ViriSIM · Database Schema

Overview

ViriSIM storage data is organized by user ID for efficient access and security. Below is the complete schema for some collections used in the application.

Document ID Pattern: Most collections use the user's UID as the document ID or a composite ID combining identifiers.

apiKeys

Collection

Stores API key metadata for authentication.

Security Note: Full API keys are never stored. In some cases, only salted hashes (bcrypt) are persisted for verification.

📋 Fields

Field	Type	Required	Description
`keyHash`	string	Required	Bcrypt hash of the API key (full key never stored)
`name`	string	Required	Descriptive name for the key (e.g., "Production API")
`userId`	string	Required	User's UID
`created`	timestamp	Required	Creation timestamp
`lastUsed`	timestamp	Optional	Last time the key was used
`isActive`	boolean	Optional	Whether the key is active (default: false)
`permissions`	array	Optional	Array of permissions (e.g., ["read", "write"])
`updatedAt`	timestamp	Optional	Last update timestamp

allTime

Collection

Stores user-level aggregations, token balances, and analytics data.

Document ID Format: User's UID.

📋 Fields

Field	Type	Description
`totalTokensPurchased`	number	Total tokens purchased over time
`totalTokensUsed`	number	Total tokens used in API calls
`totalTokensLeft`	number	Remaining token balance
`totalAmountSpent`	number	Total amount spent in USD
`totalAmountSaved`	number	Total amount saved from discounts
`totalApiCalls`	number	Total API calls made
`activeStatus`	string	"Yes" or "No" — API monitoring status
`analysisData`	object	Monthly compliance analytics (see structure below)
`lastUpdated`	timestamp	Last update timestamp

📈 analysisData Structure

{
  "2025": {
    "jan": { totalEntries: 0, nonCompliant: 0, fullyCompliant: 0, reviewNeeded: 0, riskScore: 0 },
    "feb": { ... },
    // ... months mar through dec
  },
  "2026": { ... }
}

IOLogs

Collection

Parent collection for all audit logs. Contains two subcollections: logs and logs_full.

Document ID Format: User's UID.

📋 Fields (Parent Document)

Field	Type	Description
`userId`	string	User's UID
`lastUpdated`	timestamp	Last update timestamp

IOLogs → logs

Subcollection

Stores lightweight log entries for quick display in the dashboard table view.

Document ID Format: VIRI-{timestamp}{random} (e.g., VIRI-0001234Xabcde)

📋 Fields

Field	Type	Description
`userId`	string	User's UID
`apiKeyHASH`	string	Redacted API key (first 16 chars + "...")
`timestamp`	string	ISO timestamp of the audit
`tableHighlight`	object	Preview data for dashboard table
`searchableTerms`	array	Array of searchable keywords for filtering

📊 tableHighlight Structure

{
  logId: "VIRI-0001234Xabcde",
  company: "Example Corp",
  model: "ViriSIM-v102",
  inputPreview: "User input text...",
  outputPreview: "AI output text...",
  compliance: "Fully compliant",  // or "Review needed", "Non-compliant"
  riskScore: 2.5,
  useCase: "Customer Support",
  tier: "Professional",
  storageValue: 0.000016
}

IOLogs → logs_full

Subcollection

Stores complete audit data including compliance analysis, remediation steps, and fine-tuning data.

Document ID Format: Same as logs (e.g., VIRI-0001234Xabcde)

📋 Main Fields

Field	Type	Description
`userId`	string	User's UID
`apiKeyHASH`	string	Redacted API key
`timestamp`	string	ISO timestamp
`meta`	object	Metadata (companyUserId, sessionId, tokens, etc.)
`userInput`	object	User input analysis (complianceScore, violations, safeInput)
`aiOutput`	object	AI output analysis (fairnessScore, bias, safeOutput)
`verdict`	object	Final verdict (complianceStatus, riskScore, actionPlan)
`regulatoryComplianceDetails`	object	Primary/secondary regulations violated
`remediation`	array	Remediation steps
`fineTuning`	object	Fine-tuning training data
`integrity`	object	SHA-256 hash for audit integrity
`authorizationChain`	object	Authorization verification data
`retention`	object	Data retention policy metadata
`storageValue`	number	Storage size in MB for this log
`tier`	string	User's subscription tier

userStorage

Collection

Tracks storage usage per user for audit logs.

Document ID Format: User's UID.

