request-scoped tracing stamps tenant id, user id, and request id into structured logs across the call graph.
Sandbox-First Development
Feature-complete sandbox on Hetzner is the daily development surface — every feature is validated against real provider integrations before it can ship. Production deployment is scheduled post-funding on Azure/AWS for multi-region scale.
The specific choices that make the architecture defensible — not marketing veneer.
- ·001Per-service mTLS via Vault PKI + step-ca — Postgres, Redis, Kafka, Consul, and Keycloak listeners all enforce client-auth
- ·002HMAC-verified webhook delivery with 300-second timestamp replay protection
- ·003Structured logs with masked PII, request-scoped trace IDs, and ArchUnit-enforced logging boundaries
- ·004Multi-factor authentication — Passkey (WebAuthn), TOTP (Google Authenticator / Authy / 1Password), and SMS OTP via Africa's Talking + Twilio
- ·005Spring Boot 4 services on Java 25; Next.js 16 + React 19 + Tailwind on the frontends; Vite 6 + React Router 7 on the merchant dashboard
Scoped against the existing surface.
Every shipped feature lives in a milestone document with a clear scope, exit criteria, and a PR trail. New work is scoped against the existing surface, not bolted on.
The same discipline applies to the marketing site — gaps are captured, prioritised, and shipped in batches.
Want to go deeper?
The platform docs, milestone briefs, and API reference are all open to read. Talk to us if you'd like to discuss an enterprise deployment or a partnership.