Data Flow Guide
This guide documents how data flows within Enprivacy 3.0 and what external network connections the product makes. It is intended to support network egress validation and data residency verification.
Principles
Section titled “Principles”Enprivacy 3.0 is designed with a data-residency-first approach:
- All customer data is stored in your own infrastructure.
- Enprivacy has no access to your data.
- Outbound internet connectivity is minimised to a single runtime endpoint (
auth.enprivacy.com) for user management. Model downloads from the Hugging Face Hub occur on first use only and can be eliminated by pre-loading models — see External Connections.
Internal Data Flows
Section titled “Internal Data Flows”Services communicate over the following default ports within the deployment’s private network. The Web and Job services hold all state in the database or object storage.
| Source | Destination | Data | Port | Protocol |
|---|---|---|---|---|
| End user / admin | Web | Interface and API requests | 8080 | HTTP |
| Web | Database | Application state | 5432 | TCP |
| Job | Database | Application state | 5432 | TCP |
| Web | LLM | Detection / classification inference | 8000 | HTTP |
| Job | LLM | Detection / classification inference | 8000 | HTTP |
| Web | OCR | Text extraction | 5001 | HTTP |
| Job | OCR | Text extraction | 5001 | HTTP |
| Web / Job | Object storage | Document uploads and redacted output | — | Storage protocol |
Interservice traffic uses plain HTTP/TCP by default and is intended to run within a trusted private network. See the Network Security Guide.
External Connections
Section titled “External Connections”The product makes the following outbound connections to external services:
| Destination | Port | Protocol | Purpose | Data transmitted |
|---|---|---|---|---|
auth.enprivacy.com | 443 | HTTPS | User authentication and entitlement | User identity (email, user ID, roles) |
Hugging Face Hub (huggingface.co and *.hf.co CDNs) | 443 | HTTPS | Model downloads on first use (Web, Job, LLM services) | No customer data — model artefacts only; eliminated by pre-loading models |
No customer data is transmitted to Enprivacy or any other external party.
What Is Sent to auth.enprivacy.com
Section titled “What Is Sent to auth.enprivacy.com”No Telemetry or Update Checks
Section titled “No Telemetry or Update Checks”The product does not phone home to check for updates or send telemetry. With models pre-loaded into durable storage, all features work fully air-gapped except user authentication, which requires auth.enprivacy.com.
Data at Rest
Section titled “Data at Rest”See Data Security & Privacy for details on where data is stored and encryption recommendations.
Egress Validation
Section titled “Egress Validation”You can validate the product’s network egress by:
- Deploying with a network egress proxy or firewall logging enabled.
- Allowing only
auth.enprivacy.com:443in your egress allow-list. - Blocking all other outbound traffic and verifying that no application features break (except authentication).