Data Flow Diagrams¶

Visual overview of how data flows through the Dxtra platform when integrating with external services.

Integration Data Flow¶

When external platforms send webhook events to Dxtra:

graph TB
    subgraph "Your Platforms"
        Shopify[Shopify]
        Stripe[Stripe]
        Mailchimp[Mailchimp]
        Custom[Your App]
    end

    subgraph "Dxtra Platform"
        Webhook[Webhook Handler<br/>conduit.dxtra.ai]
        Process[Privacy Processing]
        Store[Compliance Storage]
        Dashboard[Dashboard]
    end

    Shopify -->|HTTPS + HMAC| Webhook
    Stripe -->|HTTPS + Signature| Webhook
    Mailchimp -->|HTTPS| Webhook
    Custom -->|HTTPS + API Key| Webhook

    Webhook --> Process
    Process --> Store
    Store --> Dashboard

Webhook Processing Flow¶

How Dxtra processes incoming webhook events:

sequenceDiagram
    participant Platform as Your Platform
    participant Dxtra as Dxtra API
    participant DB as Privacy Database

    Platform->>Dxtra: POST webhook + signature
    Dxtra->>Dxtra: Validate signature
    Dxtra->>Dxtra: Parse and validate payload

    alt Valid signature
        Dxtra->>Dxtra: Extract PII fields
        Dxtra->>Dxtra: Generate privacy hashes
        Dxtra->>DB: Store privacy-preserving links
        Dxtra-->>Platform: 200 OK
    else Invalid signature
        Dxtra-->>Platform: 401 Unauthorized
    end

Consent Flow¶

How consent preferences are collected and stored:

sequenceDiagram
    participant User as Website Visitor
    participant Widget as Consent Widget
    participant API as Dxtra API
    participant DB as Privacy Database

    User->>Widget: Load page
    Widget->>API: GET consent preferences
    API->>DB: Query existing preferences
    DB-->>API: Current preferences
    API-->>Widget: Render with current state

    User->>Widget: Update consent choice
    Widget->>API: POST consent update
    API->>DB: Store preference
    DB-->>API: Saved
    API-->>Widget: Update confirmed

Rights Request Flow¶

How data subject rights requests (access, deletion, portability) are processed:

graph TB
    subgraph "Data Subject"
        Portal[Transparency Center]
        Form[Rights Request Form]
    end

    subgraph "Dxtra Platform"
        API[GraphQL API]
        Process[Request Processor]
        Notify[Email Notification]
    end

    subgraph "Dashboard"
        Queue[Request Queue]
        Review[Review & Respond]
    end

    Portal --> Form
    Form --> API
    API --> Process
    Process --> Queue
    Queue --> Review
    Review --> Notify
    Notify --> Portal

Cross-Platform Identity¶

How data subjects are registered in the platform:

graph TD
    subgraph "Identity Sources"
        Email[Email Address]
        Phone[Phone Number]
        CustomerID[Customer ID]
    end

    subgraph "Privacy Processing"
        Hash[SHA-256 Hashing]
        Match[Identity Matching]
    end

    subgraph "Unified Profile"
        Profile[Single Data Subject<br/>Across All Platforms]
    end

    Email --> Hash
    Phone --> Hash
    CustomerID --> Hash
    Hash --> Match
    Match --> Profile

Tag Manager Flow¶

How the Tag Manager captures analytics events with consent:

graph LR
    subgraph "Your Website"
        Script[Tag Script]
        Events[User Events]
    end

    subgraph "Dxtra Tag Manager"
        Consent[Consent Check]
        Track[Event Tracking]
        Analytics[Analytics]
    end

    Script --> Events
    Events --> Consent
    Consent -->|Allowed| Track
    Track --> Analytics
    Consent -->|Blocked| Script

Related Documentation¶

• Platform Overview - System architecture
• Data Schemas - API data types
• Integration Guide - Connect your platforms
• GraphQL API - API documentation