The data-flow map is a visual, always-current picture of how personal data moves through your business — from your controller identity, through your internal processing activities, out to the external subprocessors you use. It's built automatically from your RoPA activities and subprocessor list, so there's nothing separate to fill in.
Reading the map
/dashboard/compliance/lineage shows three views of the same graph:
- Graph — a diagram with your controller at the top, internal processing activities on the left, and external subprocessors on the right, connected by directional edges.
- Nodes — a card grid of every node in the graph, tagged Controller, Internal, or Subprocessor, with its declared data categories.
- Data flows — a table, one row per edge, showing the source, destination, data categories carried, and a provenance badge.
Provenance badges
Each edge is tagged evidence (backed by an anchored receipt), asserted (stated by you, not independently verified), or gap (missing — must be completed). The Coverage card totals these so you can see how complete your map is.
On erasure — what actually gets deleted
The "On erasure" section explains what happens when you confirm a data-subject erasure request:
- Internal nodes — proven destruction. The encryption key covering the subject's data in your internal activities is destroyed, making the underlying ciphertext permanently unrecoverable. A signed destruction receipt is minted — this is provable deletion, not just a log entry.
- External subprocessors — instruction only, not verified deletion. For each subprocessor, miniterms records that you instructed them to delete the data and when. It cannot verify that the third-party system actually deleted it. Instructed is not the same as verified deleted — you must follow up with each processor directly.
Both the destruction receipts and the instruction records are bundled into a signed propagation receipt, verifiable at verify.dekimu.com, and it appears in your Receipts list.
Sign a snapshot
Sign snapshot produces a verifiable receipt of the graph as it currently stands, which you can audit later. Download the verifiable JSON and paste it at verify.dekimu.com/verify-receipt to confirm it. The activity and subprocessor names you chose are embedded in the signed snapshot — keep them as short labels, never personal data.
Limits
The map is read-only — you don't edit nodes or edges here. To change what it shows, add or edit processing activities on the RoPA register page, or subprocessors on the Subprocessors page.