System Overview
Tech Stack (TypeScript Full-Stack)
Frontend
React 18 + TypeScript SPA
React 18
TypeScript
Vite
TanStack Router
TanStack Query
Tailwind CSS
TipTap Editor
Backend
2x NestJS Services
NestJS
TypeScript
Prisma ORM
PostgreSQL
JWT Auth
AI Services
Intelligent Processing
Speech-to-Text
PDF/Word Extraction
AI Text Generation
Infrastructure
Azure Switzerland North
Azure App Service
Azure Blob Storage
Docker
GitHub Actions
β
Production Status: Live system with real doctors as customersβ
Swiss Compliance: ICD-10-GM, TARMED, FADP, GDPRβ
Data Residency: All data remains in Switzerland (Azure Switzerland North)
β¨ Key Features & Differentiators
π¨π Swiss Data Sovereignty
100% Swiss-hosted infrastructure
Azure Switzerland North (ZΓΌrich)
FADP & GDPR compliant by design
No data leaves Switzerland
π― Medical Domain Expertise
20 Swiss medical document types
ICD-10-GM diagnosis coding
TARMED billing code integration
Swiss AHV number validation
β‘ Efficiency Gains
Audio β Document in ~3-5 minutes
AI-assisted medical terminology
Rich-text editor with auto-save
Multi-specialty support
π Enterprise Security
JWT-based authentication
Role-based access control
Complete audit trail
Encrypted storage at rest
Three-Tier Service Architecture
PRESENTATION
Layer 1
BUSINESS
Layer 2
DATA
Layer 3
π― Frontend
React SPA β’ TipTap Editor β’ Tailwind
REST API
βοΈ App Service
Business Logic β’ Auth
Patient β’ Document CRUD
π§ AI Service
Speech-to-Text β’ LLM
Document Generation
Internal API
ποΈ PostgreSQL
pgvector β’ Prisma ORM
βοΈ Azure Blob
Audio β’ Documents β’ Assets
π¨ Layer 1: Frontend (curecode-app-client)
React SPA
Responsibilities:
Patient Management (AHV Validation)
Consultation Management
Document Generation Wizard (3-Step)
Rich-Text Editor (TipTap/ProseMirror)
File Upload UI (Audio up to 50MB)
React 18
TypeScript
TanStack Router
TanStack Query
Tailwind CSS
TipTap Editor
Production: https://[redacted]-client-prod.azurewebsites.net
β
βοΈ Layer 2: Backend Services
curecode-app-service
Main Business Logic API
Patient CRUD
Consultation CRUD
Document CRUD
User Management
JWT Authentication
Organisation Management
NestJS
TypeScript
Prisma ORM
PostgreSQL
Deployment: Azure App Service (Docker)
curecode-ai-service
AI Processing Service
Audio Transcription (Whisper)
Document Extraction (PDF/DOCX)
AI Document Generation (LLM)
Azure Blob Storage Management
Retry Logic & Error Handling
NestJS
Speech-to-Text
Document Extraction
Azure Blob
Deployment: Azure App Service (Docker)
β
πΎ Layer 3: Data & Storage
PostgreSQL Database
Schema Isolation:
Business logic schema (patients, docs, users)
AI processing schema (transcriptions, completions)
PostgreSQL 15
pgvector extension
Prisma Migrations
Azure Blob Storage
File Storage:
Audio files (MP3, M4A, WAV, WEBM)
Uploaded documents (PDF, DOCX)
Organisation logos
Azure Blob
Encrypted
π Security: All services communicate via JWT Tokens. No API keys in the frontend. CORS is strictly configured for Production & Staging domains.
