flowchart TD
LMS["LMS user record
name, email, role"]:::identifying
Launch["LMS launch
pseudonym only"]:::pseudonymous
Emit["Textbook emit site
builds xAPI statement"]:::pseudonymous
LRS["LRS storage
keyed by pseudonym"]:::pseudonymous
Dashboard["Dashboard query
per-learner stats"]:::pseudonymous
Reidentify["Re-identification
audited, rare"]:::identifying
LMS ==> Launch
Launch ==> Emit
Emit ==> LRS
LRS ==> Dashboard
Dashboard -.->|"audited lookup"| Reidentify
Reidentify -.-> LMS
click LMS call showHop("LMS")
click Launch call showHop("Launch")
click Emit call showHop("Emit")
click LRS call showHop("LRS")
click Dashboard call showHop("Dashboard")
click Reidentify call showHop("Reidentify")
classDef identifying fill:#b91c1c,stroke:#7f1d1d,color:#fff,font-size:14px,font-weight:bold
classDef pseudonymous fill:#15803d,stroke:#14532d,color:#fff,font-size:14px,font-weight:bold
linkStyle default stroke:#64748b,stroke-width:2px,font-size:12px
Hop Details
Click any hop in the pipeline to see what identity data exists at that point, who can access it, and the privacy posture.
Identifying — real names and emails live here
Pseudonymous — only opaque IDs cross this hop
Solid arrow: normal flow Dashed: audited lookup