nself-chat Data Flow Diagrams Version : 1.0.0
Date : 2026-02-08
Status : Active
Overview System Context Trust Boundaries Data Flow Diagrams Data Classifications Data Stores External Entities
This document provides data flow diagrams (DFDs) for the nself-chat platform, identifying trust boundaries, data stores, and external entities for security analysis.
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β EXTERNAL ENTITIES β
β β
β βββββββββββ βββββββββββ βββββββββββ βββββββββββββββββββ β
β β OAuth β β Payment β β AI β β CDN/Storage β β
β βProvidersβ βProvidersβ βServices β β Providers β β
β ββββββ¬βββββ ββββββ¬βββββ ββββββ¬βββββ ββββββββββ¬βββββββββ β
βββββββββΌβββββββββββββΌβββββββββββββΌβββββββββββββββββΌβββββββββββ
β β β β
β β β β
βββββββββββββββββββββββββββββββββββββββββββββΌβββββββββββββΌβββββββββββββΌβββββββββββββββββΌββββββββββββ
β βΌ βΌ βΌ βΌ β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β NSELF-CHAT PLATFORM β β
β βββββββββββββββββββββ β βββββββββββββββ βββββββββββββββ βββββββββββββββββββββββββββ β β
β β β β β Next.js β β Hasura β β Backend Services β β β
β β Web Browser ββββββΊβ β Frontend ββββ€ GraphQL ββββ€ (Auth, Storage, etc.) β β β
β β (PWA) β β β + API β β Engine β β β β β
β β β β βββββββββββββββ ββββββββ¬βββββββ ββββββββββββββ¬βββββββββββββ β β
β βββββββββββββββββββββ β β β β β
β β βΌ β β β
β βββββββββββββββββββββ β βββββββββββββββββββββ β β β
β β Mobile Apps ββββββΊβ β PostgreSQL ββββββββββββββββ β β
β β (iOS/Android) β β β Database β β β
β βββββββββββββββββββββ β βββββββββββββββββββββ β β
β β β β
β βββββββββββββββββββββ β βββββββββββββββ βββββββββββββββ βββββββββββββββββββββββββββ β β
β β Desktop Apps ββββββΊβ β Redis β β MeiliSearch β β MinIO β β β
β β (Electron/Tauri) β β β Cache β β Search β β Object Storage β β β
β βββββββββββββββββββββ β βββββββββββββββ βββββββββββββββ βββββββββββββββββββββββββββ β β
β β β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
β
ββββββββββββββββΌβββββββββββββββ
β β β
βΌ βΌ βΌ
βββββββββββββ βββββββββββββ βββββββββββββ
β Monitoringβ β Logging β β Backup β
β (Sentry) β β (Grafana) β β Systems β
βββββββββββββ βββββββββββββ βββββββββββββ
TB1: Public Internet Boundary βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β UNTRUSTED ZONE β
β (Public Internet) β
β β
β βββββββββββββββ βββββββββββββββ βββββββββββββββ ββββββββββββββββββββββββ
β β Attacker β β Bot Net β β Scrapers β β Legitimate Users ββ
β β β β β β β β ββ
β ββββββββ¬βββββββ ββββββββ¬βββββββ ββββββββ¬βββββββ ββββββββββββ¬ββββββββββββ
β β β β β β
βββββββββββΌβββββββββββββββββΌβββββββββββββββββΌββββββββββββββββββββββΌββββββββββββ
β β β β
β β β β
βββββββββββͺβββββββββββββββββͺβββββββββββββββββͺββββββββββββββββββββββͺβββββββββββ
β TRUST BOUNDARY 1 (TB1) β β
β - TLS termination β β
β - Rate limiting β β
β - WAF (optional) β β
βββββββββββͺβββββββββββββββββͺβββββββββββββββββͺββββββββββββββββββββββͺβββββββββββ
β β β β
βΌ βΌ βΌ βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β DMZ / EDGE ZONE β
β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Load Balancer / Reverse Proxy β β
β β (Nginx) β β
β β - TLS termination β β
β β - Request routing β β
β β - Rate limiting β β
β β - Security headers injection β β
β βββββββββββββββββββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββ β
β β β
ββββββββββββββββββββββββββββββββββββββββββΌββββββββββββββββββββββββββββββββββββββ
β
TB2: Application Boundary βββββββββββββββββββββββββββββββββββββββββββͺβββββββββββββββββββββββββββββββββββ
β
TRUST BOUNDARY 2 (TB2) β
- Authentication required β
- CSRF validation β
- Input validation β
β
βββββββββββββββββββββββββββββββββββββββββββͺβββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β APPLICATION ZONE β
β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β Next.js Application ββ
β β ββ
β β βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββββββββββ ββ
β β β Frontend β β API Routes β β Middleware β ββ
β β β (React) β β (Server) β β (Auth, CSRF, etc.) β ββ
β β β β β β β β ββ
β β β - CSP enforced β β - Input valid. β β - JWT verification β ββ
β β β - XSS sanitized β β - Auth checks β β - Rate limiting β ββ
β β β - CSRF tokens β β - RBAC enforce β β - Security headers β ββ
β β βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββββββββββ ββ
β β ββ
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β
βββββββββββββββββββββββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββ
β
βββββββββββββββββββββββββββββββββββββββββββͺβββββββββββββββββββββββββββββββββββ
β
TRUST BOUNDARY 3 (TB3) β
- Hasura permissions β
- Row-level security β
- Parameterized queries β
β
βββββββββββββββββββββββββββββββββββββββββββͺβββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β DATA ZONE β
β β
β ββββββββββββββββββββββββββ ββββββββββββββββββββββββββββββββββββββββββββββ β
β β Hasura GraphQL β β PostgreSQL β β
β β β β β β
β β - Permission rules β β - Encrypted at rest β β
β β - Row-level security β β - TLS connections β β
β β - Query validation β β - Parameterized queries β β
β β - Rate limiting β β - Audit logging β β
β ββββββββββββββββββββββββββ ββββββββββββββββββββββββββββββββββββββββββββββ β
β β
β ββββββββββββββββββββββββββ ββββββββββββββββββββββββββββββββββββββββββββββ β
β β Redis β β MinIO Storage β β
β β β β β β
β β - Session storage β β - Signed URLs β β
β β - Cache (ephemeral) β β - Access policies β β
β β - Rate limit counters β β - Encryption at rest β β
β ββββββββββββββββββββββββββ ββββββββββββββββββββββββββββββββββββββββββββββ β
β β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
TB4: Client Device Boundary ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β CLIENT DEVICE ZONE β
β (User's Device) β
β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β TRUST BOUNDARY 4 (TB4) - Device Security β
β - Device lock (PIN/biometric) β
β - Encrypted storage β
β - Memory protection β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β E2EE Protected Zone β β
β β β β
β β ββββββββββββββββββββ ββββββββββββββββββββ ββββββββββββββββββββββββββ β β
β β β Master Key β β Private Keys β β Decrypted Messages β β β
β β β (Memory Only) β β (Encrypted DB) β β (Memory Only) β β β
β β β β β β β β β β
β β β NEVER persisted β β AES-256-GCM β β Rendered in DOM β β β
β β β to storage β β encrypted β β Never stored β β β
β β ββββββββββββββββββββ ββββββββββββββββββββ ββββββββββββββββββββββββββ β β
β β β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Encrypted Storage β β
