mancitrus/system-prompts-and-models-of-ai-tools
1
0
Fork 0
mirror of https://github.com/x1xhlol/system-prompts-and-models-of-ai-tools.git synced 2026-06-18 07:19:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
ba5cd75466
system-prompts-and-models-o.../salesflow-saas/docs/legal/templates/DPA_EN.md
Claude 40ab7b86c2
feat(dealix): Phase 1 completion + Phase 2 foundation scaffolded 
PHASE 1 COMPLETION:

TASK-005 — Live gitleaks scan:
  Scanned 146 commits with gitleaks v8.20.1
  Result: 1 finding — FALSE POSITIVE (model name llama-3.1-70b-versatile
    in test fixture, not an API key)
  Added to .gitleaksignore
  rotation_log.md updated with scan results
  VERDICT: No real secrets in git history — repo clean for extraction

TASK-006 — Legal templates (bilingual):
  docs/legal/templates/IP_ASSIGNMENT_AGREEMENT.md — bilingual IP assignment
  docs/legal/templates/PRIVACY_POLICY_EN.md — PDPL/GDPR-aware template
  docs/legal/templates/PRIVACY_POLICY_AR.md — Arabic privacy policy
  docs/legal/templates/TERMS_OF_SERVICE_EN.md — SaaS ToS with MENA pricing
  docs/legal/templates/DPA_EN.md — Data Processing Agreement with annexes
  All marked as "DRAFT — must be reviewed by Saudi counsel before use"

TASK-006 — Trademark Filing Kit:
  docs/legal/templates/TRADEMARK_FILING_KIT.md
  Covers: DEALIX (Latin) + ديلكس (Arabic) + logo
  Classes 9, 42, 35 across KSA, UAE, Egypt, Jordan, Kuwait
  Application text ready to paste into SAIP + equivalents
  Agent recommendations (AGIP, Saba, Bird & Bird, Al Tamimi)
  Budget: ~90-120K SAR for full MENA coverage

Founder Decision Package:
  FOUNDER_DECISION_PACKAGE.md — single file with 4 decisions:
    1. GitHub org name (recommend: dealix-io)
    2. Entity structure (MISA vs DIFC vs ADGM)
    3. Saudi counsel engagement (15-30K SAR)
    4. Trademark filing (30-50K SAR initial)
  Total founder time to unblock: ~1 week + ~50K SAR

PHASE 2 FOUNDATION:

DEALIX_PHASE2_BLUEPRINT.md — 18-month category leadership plan:
  10 parallel streams (Frontend, Product, AI, Enterprise, Integrations,
    Scale, Commercial, Customer Platform, Trust, Category POV)
  Executable NOW vs Requires External Services vs Wait-for-PMF
  Phase 2 completion criteria (NPS >=50, NRR >=120%, etc.)

TASK-F201 — Design System foundation (scaffolded):
  packages/design-system/tokens/primitive.json — W3C Design Tokens format:
    Brand palette (50-900), neutral (50-950), critical/warning/success/info
    Space, radius, motion (duration + easing) tokens
    Typography with Arabic fontFamily + arabic-adjustment (1.15) for size
    Arabic line-height (1.8) for diacritics
  packages/design-system/tokens/semantic.json — light + dark themes:
    surface, fg, border, interactive, status semantic layers
  packages/design-system/README.md — principles + integration guide

TASK-CAT1340 (prep) — @dealix/arabic-ui package (scaffolded):
  packages/arabic-ui/src/normalize.ts:
    Diacritic-insensitive search (fatha/kasra/damma stripped)
    Hamza variants normalized (أ/إ/آ → ا)
    Waw-hamza, ya-hamza, taa-marbuta, alef-maksura handled
    arabicMatch() + arabicCompare() helpers
  packages/arabic-ui/src/numerals.ts:
    Western/Arabic-Indic/Eastern Arabic-Indic conversion
    formatCurrency() for SAR/AED/EGP/USD/JOD/KWD
    formatNumber() with locale awareness
  packages/arabic-ui/src/direction.ts:
    detectDirection() via Unicode bidi algorithm
    isolate() using U+2068/U+2069 for mixed-direction content
    isRTL() locale check
    hasArabic() presence check
  Future: release as OSS after 12 months of internal use

TASK-CAT1310 — Manifesto (bilingual draft):
  marketing/manifesto.md — 4 principles in Arabic + English:
    1. Arabic first, not Arabic translated
    2. Decisions backed by evidence, not opinion
    3. AI recommends, systems commit, humans approve
    4. Saudi compliance built-in, not bolted on
  Publication target: dealix.io/manifesto + dealix.io/بيان