Complete Data Flow: Audio β Final Document
Step 1: User Authentication
Flow:
User logs in with email/password
Backend verifies credentials securely
JWT token generated and returned
Frontend stores token for subsequent requests
Authentication: JWT-based
Step 2: Patient Selection/Creation
Flow:
Frontend fetches patient list for organisation
User selects existing patient or creates new
Swiss AHV number validation applied
Patient record loaded with insurance data
Validation: Swiss AHV format (756.XXXX.XXXX.XX)
Step 3: Consultation Creation
Flow:
User creates new consultation for patient
Consultation record linked to user and patient
Consultation date recorded
Ready for audio upload
Relationships: User β Consultation β Patient
Step 4: Audio Upload & Transcription
Flow:
User uploads audio file (up to 50MB)
File securely stored in cloud storage
Transcription job queued
Whisper API processes audio to text
Frontend polls for completion status
Transcription text ready for document generation
Transcription: Whisper API (configurable vendor)
Step 5: Document Generation Wizard
Flow:
Step 1: Select Medical SpecialtyStep 2: Select Document Type (20 types available)Step 3: Select Sections to includeUser clicks "Generate with AI"
UI: 3-step wizard interface
Step 6: AI Document Generation
Flow:
Backend retrieves transcription text
Loads appropriate prompt template
Constructs prompt with:
Transcription content
Selected document sections
Doctor and organisation context
Swiss medical coding guidelines
LLM generates structured medical document
Document formatted for rich-text editor
Saved to database for review
AI Model: LLM (configurable vendor)
Step 7: Document Review & Edit
Flow:
Document opens in rich-text editor
Doctor reviews AI-generated content
Full editing capabilities (Word-like experience)
Auto-save ensures no work is lost
Document progresses through workflow states
Editor: TipTap (ProseMirror-based)
Step 8: Document Finalization
Flow:
Doctor clicks "Approve"
Document status updated to approved
Audit trail entry recorded
Document linked to consultation record
Ready for export (PDF, print)
Workflow: Draft β Pending β Approved
β‘ Performance Metrics:
Data Management Capabilities
ποΈ PostgreSQL
Switzerland North
π’ Multi-
Tenant
π Semantic
Search
π Audit
Trail
π Role-Based
Access
ποΈ Soft
Delete
π Encrypted
Storage
π’ Multi-Tenant Isolation
Complete data separation between medical practices. Each organisation's data is logically isolated with enforced access boundaries.
Row-Level Security
Organisation Scoping
π AI-Powered Search
Semantic search across medical documents using vector embeddings. Find relevant patient history using natural language queries.
Vector Similarity
Natural Language
π Complete Audit Trail
Every document modification is logged with timestamp, user, and action type. Full history for compliance and accountability.
Immutable Logs
User Attribution
π Access Control
Role-based permissions from System Admin to standard users. Specialty-specific access and organisation-level administration.
4 Permission Levels
JWT Claims
ποΈ Data Recovery
Soft delete pattern ensures no accidental data loss. Records can be recovered within retention period. Hard delete for GDPR compliance.
Soft Delete
GDPR Right to Erasure
π¨π Swiss Data Residency
All data stored exclusively in Azure Switzerland North (ZΓΌrich). Encrypted at rest and in transit. FADP & GDPR compliant.
AES-256 Encryption
TLS 1.3
π οΈ Technology Foundation: PostgreSQL database with modern ORM β’ Automated schema migrations β’ Service-level isolation
Azure Switzerland North Deployment
π Azure Resources
Region: Switzerland North (ZΓΌrich)Environments: Production + StagingCompliance: FADP & GDPR compliant hosting
Compute: Azure App Service (Linux)Runtime: Docker ContainersScaling: Horizontal scaling ready
π Production Environment
Frontend App
React SPA
Runtime: Docker Container
Backend API
Main Business Logic
Runtime: Docker Container
AI Service
AI Processing
Runtime: Docker Container
π§ͺ Staging Environment
Frontend App
React SPA
Runtime: Docker Container
Backend API
Main Business Logic
Runtime: Docker Container
AI Service
AI Processing
Runtime: Docker Container
Database
Azure Database for PostgreSQL Flexible Server
Hosting: Azure Database for PostgreSQL Flexible Server
Storage
Azure Blob Storage
Purpose: Audio files, uploaded documents, organisation assets
CI/CD Pipeline (GitHub Actions)
Build & Deploy Workflow
Production Deployment:
Create/push prod Git tag
GitHub Actions triggers production build
Run tests (npm test)
Build Docker image with :prod tag
Push to Azure Container Registry
Deploy to Production App Services
Health check verification
Staging Deployment:
Create/push staging Git tag
GitHub Actions triggers staging build
Build Docker image with :staging tag
Deploy to Staging App Services
Registry: Azure Container Registry
β
Swiss Data Residency: All services and databases run in Switzerland (Switzerland North).β
Compliance: FADP & GDPR compliant through Swiss Azure deployment.β
Security: HTTPS enforced, JWT tokens, CORS configured, Azure AD authentication.
π Secrets Management: