An open-source, privacy-first identity & consent platform for modern social applications
# Clone the repository
git clone https://github.com/vibe-afrika/pcm.git
cd pcm
# Start infrastructure (PostgreSQL, Redis, Kafka, Elasticsearch)
docker-compose up -d
# Build all services
mvn clean install -DskipTests
# Run the API Gateway & core services
cd api-gateway && mvn spring-boot:runRefer to the Quick Start Guide for detailed onboarding.
PCM is a modular, event-driven microservice suite that serves as the single source of truth for user profiles and GDPR-compliant consent management.
- β Open source (Apache 2.0)
- β Privacy-by-design (Immutable consent ledger, orchestrated erasure)
- β Cloud-native (Kubernetes-ready, OpenTelemetry-native, stateless)
- β Infrastructure Agnostic (Support for PostgreSQL/MySQL, Kafka/RabbitMQ)
- β High Performance (gRPC aggregation at the gateway layer)
- β Compliant with GDPR, ePrivacy, and emerging data laws
PCM did not come from nowhere. It emerged from a concrete challenge within a social project for a startup.
We initially chose Apache Unomi as our Customer Data Platform (CDP). It offered a comprehensive suite for profile tracking and real-time segmentation.
As our requirements for Data Sovereignty and Extreme Security grew, we encountered significant friction:
- Operational Complexity: The Apache Karaf/OSGi architecture added heavy overhead and a steep learning curve for our team.
- Security-by-Design: We needed native, transparent PII encryption (via HashiCorp Vault) as a foundational layer, which was difficult to "bolt on" to an existing engine.
- Infrastructure Overhead: A mandatory Elasticsearch dependency for all profile operations was overkill for our primary identity management needs.
We decided to build a platform that focused on the core: Identity, Consent, and Protection. By leveraging Spring Boot 3, gRPC, and HashiCorp Vault, we created a lean, high-performance alternative that prioritizes the Security of the Citizen's Data above all else.
Today, PCM is open-sourced to empower other developers facing similar challenges in building privacy-first applications.
PCM uses Hexagonal Architecture with clear bounded contexts, standardized on Spring Boot 3.2 for consistency and performance:
| Service | Responsibility | Stack |
|---|---|---|
| Profile Service | User identity, handle management, dynamic attributes | PostgreSQL/MySQL (JSON), Redis |
| Consent Service | GDPR consent collection, versioning, legal proof | PostgreSQL/MySQL (Ledger) |
| Segment Service | User classification and real-time segmentation | Elasticsearch, Kafka/RabbitMQ |
| Preference Service | UX preferences (language, theme, notifications) | Redis |
| Config Service | (Optional) Centralized configuration | Spring Cloud Config |
| API Gateway | Unified entry point, JWT security, Aggregator | Gateway, gRPC, OTel |
- Synchronous: gRPC for high-performance data aggregation (Gateway -> Services)
- Asynchronous: Spring Cloud Stream with support for Kafka (Avro) and RabbitMQ
- Observability: OpenTelemetry native (TRACES & METRICS exporters)
- Security: JWT for client authentication, standard OAuth2 resources server
pcm/
βββ libs/
β βββ common/ # Shared domain interfaces, value objects
β βββ kafka-events/ # Avro event schemas
β βββ grpc-contracts/ # Protobuf service definitions
βββ profile-service/ # Spring Boot - Profile management
βββ consent-service/ # Spring Boot - Consent ledger
βββ segment-service/ # Spring Boot - User segmentation
βββ preference-service/ # Spring Boot - User preferences
βββ config-service/ # Spring Boot - Centralized Configuration Server
βββ api-gateway/ # Spring Cloud Gateway & Aggregator
βββ k8s/ # Raw Kubernetes manifests
βββ charts/ # Helm charts for Kubernetes
βββ docs/ # Architecture Decision Records (ADRs) & Guides
βββ docker-compose.yml # Local development environment
PCM uses a dual configuration model:
- Centralized: Via Spring Cloud Config (recommended for production).
- Decentralized: All services provide local fallbacks and can be configured entirely via Environment Variables (ideal for local dev or simple container deployments).
Core platform settings (Messaging, Database, Vault, Logging) are standardized in the config-service.
- Source of truth:
config-service/src/main/resources/config/ - Shared config:
application.yml - Service specific:
<service-name>.yml
- Quick Start Guide - Get PCM running locally in 5 minutes.
- API Reference - Endpoints, payloads, and examples.
- Dependency Monitoring - Guide to monitoring updates and vulnerabilities.
- Architecture Decision Records - Design decisions and rationale.
Note
The config-service must be started before other microservices as they fetch their configuration at startup.
Note
The logo was generated using the following prompt: A modern, high-tech logo for an open-source platform named 'PCM' (Profile & Consent Manager). The design should feature a stylized digital profile head and a shield or padlock to represent privacy and consent. Use a professional color palette like deep blue, vibrant cyan, and slate grey. The aesthetic should be clean, minimalist, and premium, suitable for a GitHub header. No text other than 'PCM'. White background or transparent-like aesthetic.