TASK-CAT1320 — Dealix Labs (scaffolded):
  docs/labs/README.md — research program structure:
    Annual State of Arabic Enterprise AI report
    Quarterly Arabic LLM Benchmarks
    OTel semantic conventions proposal
    Open source: @dealix/arabic-ui + @dealix/design-system

TRUTH.yaml updated:
  Added Phase 2 capabilities section (all as 'partial' or 'roadmap')
  Added ISO 27001/17/18 and bug bounty to security_claims (all false)

All gates GREEN:
  Architecture Brief: 40/40
  Release Readiness Matrix: 71/71 (up from 53/53)
  Release Readiness Gate (blueprint): PASS
  Truth Registry Validator: VALID

https://claude.ai/code/session_01W1rJthWDkasijTdXCfxVHs
2026-04-17 10:52:28 +00:00

4.2 KiB
Raw Blame History

Data Processing Agreement (DPA) — Dealix (Template)

DISCLAIMER: Template only. Must be reviewed by qualified Saudi counsel before execution. Version: 1.0 DRAFT

Parties

Data Controller: [Customer Legal Entity] ("Customer") Data Processor: [Dealix Legal Entity] ("Dealix")

Effective Date: [DATE]

1. Subject Matter

This DPA governs processing of Personal Data by Dealix on behalf of Customer in connection with the Service defined in the Master Services Agreement / Terms of Service.

2. Duration

For the duration of the Service subscription + retention periods specified in the Privacy Policy.

3. Nature and Purpose of Processing

Dealix processes Personal Data to:

  • Execute customer-initiated workflows (partner intake, dossier, approvals)
  • Generate evidence packs and audit trails
  • Provide reporting and executive surfaces
  • Operate security, billing, and customer support functions

4. Categories of Data Subjects

  • Customer's employees and authorized users
  • Customer's customers, partners, prospects (as entered into the Service)
  • Customer's vendors and counterparties

5. Categories of Personal Data

  • Contact information (name, email, phone)
  • Professional information (title, company, role)
  • Commercial information (deal values, terms — pseudonymized where possible)
  • Authentication credentials (hashed)
  • Usage logs and audit trails

Special Categories: Dealix does NOT process special category data (health, religion, etc.) unless explicitly agreed in writing with additional safeguards.

6. Processor Obligations

Dealix shall:

  1. Process Personal Data only on documented Customer instructions
  2. Ensure persons authorized to process are under confidentiality
  3. Implement appropriate technical and organizational measures (see Annex II)
  4. Not engage sub-processors without Customer prior authorization
  5. Assist Customer in responding to Data Subject requests
  6. Notify Customer of Personal Data breach within 72 hours of awareness
  7. Delete or return Personal Data at end of Service

7. Sub-Processors

Current authorized sub-processors listed in Annex III. Changes notified 30 days in advance; Customer may object.

Example sub-processors:

  • AWS (me-south-1 Bahrain) — infrastructure
  • Resend / Postmark — transactional email
  • Groq / OpenAI / Anthropic — AI inference (with data controls)
  • Stripe / Moyasar — payment processing

8. International Transfers

Primary processing: AWS me-south-1 (Bahrain).

Transfers outside GCC:

  • Only to sub-processors with documented equivalent protections
  • Subject to Standard Contractual Clauses or PDPL-compliant transfer mechanisms
  • LLM inference: input data tokenized per vendor DPA (e.g., OpenAI zero-retention tier, Anthropic enterprise)

9. Data Subject Rights

Dealix will assist Customer in responding to requests for:

  • Access
  • Rectification
  • Erasure
  • Restriction
  • Portability
  • Objection
  • Withdrawal of consent

Response time: 10 business days from Customer instruction.

10. Audits

Customer may audit Dealix compliance once per 12-month period with 30 days notice. Audits limited to:

  • Policies and procedures
  • Third-party audit reports (SOC 2, ISO 27001, etc.) in lieu of on-site audit
  • Aggregated security evidence

11. Liability

Liability for data processing breaches limited per main Terms of Service §11.

12. Governing Law

Same as main Terms of Service.

Annexes

Annex I — Processing Details

  • Data subjects, categories, purposes (listed above)

Annex II — Technical and Organizational Measures

  1. Encryption: TLS 1.3 in transit, AES-256 at rest
  2. Access Control: RBAC + MFA for staff, JWT for API
  3. Isolation: PostgreSQL Row-Level Security per tenant
  4. Logging: Audit logs retained 7 years, immutable
  5. Backup: PITR with 30-day retention, cross-region DR
  6. Monitoring: OpenTelemetry, Sentry, 24/7 alerting
  7. Training: Annual security awareness for all staff
  8. Incident Response: Documented runbook, 72h breach notification
  9. Physical Security: AWS data center (SOC 2 Type II, ISO 27001)

Annex III — Sub-Processors

[Maintained at trust.dealix.sa/subprocessors]