# Security ### 1. Architectural Overview The proposed architecture is built on a **"Privacy-by-Design"** approach. It establishes a European security gateway between the user's terminal and destination platforms (GA4, Meta, etc.). #### Logical Data Flow Diagram ``` [ USER / BROWSER ] | | (1) HTTPS Flow (First-Party) | Domain: metrics.your-site.com v +-------------------------------------------------------------+ | SECURITY BUFFER ZONE (Bunny.net) | | ----------------------------------------------------------- | | [ CDN / EDGE ] <-- SSL Termination & Optimization | | [ WAF ] <-- Filtering (Anti-DDoS, Bad Bots) | | | | * Config: Global (Performance) OR Tier-1 EU (Sovereignty) | +-------------------------------------------------------------+ | | (2) Secured Flow (Encrypted Tunnel) | Protected Origin (Masked IP) v +-------------------------------------------------------------+ | PROCESSING INFRASTRUCTURE (GTM Server-Side) | | ----------------------------------------------------------- | | Host: SCALEWAY / HETZNER | | Location: EUROPE (France / Germany) | | | | [ GTM LOGIC ] | | -> Request Reception | | -> Cleaning / Pseudonymization (IP, User Agent) | | -> Enrichment (if required) | +-------------------------------------------------------------+ | | (3) Server-to-Server API Egress | Controlled & Pseudonymized Data +-----------------------+-----------------------+ | | | v v v [ GOOGLE GA4 ] [ META CAPI ] [ OTHER THIRD PARTIES ] (United States) (United States) (By Vendor) ``` ### 2. Detailed Flow Analysis #### Flow (1): Browser ↔ Bunny.net (Ingress) * Protocol: Encrypted HTTPS. * Context: "First-party" collection. The browser communicates directly with `metrics.your-site.com`, ensuring the flow is treated as internal by the browser and WAF. * Security: Bunny.net acts as a shield (Reverse Proxy). It absorbs traffic and blocks common threats (injections, botnets) via its WAF before they reach the processing server. #### Flow (2): Bunny.net ↔ GTM Servers (Internal) * Infrastructure: GTM containers are hosted on dedicated instances at Scaleway and Hetzner, which are exclusively European providers. * Encryption: Data transport is encrypted end-to-end. * Role: Real-time data processing; no long-term data storage is performed on these servers. #### Flow (3): GTM Servers ↔ Partners (Egress) * Governance: Unlike traditional client-side tracking, your GTM server decides exactly what data is sent based on your specific tag configurations. * Pseudonymization: Before transmission to GA4 (USA), we remove the real IP address and clean URL parameters (PII) to protect the user's direct identity. *** ### 3. Data Sovereignty Strategy (Bunny.net) To meet DPO requirements regarding data localization, we utilize a hybrid strategy: * Performance Mode: Global CDN configuration for maximum speed. * Strict Compliance: On-demand activation of the "Tier-1 EU Providers Only" option. * Impact: Traffic is routed exclusively through nodes located within the European Union, ensuring immediate compliance without service interruption. *** ### 4. Technical Prerequisites & Impacts The integration is designed to be "Zero-Trust" compatible and lightweight for IT teams: * DNS: NS delegation or a simple CNAME record for the sub-domain. * SSL Certificates: Automated management (provisioning and renewal) handled by Sirdata. * Firewall / Network: \* Update your Content Security Policy (CSP) to whitelist the new sub-domain `metrics.your-site.com`. * No complex port openings required; all traffic uses standard web protocols (Port 443).