β β β β
β β IndexedDB with encrypted keys: β β
β β - Identity keys (encrypted) β β
β β - Session keys (encrypted) β β
β β - Prekeys (encrypted) β β
β β - Cached encrypted messages β β
β β β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
DFD Level 0: System Context βββββββββββββββββ
β End Users β
β (Browsers, β
β Mobile, β
β Desktop) β
βββββββββ¬ββββββββ
β
β HTTPS/WSS
β (Encrypted)
β
βΌ
βββββββββββββββββ βββββββββββββββββββββββββββββββββββββββββ βββββββββββββββββ
β β β β β β
β OAuth βββββββΊβ nself-chat βββββββΊβ Payment β
β Providers β β Platform β β Providers β
β β OAuthβ β Stripeβ β
β (Google, β 2.0 β - Messaging β API β (Stripe, β
β GitHub, β β - Voice/Video β β Crypto) β
β etc.) β β - File Sharing β β β
β β β - Authentication β β β
βββββββββββββββββ β - Authorization β βββββββββββββββββ
β β
βββββββββββββββββββββ¬ββββββββββββββββββββ
β
βββββββββββββββββββββΌββββββββββββββββββββ
β β β
βΌ βΌ βΌ
βββββββββββββββββ βββββββββββββββββ βββββββββββββββββ
β AI β β Storage β β Email β
β Services β β (S3/MinIO) β β Provider β
β β β β β β
β (OpenAI, β β Files, β β (Resend, β
β Anthropic) β β Media β β SendGrid) β
βββββββββββββββββ βββββββββββββββββ βββββββββββββββββ
DFD Level 1: Core Application ββββββββββββββββββ
β User β
βββββββββ¬βββββββββ
β
βββββββββββββββββββββββββββββββββΌββββββββββββββββββββββββββββββββ
β β β
βΌ βΌ βΌ
βββββββββββββββββ βββββββββββββββββ βββββββββββββββββ
β [1.0] β β [2.0] β β [3.0] β
β Authenticationβ β Messaging β β Media β
β Process β β Process β β Process β
β β β β β β
β - Login β β - Send/Recv β β - Upload β
β - Register β β - E2EE β β - Download β
β - 2FA β β - Threads β β - Stream β
β - OAuth β β - Reactions β β - Transcode β
βββββββββ¬ββββββββ βββββββββ¬ββββββββ βββββββββ¬ββββββββ
β β β
β β β
βΌ βΌ βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β [DB] β
β PostgreSQL β
β β
β βββββββββββ βββββββββββ βββββββββββ βββββββββββ βββββββββββββββββββ β
β β Users β βMessages β βChannels β β Files β β Audit Logs β β
β β β β(E2EE) β β β β Meta β β β β
β βββββββββββ βββββββββββ βββββββββββ βββββββββββ βββββββββββββββββββ β
β β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Legend:
[X.0] = Process
[DB] = Data Store
ββββΊ = Data Flow
DFD Level 2: Authentication Flow ββββββββββββββββββ
β User β
βββββββββ¬βββββββββ
β
βββββββββββββββββββββββββββΌββββββββββββββββββββββββββ
β Credentials β OAuth Token β
βΌ βΌ βΌ
βββββββββββββββββ βββββββββββββββββ βββββββββββββββββ
β [1.1] β β [1.2] β β [1.3] β
β Login β β OAuth β β 2FA β
β Handler β β Handler β β Handler β
β β β β β β
β - Validate β β - Redirect β β - TOTP verify β
β - Rate limit β β - Callback β β - Backup code β
β - Bcrypt β β - Token β β - Biometric β
βββββββββ¬ββββββββ βββββββββ¬ββββββββ βββββββββ¬ββββββββ
β β β
ββββββββββββββββββββββββββΌβββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββ
β [1.4] β
β Session β
β Manager β
β β
β - JWT issue β
β - Refresh β
β - Revoke β
βββββββββ¬ββββββββ
β
βββββββββββββββββββββββββΌββββββββββββββββββββββββ
β β β
βΌ βΌ βΌ
βββββββββββββββββ βββββββββββββββββ βββββββββββββββββ
β [Users DB] β β [Sessions β β [Audit Log] β
β β β Store] β β β
β - Credentials β β - Redis β β - Login eventsβ
