Skip to main content

Data Flow Inventory

Reviewed on: 2026-01-21 Status: Draft (requires deployment-specific review)

This document summarizes typical data flows in Primus modules. Actual data flow depends on your configuration and integrations.

Default Data Flow (Local-First)

Primus modules run inside your application process. By default, scanning and processing occurs locally without external network calls.

External Egress by Module (If Configured)

  • Identity Validator: OIDC metadata and JWKS calls to your configured IdP (Auth0, Azure AD, Okta, etc.).
  • Payments: Stripe and PayPal webhook validation (provider APIs).
  • Notifications: SMTP/SMS providers (Twilio, AWS SNS, Azure Communication Services).
  • AI Copilot: LLM provider endpoints (Azure OpenAI, GitHub Models, etc.).
  • Logging: optional sinks (AppInsights, Serilog/NLog targets, external log services).
  • Storage: cloud storage endpoints if using Azure Blob or AWS S3.

Data Categories

  • PII: names, emails, phone numbers, addresses.
  • PHI: health-related information linked to individuals.
  • PCI: payment card data.
  • Secrets: API keys, tokens, and credentials.

Required Reviews

  • Approve all outbound destinations by domain/IP.
  • Define data classification for each integration.
  • Confirm regional data residency requirements for US and India.
  • Document retention and deletion policies.

Review Log

  • 2026-01-21: Baseline inventory created. Deployment-specific approval pending.