Skip to content
English
Contact us
  • There are no suggestions because the search field is empty.

Zalion Platform Architecture

The Zalion platform was designed to deliver secure, scalable, and intelligent procurement automation by deeply integrating with enterprise systems while isolating customer data with strict compliance and encryption standards. This document outlines the architecture of the Zalion platform, hosted in the AWS environment in the eu-central-1 (Germany) region.

1. System Integration Capabilities

Zalion connects to both communication systems and ERP platforms to enable seamless automation across the entire source-to-pay lifecycle.

  • Communication System Integration Zalion reads and writes messages from platforms such as Microsoft Outlook to process order confirmations, supplier messages, and collaborative workflows.
  • ERP Integration Deep integration with ERP systems such as SAP (including on-premise and cloud instances) enables real-time access to and updating of purchase orders, supplier data, and invoices.

2. Supported File Formats

The platform supports bidirectional reading and writing of the main file types used in procurement workflows:

  • Excel (XLS/XLSX): Used for quotation analyses, bills of materials, or order confirmations.
  • PDF: Supports parsing and generation of supplier documents and commercial templates.

3. Data Security and Standards

Zalion adheres to enterprise-grade security standards at every layer of the stack:

Encryption

  • AES-256: Applied to all data at rest.
  • TLS 1.3: Used for secure transmission of data in transit.
  • Key rotation: Performed at regular intervals to maintain cryptographic strength.

Data Protection

  • RBAC (Role-Based Access Control): Ensures only authorized users can access specific data or functions.
  • DLP (Data Loss Prevention): Monitors and prevents sensitive data from leaving the environment.
  • Auditing: All data interactions are logged for traceability and regulatory compliance.

4. Security Gateway

All traffic entering Zalion's AWS environment passes through a hardened Security Gateway equipped with:

  • DDoS Protection: Mitigates distributed denial-of-service attacks.
  • WAF (Web Application Firewall): Filters malicious HTTP requests.
  • IP Filtering: Allows access only from enterprise-whitelisted IPs.
  • Threat Detection: Monitors abnormal traffic patterns and potential breaches.

5. Customer Data Isolation

Zalion uses a multi-tenant architecture with isolated data environments per customer to meet strict data sovereignty and compliance requirements.

Each customer operates through a set of AI agents (e.g., AB Agent, RFQ Agent, OC Agent), whose data is stored as follows:

  • File Storage: Securely stored in AWS S3.
  • Metadata: Structured data stored in dedicated databases.

No cross-customer data access is possible. Individual customer environments are logically and physically separated.

6. Model Providers via AWS Bedrock

Zalion uses AWS Bedrock as the foundation for secure AI integration and uses Anthropic models by default for high reliability and compliance.

  • Model Usage: AI agents use proven large language models to interpret documents, derive insights, and automate workflows.
  • Compliance: Model access and data handling comply with the data processing agreements and data retention policies defined per customer.

Note: Models are continuously tested for reliability and safety to ensure an optimal product experience.

7. Hosting and Compliance

Zalion is fully hosted in Germany (eu-central-1) to comply with GDPR and meet customer requirements for European data residency.

8. Certification

Zalion is ISO 27001 certified, meeting the highest international standards for information security management. The certification underscores our commitment to systematically protecting customer data across all layers of the platform.

9. AI Compliance Model

Our AI compliance model is built on three core pillars: data protection, transparency, and human control.

Data Protection & Privacy

We follow GDPR principles and ensure that all customer data processed by our agents is handled securely and with minimal exposure. We avoid storing sensitive data unless explicitly agreed upon and ensure that customer-specific models (where used) are isolated and protected.

Transparency and Traceability

Our agents provide clear logs of actions taken, including decision rationale where possible. While some AI outputs may rely on probabilistic reasoning, our goal is to make the process auditable — especially for critical decisions such as supplier selection or payment term modifications.

Human-in-the-Loop Controls

Especially in the current deployment phase, agents act as assistants rather than autonomous decision-makers. Users always have the final say before any critical task is executed. Over time, customers can define thresholds and governance rules for greater automation.

EU AI Act

We adhere to the evolving EU AI Act and regularly consult with legal and compliance advisors to ensure we stay ahead of upcoming regulations.

Summary

Zalion's architecture ensures robust integration, high security, and strict customer data isolation while enabling AI-driven automation for modern procurement teams. This architecture forms the foundation for scalable and secure digital workflows tailored to each customer's ecosystem.