β - 2FA secrets β β - JWT tokens β β - Failed auth β
β - Preferences β β - Sessions β β - IP tracking β
βββββββββββββββββ βββββββββββββββββ βββββββββββββββββ
Data Flow Security:
- All connections use TLS
- Passwords: bcrypt hashed (never stored plaintext)
- 2FA secrets: AES-256 encrypted at rest
- JWTs: Short-lived (15min), signed with RS256
- Refresh tokens: HTTP-only, secure cookies
DFD Level 2: E2EE Message Flow ββββββββββββββββββ ββββββββββββββββββ
β Sender β β Recipient β
β Device β β Device β
βββββββββ¬βββββββββ βββββββββ²βββββββββ
β β
β Plaintext β Plaintext
β Message β Message
β β
βΌ β
βββββββββββββββββ βββββββββββββββββ
β [2.1] β β [2.4] β
β Encrypt β β Decrypt β
β (Client) β β (Client) β
β β β β
β - X3DH/Ratchetβ β - X3DH/Ratchetβ
β - AES-GCM β β - AES-GCM β
β - Message key β β - Message key β
βββββββββ¬ββββββββ βββββββββ²ββββββββ
β β
β Ciphertext β Ciphertext
β + Envelope β + Envelope
β β
βΌ β
βββββββββββββββββ βββββββββββββββββ
β [2.2] β β [2.3] β
β Send ββββββββββββββββββββββΊβ Receive β
β (Server) β Encrypted β (Server) β
β β Message β β
β - Store β (Opaque) β - Deliver β
β - Route β β - Queue β
β - Log meta β β - Notify β
βββββββββ¬ββββββββ βββββββββ¬ββββββββ
β β
β β
βΌ βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββ
β [Messages DB] β
β β
β βββββββββββββββ ββββββββββββββββββββββββββββ β
β β Encrypted β β Metadata (NOT encrypted)β β
β β Content β β - Sender ID β β
β β (Opaque) β β - Recipient ID β β
β β β β - Timestamp β β
β β Server β β - Channel ID β β
β β cannot β β - Message ID β β
β β decrypt β β β β
β βββββββββββββββ ββββββββββββββββββββββββββββ β
β β
ββββββββββββββββββββββββββββββββββββββββββββββββββββ
Trust Boundaries:
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β CLIENT TRUST ZONE β β CLIENT TRUST ZONE β
β β βββ Untrusted Server βββΊ β β
β - Plaintext β (Cannot access β - Plaintext β
β - Private keys β content) β - Private keys β
β - Session keys β β - Session keys β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
DFD Level 2: File Upload Flow ββββββββββββββββββ
β User β
βββββββββ¬βββββββββ
β
β File
β
βΌ
βββββββββββββββββ
β [3.1] β
β Validate β
β β
β - Type check β
β - Size check β
β - Malware scanβ
β - Sanitize β
βββββββββ¬ββββββββ
β
β Validated
β File
βΌ
βββββββββββββββββ
β [3.2] β
β Process β
β β
β - Thumbnail β
β - Transcode β
β - Optimize β
β - Strip EXIF β
βββββββββ¬ββββββββ
β
β Processed
β File
βΌ
βββββββββββββββββ
β [3.3] β
β Encrypt β
β (Optional) β
β β
β - E2EE key β
β - AES-256 β
βββββββββ¬ββββββββ
β
ββββββββββββββββββββββββββΌβββββββββββββββββββββββββ
β β β
βΌ βΌ βΌ
βββββββββββββββββ βββββββββββββββββ βββββββββββββββββ
β [MinIO] β β [Files DB] β β [Audit Log] β
β β β β β β
β - Blob store β β - Metadata β β - Upload eventβ
β - Encryption β β - User ID β β - File ID β
β - Signed URLs β β - Permissions β β - Timestamp β
βββββββββββββββββ βββββββββββββββββ βββββββββββββββββ
Security Controls:
- File type whitelist (images, docs, media)
- Maximum file size enforced
- EXIF metadata stripped (privacy)
- Signed URLs with expiry
- Virus scanning (ClamAV)
- Content-Type validation
Level
Name
Description
Examples
L1
Restricted Most sensitive, E2EE protected
Plaintext messages, private keys
L2
