Architecture
Darwin is three coordinated products on one underlying protocol: Captia (capture), Tracium (traceability), Fidenta (digital product passport). They are whitelabel apps over the same shared infrastructure.
High-level flow
Section titled “High-level flow” Capture (Captia) → Trace (Tracium) → Passport (Fidenta) ↓ ↓ ↓ field operators supply-chain admins consumers + retailers capture events standardize + + auditors view DPP on/offline + IoT anchor on blockchain via QRFor the full visual breakdown of inputs, platform, and outputs, see the platform architecture diagram.
The three products
Section titled “The three products”Captia
Section titled “Captia”The capture layer. Mobile PWA plus ERP, IoT, and CSV connectors.
Digitizes the workshop, the field, and the cooperative where no system exists today. Offline-first; the operator captures the event from a phone with no connectivity, the PWA queues with client-generated idempotent UUIDs, and submits when the network returns.
Captia also ingests data from systems the customer already runs (SAP, Oracle, Microsoft Dynamics, custom ERPs, IoT MQTT brokers, CSV / Excel / EPCIS 2.0 files). The principle is no rip-and-replace: Darwin integrates with existing systems via connectors and APIs, layering traceability, compliance, and product identity on top of what the customer already has.
Tracium
Section titled “Tracium”The traceability layer. Standardizes events from Captia plus any ingestion source, validates them against the tenant’s process map, anchors critical events on-chain, and auto-generates regulatory bundles per framework.
Operations admin and compliance officer surface, exposed via REST and GraphQL.
Fidenta
Section titled “Fidenta”The digital identity layer. Mints a Digital Product Passport per product, accessible via QR. Views per stakeholder:
- Consumer: storytelling, certifications, environmental footprint.
- Retailer: compliance data, supplier evidence.
- Auditor: on-chain proof, IPFS CIDs, raw metadata.
- Brand: analytics, scan metrics, geolocation of consumption.
The viewer is whitelabel by tenant configuration, multilingual (es / en / pt-BR), and serves SSR for fast first paint.
The shared protocol
Section titled “The shared protocol”Underneath the three products, Darwin runs a single protocol: 13 smart contracts deployed once per chain, plus the Passport registry, plus the off-chain services that orchestrate them.
On-chain
Section titled “On-chain”- Production target chains: Polygon PoS as the production-class L1 and an OP Stack L2 for high-throughput anchoring. Sandbox environments use a managed self-hosted chain so evaluators incur no per-tx fees.
- 13 contracts: 7 identity (DIDs, organizations, permissions), plus 4 process (NFT inventory, trace events, process map, custody), plus 2 per-instance templates.
- See On-chain vs off-chain for what goes on-chain vs what stays in the operational database.
Off-chain (managed)
Section titled “Off-chain (managed)”The off-chain layer includes the operational database (relational, with tenant-scoped schemas), object and content-addressed storage for event evidence (photos, certificates, raw documents), per-tenant configuration distribution, caching and processing queues for ingestion and webhook delivery, and operational observability (metrics, logs, traces).
Darwin operates the on-chain and off-chain infrastructure. Clients integrate via API and do not need to operate blockchain nodes or servers.
AI Insights
Section titled “AI Insights”Layered on top of the events:
- Anomaly detection (deterministic rules engine, in production): cold-chain breaches, ghost lots, custody gaps, certificate expiry, unusual timing.
- Agentic compliance: natural-language Q&A against regulatory frameworks (e.g. “Can lot LOT-8901 be exported to the US?”), available on demand.
Five anomaly categories ship today; eleven more are available on demand. See AI Insights overview on the main site.
Multi-tenant model
Section titled “Multi-tenant model”A single environment hosts multiple tenants. Tenant isolation:
- On-chain: each tenant has its own dedicated tenant contract plus a per-tenant configuration subtree. The on-chain layer stores hashes and references. What is published on-chain is designed to be verifiable without exposing sensitive data, since the original payloads stay off-chain under tenant access control.
- Off-chain: operational data (raw events, photos, documents, capture records) is isolated per tenant via tenantId scoping at the database layer and row-level access control via tenant-scoped JWT and API keys.
See Tenants & identity for the data model.
Whitelabel by default
Section titled “Whitelabel by default”Each tenant can customize their branding (logo, colors, typography, copy) across operational interfaces and public-facing portals. Branding is applied at runtime per tenant, with no code changes required to onboard a new whitelabel customer.