MomentScience x T-Mobile Integration Architecture

MomentScience x T-Mobile Integration Architecture
Data Flow & Privacy Architecture — Internal Security Review
MomentScience is a post-transaction offer platform invoked by T-Mobile systems at defined customer touchpoints to return a scoped offer payload.
Integration Model
Stateless REST API (TLS 1.2+).
Invocation exclusively initiated by T-Mobile systems.
Processing confined to explicitly provided fields.
All invocation paths share one API endpoint and storage model.
T-Mobile controls timing, payload content, and field inclusion.
Governing Invariants
Persistent identifiers scoped to T-Mobile integration only.
Environment separation enforced: T-Mobile / MomentScience / Advertiser.
User exits via redirect URL only — no identifiers, session context, or user data forwarded to the advertiser.
No standing data paths. No external enrichment.
CONFIDENTIAL
Direct API — Integration Architecture 
(Preferred Path)
Invocation & Control
T-Mobile BackEnd initiates API call
Server-to-server HTTPS POST (TLS 1.2+)
T-Mobile controls payload fields and timing
No MomentScience visibility prior to invocation
Storage & Retention
AWS-hosted cloud infrastructure
Logically isolated per client integration
Events logged: offer_id, placement_id, timestamp, event_type
PII (if provided) retained per contractual agreement (default: 12 months), then purged.
Non-PII event data retained for analytics and reporting per standard platform policy.
Path status: ✓ Preferred — direct server-to-server, no intermediary dependency.
CONFIDENTIAL
Web via GAM — Integration Architecture (Alternative Path)
Invocation & Control
T-Mobile Web Property triggers GAM placement render
GAM mediates server-side call to MomentScience API
T-Mobile controls payload fields and timing
No MomentScience browser code or client-side execution
Storage & Retention
AWS-hosted cloud infrastructure
Logically isolated per client integration
Events logged: offer_id, placement_id, timestamp, event_type
PII (if provided) retained per contractual agreement (default: 12 months), then purged.
Non-PII event data retained for analytics and reporting per standard platform policy.
Path status: Alternative — GAM introduces intermediary dependency not present in Direct API path.
CONFIDENTIAL
App via GAM — Integration Architecture (Alternative Path)
Invocation & Control
T-Mobile Mobile App triggers GMA SDK placement render
GMA SDK mediates server-side call to MomentScience API
T-Mobile controls payload fields and timing
No MomentScience SDK embedded in app
Storage & Retention
AWS-hosted cloud infrastructure
Logically isolated per client integration
Events logged: offer_id, placement_id, timestamp, event_type
PII (if provided) retained per contractual agreement (default: 12 months), then purged.
Non-PII event data retained for analytics and reporting per standard platform policy.
Path status: Alternative — GMA SDK introduces intermediary dependency not present in Direct API path.
CONFIDENTIAL
Invocation & Behavioral Flow — Direct API
Step-by-step invocation sequence. Trigger logic, payload assembly, and response handling are all T-Mobile-controlled.
01
Qualifying Event
User completes defined action on T-Mobile-controlled surface.
02
T-Mobile Assembles Request
Backend constructs API request. MomentScience has no prior visibility.
03
HTTPS POST
TLS 1.2+ · Stateless · No persistent connection.
04
Decision Engine
Evaluates placement rules. Returns offer payload within integration scope.
05
Render on T-Mobile Surface
offer_id, creative, redirect_url delivered to T-Mobile surface.
06
HTTP 302 Redirect
User exits via redirect URL only. No identifiers, session context, or user data are forwarded to the advertiser.
CONFIDENTIAL
Data Elements & Invocation Scope
Integration is fully functional with placement_id only (Non-PII). All additional fields are optional and explicitly provided by T-Mobile at invocation. All fields are transmitted at the point of invocation only — none are forwarded to the advertiser.
No ambient collection. No external enrichment.
CONFIDENTIAL