# Personal Data Inventory Taloflow adheres to the principle of data minimization. The table below enumerates every personal data category we collect, the specific fields involved, the purpose of collection, the legal basis under GDPR, and where the data is stored. ## Data Inventory | Data Category | Specific Fields | Purpose | Legal Basis | Storage Location | | --------------- | -------------------------------------------------- | -------------------------------------------- | -------------------- | --------------------------------------------------- | | Identity | `email`, `first_name`, `last_name`, `full_name` | Account creation, login, user identification | Contract performance | Auth0 (primary), PostgreSQL (`member_id` reference) | | Authentication | `auth0_id`, hashed password | Secure login, session management | Contract performance | Auth0 (passwords never stored by Taloflow) | | Profile | Avatar URL, nickname | User experience personalization | Legitimate interest | Auth0, Redis (encrypted cache) | | Organization | Company name, legal name, `org_type` | Multi-tenant workspace management, billing | Contract performance | PostgreSQL (`group_header`, `other_setup` JSONB) | | Contact (Org) | Addresses, phone numbers | Billing, legal correspondence | Contract performance | PostgreSQL (within `other_setup` JSONB) | | Financial (Org) | `tax_ids`, `billing_code` | Invoicing, tax compliance | Legal obligation | PostgreSQL (org setup), Stripe (payment processing) | | Expert Profile | `expert_email`, title, bio, timezone, rate | Expert marketplace features | Consent | PostgreSQL (`expert` entity) | | Session / Audit | `member_id`, email, session timestamps, event type | Security monitoring, audit trail | Legitimate interest | PostgreSQL (`user_session`, `audit_event`) | | Activity | Evaluation opens/creates, dashboard loads | Product analytics, audit trail | Legitimate interest | PostgreSQL (`audit_event`) | ## Data We Do Not Collect Taloflow does not collect any of the following: * Biometric data * Health or medical data * Racial or ethnic origin * Political opinions or trade union membership * Geolocation tracking (beyond IP-derived timezone for expert profiles) * Social media activity * Browsing history outside the Taloflow platform * Payment card numbers (handled entirely by Stripe; never touch Taloflow servers) {% hint style="warning" %} Payment card data is submitted directly to Stripe via Stripe.js and is never transmitted to or stored on Taloflow infrastructure. {% endhint %} ## Internal Identifier Architecture All inter-service references use `member_id` (UUID), not email or name. The mapping between `member_id` and PII is held only in the organization-resolver service and Auth0. {% hint style="info" %} No other service holds the `member_id`-to-PII mapping. This limits PII exposure to a single, tightly controlled boundary, consistent with the pseudonymization principle. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.taloflow.ai/security/data-privacy/personal-data-inventory.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.