Confidential User PII, requires authentication
Passwords, 2FA secrets, profiles
L3
Internal Business data, limited access
Audit logs, analytics, config
L4
Public No sensitivity
Public channels, app branding
Data Classification Matrix
Data Type
Classification
Encryption
Access Control
Retention
E2EE Private Keys
L1
AES-256 (client)
Device owner only
User-controlled
Message Plaintext
L1
Memory only
E2EE protected
Never stored
User Passwords
L2
Bcrypt hash
System only
Account lifetime
2FA Secrets
L2
AES-256
User + system
Account lifetime
Session Tokens
L2
Memory/Cookie
User session
7 days
User Profiles
L2
TLS in transit
RBAC
Account lifetime
Encrypted Messages
L3
E2EE ciphertext
Sender/recipient
Configurable
Audit Logs
L3
Encryption at rest
Admin only
90 days
Analytics
L3
Encryption at rest
Admin only
1 year
Channel Config
L3
Encryption at rest
RBAC
Permanent
Public Keys
L4
None
Public
Account lifetime
App Branding
L4
None
Public
Permanent
DS1: PostgreSQL (Primary Database)
Table
Data Classification
Encryption
Backup
nchat_users
L2
At rest
Daily
nchat_messages
L3 (E2EE ciphertext)
At rest + E2EE
Daily
nchat_channels
L3
At rest
Daily
nchat_files
L3
At rest
Daily
nchat_audit_logs
L3
At rest
Daily
nchat_sessions
L2
At rest
None
app_configuration
L3
At rest
Daily
DS2: Redis (Cache/Sessions)
Key Pattern
Data Classification
TTL
Purpose
session:*
L2
7 days
User sessions
rate:*
L4
1 minute
Rate limiting
presence:*
L4
5 minutes
User presence
cache:*
L3-L4
Variable
Application cache
DS3: MinIO (Object Storage)
Bucket
Data Classification
Access
Encryption
uploads
L3
Signed URLs
Server-side
avatars
L4
Public (with CDN)
Server-side
attachments
L3
Signed URLs
Server-side + E2EE
exports
L2
User-specific
Server-side
DS4: Client Storage (IndexedDB)
Store
Data Classification
Encryption
Sync
identity_keys
L1
AES-256 (master key)
Never
session_keys
L1
AES-256 (master key)
Never
prekeys
L1
AES-256 (master key)
Partial
messages_cache
L1 (ciphertext)
E2EE
On demand
settings
L3
None
On demand
Provider
Data Received
Data Sent
Security
Google
User ID, email, name
OAuth code
OAuth 2.0, TLS
GitHub
User ID, email
OAuth code
OAuth 2.0, TLS
Microsoft
User ID, email
OAuth code
OAuth 2.0, TLS
Apple
User ID
OAuth code
Sign in with Apple
ID.me
User ID, verification
OAuth code
OAuth 2.0, verified identity
Provider
Data Received
Data Sent
Security
Stripe
Payment status
Customer ID, Plan
PCI DSS, TLS
Crypto (ETH)
Transaction hash
Wallet address
Blockchain
Provider
Data Received
Data Sent
Security
OpenAI
AI response
User prompt
TLS, API key
Anthropic
AI response
User prompt
TLS, API key
Note : AI services receive user-provided prompts which may contain sensitive content. E2EE messages are NOT sent to AI services without explicit user action.
EE4: Infrastructure Providers
Provider
Purpose
Data Access
Security
Vercel/Netlify
Hosting
Application code
TLS, SOC 2
AWS/GCP
Infrastructure
All (encrypted)
SOC 2, ISO 27001
Cloudflare
CDN/WAF
Traffic metadata
SOC 2
Sentry
Error tracking
Errors, sanitized
TLS, data scrubbing
Version
Date
Author
Changes
1.0.0
2026-02-08
Security Team
Initial data flow documentation
Classification : Internal
Related Documents : THREAT-MODEL.md , SECURITY-CONTROLS.md