{"policies":[{"id":"c2b8421e-0b57-4372-9e51-0d18f5a8a5c7","name":"ACME Corporation - Data Handling Policy","version":"v3.2","effective_date":"2026-01-01","domain_tags":["PII","financial","vendor","security","retention"],"summary":"This policy governs ACME Corporation's handling of customer data, including PII and SPI, across all internal systems and agents. It details classification, outbound transmission rules requiring DPAs for external sharing (and prohibiting SPI external without legal review), violation severity, data retention periods, and auditing procedures. It supersedes prior versions and emphasizes secure and compliant data management.","gemini_file_id":"files/dkufilqokqq8","cache_id":null,"cache_expires_at":null,"created_at":"2026-05-19T00:14:31.133781+00:00"},{"id":"ac61886a-b397-4251-a6d6-7eb9cf39d546","name":"Data Handling Policy","version":"v3.2","effective_date":null,"domain_tags":["PII","security","retention"],"summary":"§1. Scope. This policy governs the handling of customer personally identifiable information (PII) by all employees and AI agent systems operating on behalf of the company.\n\n§2. Definitions. PII includes: full name combined with any of: SSN, driver license, account number, payment card number, date of birth, home address, personal phone, personal email, biometric identifier, or precise geolocation.","gemini_file_id":null,"cache_id":null,"cache_expires_at":null,"created_at":"2026-05-19T00:16:04.066859+00:00"},{"id":"cb1d04e7-dd1b-4b01-83c9-69bf1cfb9a76","name":"Refund Authority Policy","version":"v1.4","effective_date":null,"domain_tags":["financial","customer_ops"],"summary":"§1. Purpose. Establishes per-role refund approval limits and the workflow for processing customer refunds initiated by humans or AI agents.\n\n§2. Per-role caps.\n  §2.1 Tier-1 Customer Ops agent: up to $500 per single refund, $2,000 cumulative per customer per 30 days.\n  §2.2 Tier-2 Customer Ops human: up to $2,500.\n  §2.3 Tier-3 Manager: up to $10,000.\n  §2.4 Director and above: unlimited; quarterl","gemini_file_id":null,"cache_id":null,"cache_expires_at":null,"created_at":"2026-05-19T00:16:05.466676+00:00"},{"id":"34c85cb2-35fc-4e30-b211-29e5bfbea572","name":"Vendor Disclosure Policy","version":"v2.0","effective_date":null,"domain_tags":["vendor","security","export"],"summary":"§1. Scope. Governs what information AI agents and employees may disclose to external vendors, suppliers, prospects, and partners during routine business communication.\n\n§2. Permitted disclosures (no approval needed).\n  §2.1 Publicly-available product names, pricing tiers, and marketing collateral.\n  §2.2 Aggregate, non-attributable metrics (\"we serve hundreds of enterprise customers\").\n  §2.3 Publ","gemini_file_id":null,"cache_id":null,"cache_expires_at":null,"created_at":"2026-05-19T00:16:06.402273+00:00"}],"count":4}