mancitrus/system-prompts-and-models-of-ai-tools
1
0
Fork 0
mirror of https://github.com/x1xhlol/system-prompts-and-models-of-ai-tools.git synced 2026-06-18 23:39:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
20277e0afc
system-prompts-and-models-o.../salesflow-saas/memory/security/pdpl-checklist.md
Claude a329957a3b
feat: Add AI engine, PDPL compliance, sequences, CPQ, and governance layers 
Phase 1-6 implementation for Dealix AI Revenue OS:

- AI Arabic Engine: NLP (arabic_nlp.py), lead scoring (lead_scoring.py)
- PDPL Compliance: consent manager, data rights handler, consent model
- Sequence Engine: multi-channel sequences with WhatsApp/Email/SMS
- CPQ System: quote engine, AI proposal generator
- Security Gate: pre-release checks, PDPL message validation
- Tool Verification: agent action audit trail
- Project Operating Files: AGENTS.md, CLAUDE.md
- Project Memory: architecture, ADRs, provider routing, PDPL checklist
- Design System: IBM Plex Sans Arabic tokens, RTL-safe components
- Sequence/Consent models for database

https://claude.ai/code/session_01LsnvBa7HwF5hs99VZbgLGj
2026-04-11 07:40:39 +00:00

47 lines
1.5 KiB
Markdown
Raw Blame History

# PDPL Compliance Checklist
**Type**: security
**Date**: 2026-04-11
**Status**: active
**Owner**: compliance team
## Pre-Launch Requirements
### Consent Management
- [ ] Consent recorded before any data processing
- [ ] Consent purpose is specific (marketing/sales/service/analytics)
- [ ] Consent channel tracked (WhatsApp/email/SMS/phone)
- [ ] Re-consent triggered when purpose changes
- [ ] Consent expiry enforced (12 months default)
- [ ] Consent audit trail complete
### Data Subject Rights
- [ ] Right to access: export all personal data as JSON
- [ ] Right to correction: update with audit trail
- [ ] Right to deletion: soft-delete + 30-day hard-delete
- [ ] Right to restrict processing: flag and enforce
- [ ] Response within 30 days of request
### Cross-Border Transfer
- [ ] All data stored in Saudi/GCC data centers
- [ ] No personal data sent to non-adequate countries without consent
- [ ] Transfer safeguards documented
### Security
- [ ] Data encryption at rest (PostgreSQL TDE or app-level)
- [ ] Data encryption in transit (TLS 1.3)
- [ ] Access control: role-based, tenant-isolated
- [ ] Audit logs for all data access
- [ ] Breach notification procedure documented
### Penalties
- Up to SAR 5,000,000 per violation
- Double for repeat offenses
- Up to 1 year imprisonment for unauthorized cross-border transfers
## SDAIA Registration
- [ ] Register on National Data Governance Platform
- [ ] Appoint Data Protection Officer
- [ ] Document processing activities
- [ ] Conduct Data Protection Impact Assessment
Reference in New Issue View Git Blame Copy Permalink