home / skills / jeremylongshore / claude-code-plugins-plus-skills / instantly-data-handling

instantly-data-handling skill

needs review

/plugins/saas-packs/instantly-pack/skills/instantly-data-handling

This skill helps you implement Instantly data handling and GDPR/CCPA compliance patterns for secure PII redaction, retention, and auditing.

npx playbooks add skill jeremylongshore/claude-code-plugins-plus-skills --skill instantly-data-handling

Review the files below or copy the command above to add this skill to your agents.

Files (1)

SKILL.md

5.6 KB

---
name: instantly-data-handling
description: |
  Implement Instantly PII handling, data retention, and GDPR/CCPA compliance patterns.
  Use when handling sensitive data, implementing data redaction, configuring retention policies,
  or ensuring compliance with privacy regulations for Instantly integrations.
  Trigger with phrases like "instantly data", "instantly PII",
  "instantly GDPR", "instantly data retention", "instantly privacy", "instantly CCPA".
allowed-tools: Read, Write, Edit
version: 1.0.0
license: MIT
author: Jeremy Longshore <[email protected]>
---

# Instantly Data Handling

## Overview
Handle sensitive data correctly when integrating with Instantly.

## Prerequisites
- Understanding of GDPR/CCPA requirements
- Instantly SDK with data export capabilities
- Database for audit logging
- Scheduled job infrastructure for cleanup

## Data Classification

| Category | Examples | Handling |
|----------|----------|----------|
| PII | Email, name, phone | Encrypt, minimize |
| Sensitive | API keys, tokens | Never log, rotate |
| Business | Usage metrics | Aggregate when possible |
| Public | Product names | Standard handling |

## PII Detection

```typescript
const PII_PATTERNS = [
  { type: 'email', regex: /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/g },
  { type: 'phone', regex: /\b\d{3}[-.]?\d{3}[-.]?\d{4}\b/g },
  { type: 'ssn', regex: /\b\d{3}-\d{2}-\d{4}\b/g },
  { type: 'credit_card', regex: /\b\d{4}[- ]?\d{4}[- ]?\d{4}[- ]?\d{4}\b/g },
];

function detectPII(text: string): { type: string; match: string }[] {
  const findings: { type: string; match: string }[] = [];

  for (const pattern of PII_PATTERNS) {
    const matches = text.matchAll(pattern.regex);
    for (const match of matches) {
      findings.push({ type: pattern.type, match: match[0] });
    }
  }

  return findings;
}
```

## Data Redaction

```typescript
function redactPII(data: Record<string, any>): Record<string, any> {
  const sensitiveFields = ['email', 'phone', 'ssn', 'password', 'apiKey'];
  const redacted = { ...data };

  for (const field of sensitiveFields) {
    if (redacted[field]) {
      redacted[field] = '[REDACTED]';
    }
  }

  return redacted;
}

// Use in logging
console.log('Instantly request:', redactPII(requestData));
```

## Data Retention Policy

### Retention Periods
| Data Type | Retention | Reason |
|-----------|-----------|--------|
| API logs | 30 days | Debugging |
| Error logs | 90 days | Root cause analysis |
| Audit logs | 7 years | Compliance |
| PII | Until deletion request | GDPR/CCPA |

### Automatic Cleanup

```typescript
async function cleanupInstantlyData(retentionDays: number): Promise<void> {
  const cutoff = new Date();
  cutoff.setDate(cutoff.getDate() - retentionDays);

  await db.instantlyLogs.deleteMany({
    createdAt: { $lt: cutoff },
    type: { $nin: ['audit', 'compliance'] },
  });
}

// Schedule daily cleanup
cron.schedule('0 3 * * *', () => cleanupInstantlyData(30));
```

## GDPR/CCPA Compliance

### Data Subject Access Request (DSAR)

```typescript
async function exportUserData(userId: string): Promise<DataExport> {
  const instantlyData = await instantlyClient.getUserData(userId);

  return {
    source: 'Instantly',
    exportedAt: new Date().toISOString(),
    data: {
      profile: instantlyData.profile,
      activities: instantlyData.activities,
      // Include all user-related data
    },
  };
}
```

