← Vitacore Forge

Privacy & Security

High-level architecture

How components interact for FormFit scanning and manufacturing workflows.

High-level Vitacore Forge architectureDiagram showing user devices connecting through CDN and web tier to an API, with database, object storage, queue, email, and compute workers.User deviceBrowser / appEdge & web tierStatic UI, secure deliveryTLS terminationApplication APIAuth, workflows, signed URLsBusiness logicRelational databaseOrders, scan metadata, jobsObject storageVideo, meshes, exportsQueue & cacheAsync jobs, coordinationEmail deliveryTransactional messagesCompute workers (private)Mesh pipeline & slicing—no direct public ingressPhotogrammetry: eastern US; core hosting & storage: OregonEncrypted in transit (clients and between regions)Logical view—Oregon for core data; photogrammetry on US East Coast; encrypted transfers.

User-facing tier

The browser loads the Forge web application from a globally distributed edge network. Scan video and photos are uploaded only over HTTPS (TLS). Uploads typically use time-limited, scoped URLs so files stream directly to object storage over encrypted connections without transiting application servers for the raw bytes.

Application core

The API enforces authentication, orchestrates scan and order state, issues storage grants, and enqueues work. A relational database holds structured records; a queue/cache tier coordinates asynchronous jobs and worker capacity. Identity fields (for example name and contact information) are stored separately from scan video, images, and mesh artifacts, so those categories are not commingled in one identifiable bundle in our data model.

Processing tier

Isolated compute instances run mesh generation and manufacturing prep. They read and write through the same storage and database contracts as the API, not via ad-hoc public endpoints.

Hosting

Primary hosting and storage for customer data are in Oregon, United States. Photogrammetry reconstruction runs in the eastern United States. Customers may connect from anywhere; traffic uses secure, encrypted connections end-to-end, including between U.S. regions where processing is split.