mirror of
https://github.com/x1xhlol/system-prompts-and-models-of-ai-tools.git
synced 2026-06-17 23:09:35 +00:00
40ab7b86c2
PHASE 1 COMPLETION:
TASK-005 — Live gitleaks scan:
Scanned 146 commits with gitleaks v8.20.1
Result: 1 finding — FALSE POSITIVE (model name llama-3.1-70b-versatile
in test fixture, not an API key)
Added to .gitleaksignore
rotation_log.md updated with scan results
VERDICT: No real secrets in git history — repo clean for extraction
TASK-006 — Legal templates (bilingual):
docs/legal/templates/IP_ASSIGNMENT_AGREEMENT.md — bilingual IP assignment
docs/legal/templates/PRIVACY_POLICY_EN.md — PDPL/GDPR-aware template
docs/legal/templates/PRIVACY_POLICY_AR.md — Arabic privacy policy
docs/legal/templates/TERMS_OF_SERVICE_EN.md — SaaS ToS with MENA pricing
docs/legal/templates/DPA_EN.md — Data Processing Agreement with annexes
All marked as "DRAFT — must be reviewed by Saudi counsel before use"
TASK-006 — Trademark Filing Kit:
docs/legal/templates/TRADEMARK_FILING_KIT.md
Covers: DEALIX (Latin) + ديلكس (Arabic) + logo
Classes 9, 42, 35 across KSA, UAE, Egypt, Jordan, Kuwait
Application text ready to paste into SAIP + equivalents
Agent recommendations (AGIP, Saba, Bird & Bird, Al Tamimi)
Budget: ~90-120K SAR for full MENA coverage
Founder Decision Package:
FOUNDER_DECISION_PACKAGE.md — single file with 4 decisions:
1. GitHub org name (recommend: dealix-io)
2. Entity structure (MISA vs DIFC vs ADGM)
3. Saudi counsel engagement (15-30K SAR)
4. Trademark filing (30-50K SAR initial)
Total founder time to unblock: ~1 week + ~50K SAR
PHASE 2 FOUNDATION:
DEALIX_PHASE2_BLUEPRINT.md — 18-month category leadership plan:
10 parallel streams (Frontend, Product, AI, Enterprise, Integrations,
Scale, Commercial, Customer Platform, Trust, Category POV)
Executable NOW vs Requires External Services vs Wait-for-PMF
Phase 2 completion criteria (NPS >=50, NRR >=120%, etc.)
TASK-F201 — Design System foundation (scaffolded):
packages/design-system/tokens/primitive.json — W3C Design Tokens format:
Brand palette (50-900), neutral (50-950), critical/warning/success/info
Space, radius, motion (duration + easing) tokens
Typography with Arabic fontFamily + arabic-adjustment (1.15) for size
Arabic line-height (1.8) for diacritics
packages/design-system/tokens/semantic.json — light + dark themes:
surface, fg, border, interactive, status semantic layers
packages/design-system/README.md — principles + integration guide
TASK-CAT1340 (prep) — @dealix/arabic-ui package (scaffolded):
packages/arabic-ui/src/normalize.ts:
Diacritic-insensitive search (fatha/kasra/damma stripped)
Hamza variants normalized (أ/إ/آ → ا)
Waw-hamza, ya-hamza, taa-marbuta, alef-maksura handled
arabicMatch() + arabicCompare() helpers
packages/arabic-ui/src/numerals.ts:
Western/Arabic-Indic/Eastern Arabic-Indic conversion
formatCurrency() for SAR/AED/EGP/USD/JOD/KWD
formatNumber() with locale awareness
packages/arabic-ui/src/direction.ts:
detectDirection() via Unicode bidi algorithm
isolate() using U+2068/U+2069 for mixed-direction content
isRTL() locale check
hasArabic() presence check
Future: release as OSS after 12 months of internal use
TASK-CAT1310 — Manifesto (bilingual draft):
marketing/manifesto.md — 4 principles in Arabic + English:
1. Arabic first, not Arabic translated
2. Decisions backed by evidence, not opinion
3. AI recommends, systems commit, humans approve
4. Saudi compliance built-in, not bolted on
Publication target: dealix.io/manifesto + dealix.io/بيان
TASK-CAT1320 — Dealix Labs (scaffolded):
docs/labs/README.md — research program structure:
Annual State of Arabic Enterprise AI report
Quarterly Arabic LLM Benchmarks
OTel semantic conventions proposal
Open source: @dealix/arabic-ui + @dealix/design-system
TRUTH.yaml updated:
Added Phase 2 capabilities section (all as 'partial' or 'roadmap')
Added ISO 27001/17/18 and bug bounty to security_claims (all false)
All gates GREEN:
Architecture Brief: 40/40
Release Readiness Matrix: 71/71 (up from 53/53)
Release Readiness Gate (blueprint): PASS
Truth Registry Validator: VALID
https://claude.ai/code/session_01W1rJthWDkasijTdXCfxVHs
4.2 KiB
4.2 KiB
Data Processing Agreement (DPA) — Dealix (Template)
DISCLAIMER: Template only. Must be reviewed by qualified Saudi counsel before execution. Version: 1.0 DRAFT
Parties
Data Controller: [Customer Legal Entity] ("Customer") Data Processor: [Dealix Legal Entity] ("Dealix")
Effective Date: [DATE]
1. Subject Matter
This DPA governs processing of Personal Data by Dealix on behalf of Customer in connection with the Service defined in the Master Services Agreement / Terms of Service.
