mancitrus/system-prompts-and-models-of-ai-tools
1
0
Fork 0
mirror of https://github.com/x1xhlol/system-prompts-and-models-of-ai-tools.git synced 2026-06-17 23:09:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
dd57a80ded
system-prompts-and-models-o.../dealix/docs/SECURITY_PDPL_CHECKLIST.md
Sami Assiri f79c69ff25 ci(dealix): root GitHub workflows, ai-company track, full Dealix API tree 
Made-with: Cursor
2026-05-01 14:03:52 +03:00

1.6 KiB
Raw Blame History

Security & PDPL Checklist — Dealix

Data minimization

  • Collect only fields required for the revenue workflow.
  • Separate PII from embedding payloads unless explicitly allowed and documented.

Consent & suppression

  • Consent ledger for marketing / WhatsApp outreach.
  • Opt-out / suppression list enforced before any campaign or message draft batch.

Contactability

  • Channel-specific rules (email vs WhatsApp vs LinkedIn).
  • No cold WhatsApp; LinkedIn DMs not automated.

Audit

  • Audit logs for outbound drafts, approvals, and agent tool calls.
  • Correlation IDs on API requests (RequestIDMiddleware).

Secrets & embeddings

  • No secret indexing — block sk-, private keys, bearer tokens (see looks_like_secret, should_block_embedding).
  • No tokens in embeddings — redact before chunk upsert.

Supabase

  • Service role key only on server-side runtimes (Railway/Render/Fly/VPS).
  • RLS enabled; policies reviewed before any client exposure.
  • Retention policy for logs, embeddings refresh, and deletion requests.

Data subject rights

  • Export process documented.
  • Delete process documented (including vectors and CRM mirrors).

Outbound messaging

  • Approval-required for Gmail send, WhatsApp send, calendar create.
  • Admin-only tools for project memory bulk reindex in production.

Approval-required messaging (product)

  • Personal Operator endpoints return approval_required: true on drafts by design.
  • Calendar route documents Arabic + English notes that real creation needs explicit approval.