mancitrus/system-prompts-and-models-of-ai-tools
1
0
Fork 0
mirror of https://github.com/x1xhlol/system-prompts-and-models-of-ai-tools.git synced 2026-06-18 15:29:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
552e562de5
system-prompts-and-models-o.../salesflow-saas/memory/security/pdpl-checklist.md
Claude a329957a3b
feat: Add AI engine, PDPL compliance, sequences, CPQ, and governance layers 
Phase 1-6 implementation for Dealix AI Revenue OS:

- AI Arabic Engine: NLP (arabic_nlp.py), lead scoring (lead_scoring.py)
- PDPL Compliance: consent manager, data rights handler, consent model
- Sequence Engine: multi-channel sequences with WhatsApp/Email/SMS
- CPQ System: quote engine, AI proposal generator
- Security Gate: pre-release checks, PDPL message validation
- Tool Verification: agent action audit trail
- Project Operating Files: AGENTS.md, CLAUDE.md
- Project Memory: architecture, ADRs, provider routing, PDPL checklist
- Design System: IBM Plex Sans Arabic tokens, RTL-safe components
- Sequence/Consent models for database

https://claude.ai/code/session_01LsnvBa7HwF5hs99VZbgLGj
2026-04-11 07:40:39 +00:00

1.5 KiB
Raw Blame History

PDPL Compliance Checklist

Type: security Date: 2026-04-11 Status: active Owner: compliance team

Pre-Launch Requirements

Consent Management

  • Consent recorded before any data processing
  • Consent purpose is specific (marketing/sales/service/analytics)
  • Consent channel tracked (WhatsApp/email/SMS/phone)
  • Re-consent triggered when purpose changes
  • Consent expiry enforced (12 months default)
  • Consent audit trail complete

Data Subject Rights

  • Right to access: export all personal data as JSON
  • Right to correction: update with audit trail
  • Right to deletion: soft-delete + 30-day hard-delete
  • Right to restrict processing: flag and enforce
  • Response within 30 days of request

Cross-Border Transfer

  • All data stored in Saudi/GCC data centers
  • No personal data sent to non-adequate countries without consent
  • Transfer safeguards documented

Security

  • Data encryption at rest (PostgreSQL TDE or app-level)
  • Data encryption in transit (TLS 1.3)
  • Access control: role-based, tenant-isolated
  • Audit logs for all data access
  • Breach notification procedure documented

Penalties

  • Up to SAR 5,000,000 per violation
  • Double for repeat offenses
  • Up to 1 year imprisonment for unauthorized cross-border transfers

SDAIA Registration

  • Register on National Data Governance Platform
  • Appoint Data Protection Officer
  • Document processing activities
  • Conduct Data Protection Impact Assessment