Skip to content

docs(privacy): OpenAI cross-border basis (PIA-1 APP 8)#530

Merged
BigSimmo merged 1 commit into
mainfrom
claude/cross-border-openai-disclosure-2f170b
Jul 12, 2026
Merged

docs(privacy): OpenAI cross-border basis (PIA-1 APP 8)#530
BigSimmo merged 1 commit into
mainfrom
claude/cross-border-openai-disclosure-2f170b

Conversation

@BigSimmo

Copy link
Copy Markdown
Owner

Summary

  • Records the contractual cross-border basis for disclosing query text + retrieved excerpts to OpenAI (US), closing the engineering side of PIA-1 (APP 8). Adds docs/openai-cross-border-basis.md and links it from the PIA-1 gap entry.
  • The remaining DPA execution / ZDR application is an operator + legal step — captured decision-ready with an operator checklist and a fill-in status block, not something code can do.
  • Key findings (verified 2026-07-13 against OpenAI's public docs):
    • the app's egress endpoints (/v1/responses with store:false, /v1/embeddings) are ZDR-eligible — neither is on OpenAI's ZDR exclusion list;
    • OpenAI now offers Australia API data residency (storage at rest; inference still US/Europe/UAE) — an option that postdates the PIA;
    • recommended APP 8 path = APP 8.1 "reasonable steps" via executed DPA + ZDR (+ optional AU residency), not consent — flagged as engineering interpretation for counsel.
  • Code line-refs re-verified against current main (rag.ts had drifted post-decomposition → now cites rag.ts:4220 + rag-source-block.ts:180).
  • APP 5/1 (the /privacy notice + composer reminder) is already live on main via Launch-readiness: privacy notice + /privacy page, health SLO probe, deps, runbooks #513; this PR only covers the outstanding APP 8 basis.

Docs-only. No source, config, schema, or data-flow change. The code follow-ups (ZDR / data-residency wiring) are documented as decision-gated and deliberately not made here — they touch the OpenAI request path and should not land before the legal decision.

Verification

  • prettier --check (the required format:check gate) — green on both docs
  • npm run verify:pr-localN/A / skipped: docs-only markdown, no runtime, build, UI, or eval surface changed. No .ts/.tsx/config touched.

Clinical Governance Preflight

Docs-only change; it documents the privacy posture and introduces no code or data workflow. The items below remain true (nothing in those areas changed):

  • Source-backed claims still require linked source verification before clinical use
  • No patient-identifiable document workflow was introduced or expanded without explicit governance approval
  • Supabase target remains Clinical KB Database (sjrfecxgysukkwxsowpy)
  • Service-role keys and private document access remain server-only
  • Demo/synthetic content remains clearly separated from real clinical sources
  • Source metadata, review status, and outdated/unknown-source behavior remain conservative
  • Deployment classification/TGA SaMD impact was checked when clinical decision-support behavior changed — no clinical behavior changed

Notes

  • The one genuinely open technical question is whether ZDR also zeroes the forced 24h gpt-5.5 prompt cache (determines whether PIA-6 is fully resolved by ZDR or merely mitigated) — to be confirmed in writing with OpenAI and recorded in the status block.

🤖 Generated with Claude Code

Capture the contractual cross-border basis for disclosing query text +
retrieved excerpts to OpenAI (US) as a decision-ready record, closing the
engineering side of PIA-1. The remaining DPA execution / ZDR application is
an operator+legal step and is tracked with a fill-in status block.

Key findings (verified 2026-07-13 against OpenAI's public docs):
- the app's egress endpoints (/v1/responses store:false, /v1/embeddings)
  are ZDR-eligible — neither is on OpenAI's ZDR exclusion list;
- OpenAI now offers Australia API data residency (storage at rest;
  inference still US/Europe/UAE) — an option that postdates the PIA;
- recommended APP 8 path = APP 8.1 "reasonable steps" via executed DPA +
  ZDR (+ optional AU residency), not consent — flagged for counsel.

APP 5/1 (the /privacy collection notice + composer reminder) is already
live on main via #513; this only covers the outstanding APP 8 basis.

Adds docs/openai-cross-border-basis.md and links it from the PIA-1 gap
entry. Docs-only; code follow-ups (ZDR/residency wiring) are documented
as decision-gated, not made here.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@supabase

supabase Bot commented Jul 12, 2026

Copy link
Copy Markdown

This pull request has been ignored for the connected project sjrfecxgysukkwxsowpy because there are no changes detected in supabase directory. You can change this behaviour in Project Integrations Settings ↗︎.


Preview Branches by Supabase.
Learn more about Supabase Branching ↗︎.

@coderabbitai

coderabbitai Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

Warning

Review limit reached

@BigSimmo, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 29 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 39faaf89-fc46-4984-87a3-c8ff61a89253

📥 Commits

Reviewing files that changed from the base of the PR and between 33edba1 and 14a155a.

📒 Files selected for processing (2)
  • docs/openai-cross-border-basis.md
  • docs/privacy-impact-assessment.md
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch claude/cross-border-openai-disclosure-2f170b
✨ Simplify code
  • Create PR with simplified code
  • Commit simplified code in branch claude/cross-border-openai-disclosure-2f170b

Comment @coderabbitai help to get the list of available commands.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 14a155aabc

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread docs/openai-cross-border-basis.md
Comment thread docs/openai-cross-border-basis.md
@BigSimmo
BigSimmo enabled auto-merge (squash) July 12, 2026 17:55
@BigSimmo

Copy link
Copy Markdown
Owner Author

@codex resolve all comments

@chatgpt-codex-connector

Copy link
Copy Markdown

Summary

  • Resolved the P1 review by expanding the OpenAI cross-border basis from “query text + excerpts only” to include uploaded-document summaries and worker image/table classification context as PHI-bearing OpenAI egress paths. docs/openai-cross-border-basis.mdL17-L24 docs/openai-cross-border-basis.mdL41-L52
  • Clarified the ZDR position: query search, answer synthesis, and document summaries use ZDR-eligible /v1/embeddings or /v1/responses, while the worker image/table caption path still needs endpoint/model confirmation before uploaded-image PHI is marked ZDR-covered. docs/openai-cross-border-basis.mdL69-L77
  • Resolved the P2 review by making Australia data residency adoption require the AU regional endpoint (https://au.api.openai.com) and verification across every PHI-bearing OpenAI path. docs/openai-cross-border-basis.mdL160-L165
  • Aligned the PIA’s APP 8 data-residency and gap-register language with the broader OpenAI egress scope, including uploaded document excerpts, image bytes, nearby text, and table context. docs/privacy-impact-assessment.mdL262-L269 docs/privacy-impact-assessment.mdL326-L346
  • Committed changes on the current branch with commit 2fe4ac3 docs(privacy): include uploaded-document OpenAI egress.
  • Created the follow-up PR via make_pr with title docs(privacy): resolve OpenAI egress review comments.

Testing

  • npx prettier --check docs/openai-cross-border-basis.md docs/privacy-impact-assessment.md
  • git diff --check
  • ⚠️ npm run verify:pr-local -- --dry-run --files docs/openai-cross-border-basis.md,docs/privacy-impact-assessment.md — blocked by environment/tooling mismatch: current shell resolved Node v20.20.2 and tsx was not installed, while this repo requires Node 24.x/npm 11.x.

View task →

@BigSimmo
BigSimmo merged commit b81acc5 into main Jul 12, 2026
15 of 17 checks passed
@BigSimmo
BigSimmo deleted the claude/cross-border-openai-disclosure-2f170b branch July 13, 2026 16:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant