mirror of
https://github.com/x1xhlol/system-prompts-and-models-of-ai-tools.git
synced 2026-06-18 23:39:34 +00:00
40ab7b86c2
PHASE 1 COMPLETION:
TASK-005 — Live gitleaks scan:
Scanned 146 commits with gitleaks v8.20.1
Result: 1 finding — FALSE POSITIVE (model name llama-3.1-70b-versatile
in test fixture, not an API key)
Added to .gitleaksignore
rotation_log.md updated with scan results
VERDICT: No real secrets in git history — repo clean for extraction
TASK-006 — Legal templates (bilingual):
docs/legal/templates/IP_ASSIGNMENT_AGREEMENT.md — bilingual IP assignment
docs/legal/templates/PRIVACY_POLICY_EN.md — PDPL/GDPR-aware template
docs/legal/templates/PRIVACY_POLICY_AR.md — Arabic privacy policy
docs/legal/templates/TERMS_OF_SERVICE_EN.md — SaaS ToS with MENA pricing
docs/legal/templates/DPA_EN.md — Data Processing Agreement with annexes
All marked as "DRAFT — must be reviewed by Saudi counsel before use"
TASK-006 — Trademark Filing Kit:
docs/legal/templates/TRADEMARK_FILING_KIT.md
Covers: DEALIX (Latin) + ديلكس (Arabic) + logo
Classes 9, 42, 35 across KSA, UAE, Egypt, Jordan, Kuwait
Application text ready to paste into SAIP + equivalents
Agent recommendations (AGIP, Saba, Bird & Bird, Al Tamimi)
Budget: ~90-120K SAR for full MENA coverage
Founder Decision Package:
FOUNDER_DECISION_PACKAGE.md — single file with 4 decisions:
1. GitHub org name (recommend: dealix-io)
2. Entity structure (MISA vs DIFC vs ADGM)
3. Saudi counsel engagement (15-30K SAR)
4. Trademark filing (30-50K SAR initial)
Total founder time to unblock: ~1 week + ~50K SAR
PHASE 2 FOUNDATION:
DEALIX_PHASE2_BLUEPRINT.md — 18-month category leadership plan:
10 parallel streams (Frontend, Product, AI, Enterprise, Integrations,
Scale, Commercial, Customer Platform, Trust, Category POV)
Executable NOW vs Requires External Services vs Wait-for-PMF
Phase 2 completion criteria (NPS >=50, NRR >=120%, etc.)
TASK-F201 — Design System foundation (scaffolded):
packages/design-system/tokens/primitive.json — W3C Design Tokens format:
Brand palette (50-900), neutral (50-950), critical/warning/success/info
Space, radius, motion (duration + easing) tokens
Typography with Arabic fontFamily + arabic-adjustment (1.15) for size
Arabic line-height (1.8) for diacritics
packages/design-system/tokens/semantic.json — light + dark themes:
surface, fg, border, interactive, status semantic layers
packages/design-system/README.md — principles + integration guide
TASK-CAT1340 (prep) — @dealix/arabic-ui package (scaffolded):
packages/arabic-ui/src/normalize.ts:
Diacritic-insensitive search (fatha/kasra/damma stripped)
Hamza variants normalized (أ/إ/آ → ا)
Waw-hamza, ya-hamza, taa-marbuta, alef-maksura handled
arabicMatch() + arabicCompare() helpers
packages/arabic-ui/src/numerals.ts:
Western/Arabic-Indic/Eastern Arabic-Indic conversion
formatCurrency() for SAR/AED/EGP/USD/JOD/KWD
formatNumber() with locale awareness
packages/arabic-ui/src/direction.ts:
detectDirection() via Unicode bidi algorithm
isolate() using U+2068/U+2069 for mixed-direction content
isRTL() locale check
hasArabic() presence check
Future: release as OSS after 12 months of internal use
TASK-CAT1310 — Manifesto (bilingual draft):
marketing/manifesto.md — 4 principles in Arabic + English:
1. Arabic first, not Arabic translated
2. Decisions backed by evidence, not opinion
3. AI recommends, systems commit, humans approve
4. Saudi compliance built-in, not bolted on
Publication target: dealix.io/manifesto + dealix.io/بيان
TASK-CAT1320 — Dealix Labs (scaffolded):
docs/labs/README.md — research program structure:
Annual State of Arabic Enterprise AI report
Quarterly Arabic LLM Benchmarks
OTel semantic conventions proposal
Open source: @dealix/arabic-ui + @dealix/design-system
TRUTH.yaml updated:
Added Phase 2 capabilities section (all as 'partial' or 'roadmap')
Added ISO 27001/17/18 and bug bounty to security_claims (all false)
All gates GREEN:
Architecture Brief: 40/40
Release Readiness Matrix: 71/71 (up from 53/53)
Release Readiness Gate (blueprint): PASS
Truth Registry Validator: VALID
https://claude.ai/code/session_01W1rJthWDkasijTdXCfxVHs
170 lines
4.6 KiB
Markdown
170 lines
4.6 KiB
Markdown
# Privacy Policy — Dealix (Template)
|
|
|
|
> **DISCLAIMER**: Template only. Must be reviewed by qualified Saudi counsel before publication. Not legal advice.
|
|
> **Version**: 1.0 DRAFT
|
|
> **Effective Date**: [DATE]
|
|
> **Last Updated**: [DATE]
|
|
|
|
---
|
|
|
|
## 1. Who We Are
|
|
|
|
Dealix ("we", "us", "our") is operated by [LEGAL ENTITY NAME], a [LLC/company type] registered in [JURISDICTION] under commercial registration [CR NUMBER], with registered office at [ADDRESS].
