Prox OS Internal Docs
TrustCompliance

EU GDPR Baseline

This document captures a high-level privacy and data protection baseline for

This document captures a high-level privacy and data protection baseline for future Prox Cloud operations in EU contexts.

It is product and operations guidance, not a formal legal determination. Prox OS must not claim full GDPR compliance, certification, or enterprise privacy automation until the legal, operational, vendor, and technical controls actually exist.

Privacy-by-design Principles

Prox OS treats GDPR as a source of product principles rather than as a scary launch blocker. The useful product language is:

Own your data. Export your data. Delete your data. Audit your agents. Move your apps.
PrincipleProduct meaningv0.1 baselineLater maturity
Data minimizationDo not collect data only because it may be useful later.Collect minimal waitlist, preview, and shell-local data.Data maps, retention schedules, and per-surface collection reviews.
User agencyUsers should understand what a Space, app, connector, or agent can access.Keep sensitive features mock-first and permission-labeled.Permission Center, consent history, revocation, and granular scopes.
ExportabilityUser-owned data should not be trapped inside Prox OS.Document export/delete intent before hosted accounts scale.Self-serve export, account deletion, and app data portability workflows.
AuditabilityAgent and connector actions should become reviewable events.No real autonomous execution in v0.1.Audit logs, run history, policy checks, and manual approval traces.
Regional clarityEU users should see clear hosting, processor, and transfer posture.Do not overstate data residency.EU region options, DPA, SCC review, and subprocessor list.

European Data Sovereignty Narrative

Prox OS should connect the European data-sovereignty story to visible product behavior:

  • private-by-default workspaces before public UGC scale;
  • explicit Spaces, apps, connectors, and agent scopes;
  • import/export and move-your-apps direction;
  • audit logs for future AI agent actions;
  • manual confirmation and revocation for sensitive operations;
  • clear vendor and analytics posture before broad beta or paid rollout.

This is not the same as claiming that Prox OS is already a certified compliance product. The correct posture is "privacy-by-design from day one, compliance automation later."

Agent Permissions And Auditability

AI agents make privacy posture product-critical. Future agents must operate with visible scopes and bounded authority.

ControlWhy it mattersCurrent postureFuture requirement
Permission scopesAgents should not inherit ambient access to every app or source.Docs and UI prototypes only.App, connector, data, and action scopes.
Least privilegeEach run should use the narrowest viable data and tool set.No real agent execution in v0.1.Scope review before execution.
Manual confirmationSensitive actions need human approval.Execute actions stay disabled/mock.Confirmation preview, risk summary, and undo/rollback where possible.
Cost limitsAI actions should not silently create uncontrolled spend.Pricing docs mark AI cost limits as future.Budgets, provider limits, and run caps.
RevocationUsers need to remove app, connector, or agent access.Permission Center is a prototype.Revocation, credential rotation, and app uninstall cleanup.
Audit logsUsers should see what agents read, wrote, or attempted.Activity/Audit surfaces are mock-first.Tamper-resistant operational history and exportable records.

v0.1 Privacy Baseline

AreaBaseline
Public previewUse public demo and waitlist language without promising hosted data guarantees that do not exist.
Invite-only betaKeep early access scoped, intentional, and privacy-aware rather than opening broad global signup.
WaitlistCollect only email, role/intent, and optional message fields that are useful for early user selection.
AnalyticsUse a privacy-conscious analytics posture if analytics is enabled. Do not assume PostHog, Sentry, Cloudflare Analytics, or similar tools are present without checking implementation and configuration.
Object storageKeep hosted private data private by default when storage exists.
Admin accessMinimize admin access and avoid storing sensitive preview data unnecessarily.
CookiesPrefer minimal cookies and document consent posture before broad public acquisition.
Privacy requestsDefine a contact channel and manual export/delete workflow before hosted accounts scale.

Future Compliance Automation

Future compliance work may include:

  • Data Processing Agreement inputs;
  • processor and subprocessor list;
  • Standard Contractual Clauses review where relevant;
  • EU region and data-residency options;
  • cookie consent and analytics preference flow;
  • data retention policy;
  • privacy request workflow;
  • breach response runbook;
  • app/connector permission history;
  • agent run audit export;
  • creator and marketplace data responsibility boundaries.

What Prox OS Does Not Claim Yet

Prox OS should not claim:

  • full GDPR compliance;
  • SOC 2, ISO, or enterprise compliance readiness;
  • automated privacy request fulfillment;
  • guaranteed EU-only processing;
  • complete subprocessor coverage;
  • production-grade agent audit enforcement;
  • real marketplace payout compliance;
  • universal data portability across third-party apps.

Those may become future capabilities after the product surface, hosted architecture, vendors, legal entity, and operational processes are concrete.

On this page