2. Duration
For the duration of the Service subscription + retention periods specified in the Privacy Policy.
3. Nature and Purpose of Processing
Dealix processes Personal Data to:
- Execute customer-initiated workflows (partner intake, dossier, approvals)
- Generate evidence packs and audit trails
- Provide reporting and executive surfaces
- Operate security, billing, and customer support functions
4. Categories of Data Subjects
- Customer's employees and authorized users
- Customer's customers, partners, prospects (as entered into the Service)
- Customer's vendors and counterparties
5. Categories of Personal Data
- Contact information (name, email, phone)
- Professional information (title, company, role)
- Commercial information (deal values, terms — pseudonymized where possible)
- Authentication credentials (hashed)
- Usage logs and audit trails
Special Categories: Dealix does NOT process special category data (health, religion, etc.) unless explicitly agreed in writing with additional safeguards.
6. Processor Obligations
Dealix shall:
- Process Personal Data only on documented Customer instructions
- Ensure persons authorized to process are under confidentiality
- Implement appropriate technical and organizational measures (see Annex II)
- Not engage sub-processors without Customer prior authorization
- Assist Customer in responding to Data Subject requests
- Notify Customer of Personal Data breach within 72 hours of awareness
- Delete or return Personal Data at end of Service
7. Sub-Processors
Current authorized sub-processors listed in Annex III. Changes notified 30 days in advance; Customer may object.
Example sub-processors:
- AWS (me-south-1 Bahrain) — infrastructure
- Resend / Postmark — transactional email
- Groq / OpenAI / Anthropic — AI inference (with data controls)
- Stripe / Moyasar — payment processing
8. International Transfers
Primary processing: AWS me-south-1 (Bahrain).
Transfers outside GCC:
- Only to sub-processors with documented equivalent protections
- Subject to Standard Contractual Clauses or PDPL-compliant transfer mechanisms
- LLM inference: input data tokenized per vendor DPA (e.g., OpenAI zero-retention tier, Anthropic enterprise)
9. Data Subject Rights
Dealix will assist Customer in responding to requests for:
- Access
- Rectification
- Erasure
- Restriction
- Portability
- Objection
- Withdrawal of consent
Response time: 10 business days from Customer instruction.
10. Audits
Customer may audit Dealix compliance once per 12-month period with 30 days notice. Audits limited to:
- Policies and procedures
- Third-party audit reports (SOC 2, ISO 27001, etc.) in lieu of on-site audit
- Aggregated security evidence
11. Liability
Liability for data processing breaches limited per main Terms of Service §11.
12. Governing Law
Same as main Terms of Service.
Annexes
Annex I — Processing Details
- Data subjects, categories, purposes (listed above)
Annex II — Technical and Organizational Measures
- Encryption: TLS 1.3 in transit, AES-256 at rest
- Access Control: RBAC + MFA for staff, JWT for API
- Isolation: PostgreSQL Row-Level Security per tenant
- Logging: Audit logs retained 7 years, immutable
- Backup: PITR with 30-day retention, cross-region DR
- Monitoring: OpenTelemetry, Sentry, 24/7 alerting
- Training: Annual security awareness for all staff
- Incident Response: Documented runbook, 72h breach notification
- Physical Security: AWS data center (SOC 2 Type II, ISO 27001)
Annex III — Sub-Processors
[Maintained at trust.dealix.sa/subprocessors]