Compatible with SAP  ·  IBM Maximo  ·  Oracle ERP  ·  Hexagon EAM  ·  Infor  ·  Any CMMS — Run an Industrial IQ diagnostic →
Architecture Overview

Sanitised data flow diagram for technical evaluators and security reviewers.

For CIOs, CTOs, and security architects evaluating PartsCleanse AI. This page shows how catalog data moves through the processing pipeline, where isolation boundaries exist, and where purge events occur.

View Security OverviewDownload DPA
Data flow — catalog upload to report delivery

How your catalog data moves through PartsCleanse AI.

LayerComponentCatalog data present?Retained after processing?
Client browserHTTPS upload (TLS 1.2+)In transit onlyNo
Application layerFlask application serverIn-memory during analysis onlyNo — cleared after run
Storage layerSession run folder (isolated per upload)Source CSV + generated report artifactsSource purged; artifacts session-scoped
Database layerApplication database (PostgreSQL)No catalog rows presentSummary metrics and ownership only
Audit layerAudit logNo catalog contentRun ID, timestamp, purge event, access log
Admin layerAdmin dashboardNo catalog accessN/A
Isolation boundaries

Where your data is separated from all other tenants.

Session run folderEach catalog upload is processed in a unique, randomly-named folder. No cross-session file access is possible at any layer.
In-memory processingCatalog rows are loaded into the application process memory space only. They are never written to shared storage during analysis.
Database isolationThe database stores only summary metrics (SKU count, duplicate rate, exposure estimate), report ownership, and audit metadata. No catalog rows, descriptions, or part numbers are persisted.
Download isolationReport artifact downloads are gated by authenticated user session. A user can only download reports from their own account.
Purge pathway

When and how the source catalog is deleted.

TriggerPurge is triggered automatically upon successful completion of report artifact generation.
ScopeThe uploaded source CSV file and any temporary working files in the session run folder are deleted.
RetainedGenerated report artifacts (Open Findings HTML, Excel, Word, PDF, clean CSV) remain available for session-scoped download.
Audit recordThe purge event is recorded in the audit log with timestamp and run identifier. Available to admin and on request to the client.
No backup of sourceUploaded source catalog files are not included in database backups. Only summary metrics and report ownership are backed up.
Infrastructure

Deployment environment — current and planned.

CurrentVPS hosting with SSH key authentication, encrypted storage, and TLS termination at the application layer.
Production targetCloud-hosted (AWS or GCP) with managed PostgreSQL, encrypted object storage, WAF, and managed TLS. Planned at public launch.
BackupDatabase backup covers summary metrics and ownership records only. Source catalog files are excluded from backup by design.
View Full Security OverviewData Handling CommitmentBC/DR Summary
AI2COE Copilot