mirror of
https://github.com/x1xhlol/system-prompts-and-models-of-ai-tools.git
synced 2026-06-18 15:29:36 +00:00
40ab7b86c2
PHASE 1 COMPLETION:
TASK-005 — Live gitleaks scan:
Scanned 146 commits with gitleaks v8.20.1
Result: 1 finding — FALSE POSITIVE (model name llama-3.1-70b-versatile
in test fixture, not an API key)
Added to .gitleaksignore
rotation_log.md updated with scan results
VERDICT: No real secrets in git history — repo clean for extraction
TASK-006 — Legal templates (bilingual):
docs/legal/templates/IP_ASSIGNMENT_AGREEMENT.md — bilingual IP assignment
docs/legal/templates/PRIVACY_POLICY_EN.md — PDPL/GDPR-aware template
docs/legal/templates/PRIVACY_POLICY_AR.md — Arabic privacy policy
docs/legal/templates/TERMS_OF_SERVICE_EN.md — SaaS ToS with MENA pricing
docs/legal/templates/DPA_EN.md — Data Processing Agreement with annexes
All marked as "DRAFT — must be reviewed by Saudi counsel before use"
TASK-006 — Trademark Filing Kit:
docs/legal/templates/TRADEMARK_FILING_KIT.md
Covers: DEALIX (Latin) + ديلكس (Arabic) + logo
Classes 9, 42, 35 across KSA, UAE, Egypt, Jordan, Kuwait
Application text ready to paste into SAIP + equivalents
Agent recommendations (AGIP, Saba, Bird & Bird, Al Tamimi)
Budget: ~90-120K SAR for full MENA coverage
Founder Decision Package:
FOUNDER_DECISION_PACKAGE.md — single file with 4 decisions:
1. GitHub org name (recommend: dealix-io)
2. Entity structure (MISA vs DIFC vs ADGM)
3. Saudi counsel engagement (15-30K SAR)
4. Trademark filing (30-50K SAR initial)
Total founder time to unblock: ~1 week + ~50K SAR
PHASE 2 FOUNDATION:
DEALIX_PHASE2_BLUEPRINT.md — 18-month category leadership plan:
10 parallel streams (Frontend, Product, AI, Enterprise, Integrations,
Scale, Commercial, Customer Platform, Trust, Category POV)
Executable NOW vs Requires External Services vs Wait-for-PMF
Phase 2 completion criteria (NPS >=50, NRR >=120%, etc.)
TASK-F201 — Design System foundation (scaffolded):
packages/design-system/tokens/primitive.json — W3C Design Tokens format:
Brand palette (50-900), neutral (50-950), critical/warning/success/info
Space, radius, motion (duration + easing) tokens
Typography with Arabic fontFamily + arabic-adjustment (1.15) for size
Arabic line-height (1.8) for diacritics
packages/design-system/tokens/semantic.json — light + dark themes:
surface, fg, border, interactive, status semantic layers
packages/design-system/README.md — principles + integration guide
TASK-CAT1340 (prep) — @dealix/arabic-ui package (scaffolded):
packages/arabic-ui/src/normalize.ts:
Diacritic-insensitive search (fatha/kasra/damma stripped)
Hamza variants normalized (أ/إ/آ → ا)
Waw-hamza, ya-hamza, taa-marbuta, alef-maksura handled
arabicMatch() + arabicCompare() helpers
packages/arabic-ui/src/numerals.ts:
Western/Arabic-Indic/Eastern Arabic-Indic conversion
formatCurrency() for SAR/AED/EGP/USD/JOD/KWD
formatNumber() with locale awareness
packages/arabic-ui/src/direction.ts:
detectDirection() via Unicode bidi algorithm
isolate() using U+2068/U+2069 for mixed-direction content
isRTL() locale check
hasArabic() presence check
Future: release as OSS after 12 months of internal use
TASK-CAT1310 — Manifesto (bilingual draft):
marketing/manifesto.md — 4 principles in Arabic + English:
1. Arabic first, not Arabic translated
2. Decisions backed by evidence, not opinion
3. AI recommends, systems commit, humans approve
4. Saudi compliance built-in, not bolted on
Publication target: dealix.io/manifesto + dealix.io/بيان
TASK-CAT1320 — Dealix Labs (scaffolded):
docs/labs/README.md — research program structure:
Annual State of Arabic Enterprise AI report
Quarterly Arabic LLM Benchmarks
OTel semantic conventions proposal
Open source: @dealix/arabic-ui + @dealix/design-system
TRUTH.yaml updated:
Added Phase 2 capabilities section (all as 'partial' or 'roadmap')
Added ISO 27001/17/18 and bug bounty to security_claims (all false)
All gates GREEN:
Architecture Brief: 40/40
Release Readiness Matrix: 71/71 (up from 53/53)
Release Readiness Gate (blueprint): PASS
Truth Registry Validator: VALID
https://claude.ai/code/session_01W1rJthWDkasijTdXCfxVHs
149 lines
4.2 KiB
Markdown
149 lines
4.2 KiB
Markdown
# Data Processing Agreement (DPA) — Dealix (Template)
|
|
|
|
> **DISCLAIMER**: Template only. Must be reviewed by qualified Saudi counsel before execution.