Field	Type	Description
`userId`	string	User's UID
`storageUsed`	number	Storage used in MB
`storageLimit`	number	Storage limit in MB (default: 1000 MB / 1 GB)
`lastUpdated`	timestamp	Last update timestamp
`createdAt`	timestamp	Creation timestamp

account

Collection

Stores user profile and settings.

Document ID Format: User's UID.

Field	Type	Description
`adminName`	string	User's full name
`companyName`	string	Company name
`email`	string	User's email address
`phone`	string	Phone number
`profileImage`	string	URL to profile image
`sector`	string	Industry sector
`country`	string	Country
`privacySecurity`	object	Privacy and security settings
`languageRegion`	object	Language and region preferences
`notifications`	object	Notification preferences
`timeTrack`	number	Timestamp tracking
`createdAt`	timestamp	Account creation timestamp
`updatedAt`	timestamp	Last update timestamp

paymentsHistory

Collection → Subcollection

Stores payment transactions. Organized as a subcollection under each user.

Document ID Format: Payment reference ID (from Paystack/Flutterwave).

Field	Type	Description
`plan`	string	Plan name (Free, Pro, Professional, Enterprise, Custom)
`tokens`	number	Number of tokens purchased
`finalTotal`	number	Amount paid
`saved`	number	Amount saved from discounts
`realRate`	number	Currency conversion rate used
`status`	string	Payment status (completed, pending)
`userId`	string	User's UID
`createdAt`	timestamp	Payment timestamp
`completedAt`	timestamp	Completion timestamp

fineTuning

Collection → Subcollections

Manages fine-tuning jobs and automation schedules.

📋 Subcollections

summary → main — Aggregated stats about all fine-tuning jobs
jobs → Individual fine-tuning job documents

Document ID Format: User's UID for parent, custom IDs for jobs.

certifications

Collection → Subcollection

Stores yearly compliance certifications for users.

Document ID Format: User's UID → yearlyCerts → {year}

Field	Type	Description
`totallogsCerts`	number	Total logs audited this year
`totalTokensUsed`	number	Total tokens used this year
`fullyCompliant`	number	Count of fully compliant audits
`nonCompliant`	number	Count of non-compliant audits
`needsReview`	number	Count of audits needing review
`cumulativeRiskScore`	number	Average risk score for the year (0-10 scale)
`compliantRate`	number	Percentage of compliant audits
`certNumber`	string	Certificate number
`certType`	string	Certificate type (e.g., "ViriSIM-v102-4001:2025")
`companyName`	string	Company name for the certificate

automationConfigs

Collection

Stores integration configurations for Slack, Teams, Jira, Zapier, Google Analytics and Google Sheets.

Document ID Format: User's UID.

📋 Config Objects

slackAutomation — Webhook URL, alert triggers, channel name
teamsAutomation — Webhook URL, alert triggers, channel name
jiraAutomation — Jira URL, email, API token, project key, risk threshold
zapierAutomation — Zapier webhook URLs for various events
googleAnalyticsAutomation — Measurement ID (G-XXXXXXXX), API secret, event parameters, custom dimensions
sheetsAutomation — Google OAuth tokens, spreadsheet ID, sheet name
customAutomation — Custom webhook URL, headers, alert triggers

Data Retention Policy

ViriSIM follows a 7-year log retention policy to comply with EU AI Act Article 12 requirements for high-risk AI systems.

{
  policy: "Logs: 7 years | Training data: 90 days | Extended retention: Customer responsibility via export, download, or third-party archival",
  logRetentionExpiry: "YYYY-MM-DD",  // 7 years from log creation
  trainingDataExpiry: "YYYY-MM-DD", // 90 days from log creation
  basis: "EU AI Act Article 12 - minimum 6 month retention for high-risk AI system logs"
}

Note: Training data used for fine-tuning is retained for 90 days only. For longer retention, customers must export, download, or archive using third-party solutions.

Access Control:

Admin Access: Full access to all logs and settings
Shared Access: Admins can share specific logs with selected individuals (view-only)
Regulator Access: Extended access with detailed audit data and export/download capabilities (view-only, time-limited)

Database Schema

Overview

apiKeys

📋 Fields

allTime

📋 Fields

📈 analysisData Structure

IOLogs

📋 Fields (Parent Document)

IOLogs → logs

📋 Fields

📊 tableHighlight Structure

IOLogs → logs_full

📋 Main Fields

userStorage

account

paymentsHistory

fineTuning

📋 Subcollections

certifications

automationConfigs

📋 Config Objects

Data Retention Policy

Ready to Start Auditing?