Infrastructure

Last updated: 2026-04-11

Backbuild runs on a serverless, globally distributed infrastructure. The platform is designed for high availability, horizontal scalability, and security isolation between tenants. A detailed architecture diagram is available to customers under NDA.

Compute

Application code runs on Cloudflare Workers, a serverless edge compute platform. Workers execute in isolated V8 contexts at the edge location nearest the user. There are no long-lived servers to patch or manage at the application tier, and runtime security updates are delivered by Cloudflare.

Data storage

• Primary database: a managed Citus PostgreSQL cluster stores all transactional customer data. Citus provides horizontal scaling via sharding across worker nodes while preserving PostgreSQL semantics.
• Object storage: Cloudflare R2 stores binary assets, backups, and bulk exports. R2 is S3-compatible, egress-free, and globally distributed.
• Distributed cache: Cloudflare KV provides low-latency key-value storage for caching, rate limiting state, and short-lived operational data.
• Connection pooling: Cloudflare Hyperdrive pools and caches database connections at the edge, reducing connection overhead for serverless workloads.

Network and edge

• All public traffic traverses the Cloudflare global network, which provides DDoS mitigation, bot management, TLS termination, and Web Application Firewall capability.
• DNS is managed through Cloudflare with DNSSEC available.
• Private inter-service communication between Workers and data services is encrypted.

Multi-region availability

Edge compute is inherently multi-region: Workers run in hundreds of Cloudflare points of presence worldwide, and requests are served from the nearest available location. The primary database is located in a region chosen at contract time and is replicated for resilience. Failover within the database tier is handled by the managed service provider.

Observability

Platform logs, metrics, and traces are collected centrally with correlation identifiers that tie individual requests together across services. Security-relevant events are routed to an append-only audit store with tamper-evident integrity protection.

Architecture diagram

A detailed architecture diagram is available to customers and prospective customers under a mutual non-disclosure agreement. The diagram is not published on this site in order to avoid providing an unnecessary roadmap to potential attackers.

Explore infrastructure details

• Availability — SLA, status page, redundancy, RTO/RPO
• Business continuity and disaster recovery