|
|
> **Version**: 1.0 DRAFT
|
|
|
|
---
|
|
|
|
## Parties
|
|
|
|
**Data Controller**: [Customer Legal Entity] ("Customer")
|
|
**Data Processor**: [Dealix Legal Entity] ("Dealix")
|
|
|
|
**Effective Date**: [DATE]
|
|
|
|
---
|
|
|
|
## 1. Subject Matter
|
|
|
|
This DPA governs processing of Personal Data by Dealix on behalf of Customer in connection with the Service defined in the Master Services Agreement / Terms of Service.
|
|
|
|
---
|
|
|
|
## 2. Duration
|
|
|
|
For the duration of the Service subscription + retention periods specified in the Privacy Policy.
|
|
|
|
---
|
|
|
|
## 3. Nature and Purpose of Processing
|
|
|
|
Dealix processes Personal Data to:
|
|
- Execute customer-initiated workflows (partner intake, dossier, approvals)
|
|
- Generate evidence packs and audit trails
|
|
- Provide reporting and executive surfaces
|
|
- Operate security, billing, and customer support functions
|
|
|
|
---
|
|
|
|
## 4. Categories of Data Subjects
|
|
|
|
- Customer's employees and authorized users
|
|
- Customer's customers, partners, prospects (as entered into the Service)
|
|
- Customer's vendors and counterparties
|
|
|
|
---
|
|
|
|
## 5. Categories of Personal Data
|
|
|
|
- Contact information (name, email, phone)
|
|
- Professional information (title, company, role)
|
|
- Commercial information (deal values, terms — pseudonymized where possible)
|
|
- Authentication credentials (hashed)
|
|
- Usage logs and audit trails
|
|
|
|
**Special Categories**: Dealix does NOT process special category data (health, religion, etc.) unless explicitly agreed in writing with additional safeguards.
|
|
|
|
---
|
|
|
|
## 6. Processor Obligations
|
|
|
|
Dealix shall:
|
|
1. Process Personal Data only on documented Customer instructions
|
|
2. Ensure persons authorized to process are under confidentiality
|
|
3. Implement appropriate technical and organizational measures (see Annex II)
|
|
4. Not engage sub-processors without Customer prior authorization
|
|
5. Assist Customer in responding to Data Subject requests
|
|
6. Notify Customer of Personal Data breach within 72 hours of awareness
|
|
7. Delete or return Personal Data at end of Service
|
|
|
|
---
|
|
|
|
## 7. Sub-Processors
|
|
|
|
Current authorized sub-processors listed in Annex III. Changes notified 30 days in advance; Customer may object.
|
|
|
|
Example sub-processors:
|
|
- AWS (me-south-1 Bahrain) — infrastructure
|
|
- Resend / Postmark — transactional email
|
|
- Groq / OpenAI / Anthropic — AI inference (with data controls)
|
|
- Stripe / Moyasar — payment processing
|
|
|
|
---
|
|
|
|
## 8. International Transfers
|
|
|
|
Primary processing: AWS me-south-1 (Bahrain).
|
|
|
|
Transfers outside GCC:
|
|
- Only to sub-processors with documented equivalent protections
|
|
- Subject to Standard Contractual Clauses or PDPL-compliant transfer mechanisms
|
|
- LLM inference: input data tokenized per vendor DPA (e.g., OpenAI zero-retention tier, Anthropic enterprise)
|
|
|
|
---
|
|
|
|
## 9. Data Subject Rights
|
|
|
|
Dealix will assist Customer in responding to requests for:
|
|
- Access
|
|
- Rectification
|
|
- Erasure
|
|
- Restriction
|
|
- Portability
|
|
- Objection
|
|
- Withdrawal of consent
|
|
|
|
Response time: 10 business days from Customer instruction.
|
|
|
|
---
|
|
|
|
## 10. Audits
|
|
|
|
Customer may audit Dealix compliance once per 12-month period with 30 days notice. Audits limited to:
|
|
- Policies and procedures
|
|
- Third-party audit reports (SOC 2, ISO 27001, etc.) in lieu of on-site audit
|
|
- Aggregated security evidence
|
|
|
|
---
|
|
|
|
## 11. Liability
|
|
|
|
Liability for data processing breaches limited per main Terms of Service §11.
|
|
|
|
---
|
|
|
|
## 12. Governing Law
|
|
|
|
Same as main Terms of Service.
|
|
|
|
---
|
|
|
|
## Annexes
|
|
|
|
### Annex I — Processing Details
|
|
- Data subjects, categories, purposes (listed above)
|
|
|
|
### Annex II — Technical and Organizational Measures
|
|
1. **Encryption**: TLS 1.3 in transit, AES-256 at rest
|
|
2. **Access Control**: RBAC + MFA for staff, JWT for API
|
|
3. **Isolation**: PostgreSQL Row-Level Security per tenant
|
|
4. **Logging**: Audit logs retained 7 years, immutable
|
|
5. **Backup**: PITR with 30-day retention, cross-region DR
|
|
6. **Monitoring**: OpenTelemetry, Sentry, 24/7 alerting
|
|
7. **Training**: Annual security awareness for all staff
|
|
8. **Incident Response**: Documented runbook, 72h breach notification
|
|
9. **Physical Security**: AWS data center (SOC 2 Type II, ISO 27001)
|
|
|
|
### Annex III — Sub-Processors
|
|
[Maintained at trust.dealix.sa/subprocessors]
|