|
|
|
|
Contact: privacy@dealix.sa | +966 [NUMBER]
|
|
|
|
Data Protection Officer (DPO): [NAME], [EMAIL]
|
|
|
|
---
|
|
|
|
## 2. Scope
|
|
|
|
This Privacy Policy explains how we collect, use, store, and disclose personal data when you:
|
|
- Use the Dealix platform (the "Service")
|
|
- Visit our website
|
|
- Interact with our team
|
|
|
|
This Policy is compliant with:
|
|
- Saudi Personal Data Protection Law (PDPL)
|
|
- UAE Personal Data Protection Law (if applicable)
|
|
- GDPR (where applicable to EU visitors)
|
|
|
|
---
|
|
|
|
## 3. Data We Collect
|
|
|
|
### 3.1 From Account Holders
|
|
- Name, email, phone number
|
|
- Company name, role, tax identification
|
|
- Authentication credentials (passwords hashed)
|
|
- Usage data (logs, activity, IP address)
|
|
|
|
### 3.2 From Workflow Execution
|
|
- Partner/vendor data entered into the Platform
|
|
- Deal data (values, terms, counterparties)
|
|
- Approval records with decision audit trail
|
|
- Evidence packs (hash-chained)
|
|
|
|
### 3.3 From Integrations
|
|
- Data from connected systems (WhatsApp, email, CRM) per integration scope and consent
|
|
|
|
### 3.4 Cookies and Tracking
|
|
- Session cookies (essential)
|
|
- Analytics cookies (with consent)
|
|
- We do not sell cookie data to third parties
|
|
|
|
---
|
|
|
|
## 4. Legal Basis for Processing (PDPL compliance)
|
|
|
|
We process personal data based on:
|
|
- **Consent** (explicit, withdrawable)
|
|
- **Contract performance** (to deliver the Service)
|
|
- **Legal obligation** (tax, audit, regulatory)
|
|
- **Legitimate interest** (security, fraud prevention)
|
|
|
|
---
|
|
|
|
## 5. How We Use Data
|
|
|
|
- Provide and improve the Service
|
|
- Process approvals and generate evidence packs
|
|
- Send transactional notifications
|
|
- Billing and payment processing
|
|
- Security monitoring and incident response
|
|
- Regulatory compliance (ZATCA, PDPL, NCA)
|
|
|
|
We do NOT:
|
|
- Sell personal data to third parties
|
|
- Use customer data to train public AI models
|
|
- Share data across tenants
|
|
|
|
---
|
|
|
|
## 6. Data Retention
|
|
|
|
| Category | Retention Period |
|
|
|----------|------------------|
|
|
| Account data | Duration of engagement + 2 years |
|
|
| Audit logs / evidence packs | 7 years (regulatory requirement) |
|
|
| Billing records | 10 years (tax law) |
|
|
| Marketing preferences | Until withdrawn |
|
|
| Session logs | 90 days |
|
|
|
|
Deletion requests per §8 are honored within 30 days, subject to legal retention obligations.
|
|
|
|
---
|
|
|
|
## 7. Data Sharing
|
|
|
|
We share personal data only with:
|
|
- **Sub-processors** (cloud hosting, email delivery) — listed at `/trust/subprocessors`
|
|
- **Professional advisors** (auditors, counsel) under confidentiality
|
|
- **Law enforcement** when legally compelled
|
|
|
|
All sub-processors sign a Data Processing Agreement (DPA) with equivalent protections.
|
|
|
|
---
|
|
|
|
## 8. Your Rights (PDPL Articles)
|
|
|
|
You have the right to:
|
|
- **Access** your personal data
|
|
- **Rectify** inaccurate data
|
|
- **Delete** your data (subject to retention obligations)
|
|
- **Restrict** processing
|
|
- **Port** your data (receive in machine-readable format)
|
|
- **Object** to processing based on legitimate interest
|
|
- **Withdraw consent** at any time
|
|
|
|
Exercise rights via: privacy@dealix.sa
|
|
|
|
We respond within 30 days.
|
|
|
|
---
|
|
|
|
## 9. Cross-Border Transfers
|
|
|
|
We primarily process data in **AWS me-south-1 (Bahrain)**. Transfers outside GCC are:
|
|
- Subject to Data Subject consent where required
|
|
- Protected by Standard Contractual Clauses or equivalent
|
|
- Disclosed in this Policy
|
|
|
|
---
|
|
|
|
## 10. Security
|
|
|
|
We implement:
|
|
- TLS 1.3 for data in transit
|
|
- AES-256 encryption at rest
|
|
- PostgreSQL Row-Level Security for tenant isolation
|
|
- Role-based access with MFA for staff
|
|
- Annual penetration testing
|
|
- SOC 2 Type II audit (in progress)
|
|
- PDPL-aligned controls
|
|
|
|
Breach notification: We notify affected users and the Saudi Data and AI Authority (SDAIA) within 72 hours of confirmed breach affecting personal data.
|
|
|
|
---
|
|
|
|
## 11. Children
|
|
|
|
The Service is for business use only. We do not knowingly collect data from anyone under 18.
|
|
|
|
---
|
|
|
|
## 12. Changes to This Policy
|
|
|
|
Material changes will be announced via in-app notification + email 30 days before effect. Historical versions are archived at `/trust/policy-archive`.
|
|
|
|
---
|
|
|
|
## 13. Contact and Complaints
|
|
|
|
Privacy concerns: **privacy@dealix.sa**
|
|
Data Protection Officer: **dpo@dealix.sa**
|
|
|
|
You may also lodge a complaint with:
|
|
- Saudi Data and AI Authority (SDAIA): https://sdaia.gov.sa
|
|
- Or the relevant data protection authority in your jurisdiction
|