### Right to Deletion

```typescript
async function deleteUserData(userId: string): Promise<DeletionResult> {
  // 1. Delete from Instantly
  await instantlyClient.deleteUser(userId);

  // 2. Delete local copies
  await db.instantlyUserCache.deleteMany({ userId });

  // 3. Audit log (required to keep)
  await auditLog.record({
    action: 'GDPR_DELETION',
    userId,
    service: 'instantly',
    timestamp: new Date(),
  });

  return { success: true, deletedAt: new Date() };
}
```

## Data Minimization

```typescript
// Only request needed fields
const user = await instantlyClient.getUser(userId, {
  fields: ['id', 'name'], // Not email, phone, address
});

// Don't store unnecessary data
const cacheData = {
  id: user.id,
  name: user.name,
  // Omit sensitive fields
};
```

## Instructions

### Step 1: Classify Data
Categorize all Instantly data by sensitivity level.

### Step 2: Implement PII Detection
Add regex patterns to detect sensitive data in logs.

### Step 3: Configure Redaction
Apply redaction to sensitive fields before logging.

### Step 4: Set Up Retention
Configure automatic cleanup with appropriate retention periods.

## Output
- Data classification documented
- PII detection implemented
- Redaction in logging active
- Retention policy enforced

## Error Handling
| Issue | Cause | Solution |
|-------|-------|----------|
| PII in logs | Missing redaction | Wrap logging with redact |
| Deletion failed | Data locked | Check dependencies |
| Export incomplete | Timeout | Increase batch size |
| Audit gap | Missing entries | Review log pipeline |

## Examples

### Quick PII Scan
```typescript
const findings = detectPII(JSON.stringify(userData));
if (findings.length > 0) {
  console.warn(`PII detected: ${findings.map(f => f.type).join(', ')}`);
}
```

### Redact Before Logging
```typescript
const safeData = redactPII(apiResponse);
logger.info('Instantly response:', safeData);
```

### GDPR Data Export
```typescript
const userExport = await exportUserData('user-123');
await sendToUser(userExport);
```

## Resources
- [GDPR Developer Guide](https://gdpr.eu/developers/)
- [CCPA Compliance Guide](https://oag.ca.gov/privacy/ccpa)
- [Instantly Privacy Guide](https://docs.instantly.com/privacy)

## Next Steps
For enterprise access control, see `instantly-enterprise-rbac`.

Overview

This skill implements Instantly PII handling, data retention, and GDPR/CCPA compliance patterns for integrations with Instantly. It provides detection, redaction, retention automation, and DSAR/deletion workflows so you can protect sensitive data and meet regulatory obligations. Use it to reduce exposure in logs, enforce minimization, and automate cleanup and audit recording.

How this skill works

The skill scans text and payloads with configurable PII patterns (email, phone, SSN, credit card, etc.), redacts sensitive fields before logging, and applies retention rules to automatically purge non-compliant records. It ties to Instantly APIs for exports and deletions, records immutable audit entries, and schedules cleanup jobs for logs and caches. The components are modular so you can plug detection, redaction, retention, and DSAR handlers into existing pipelines.

When to use it

When integrating Instantly and handling user profiles, messages, or logs that may contain PII.
When you must deliver GDPR/CCPA data exports or process deletion requests.
When you need automated retention and scheduled cleanup for debug, error, or audit logs.
When you want to prevent sensitive tokens or API keys from ever being logged.
When implementing data minimization to only request and store required fields.

Best practices

Classify incoming Instantly data into PII, sensitive, business, and public categories before processing.
Run regex-based PII detection at ingestion and redact identified fields prior to any logging or external storage.
Never log API keys or tokens; treat credentials as ephemeral and enforce rotation.
Keep immutable audit logs separate and retain them per compliance needs while purging other records on schedule.
Limit fields requested from Instantly to the minimum required and avoid storing unnecessary attributes.

Example use cases

Scan webhook payloads for email and phone numbers and redact them before writing to application logs.
Provide a one-click DSAR export that compiles Instantly profile and activity data for a user and returns a downloadable archive.
Handle a right-to-deletion request by deleting from Instantly, clearing local caches, and writing a GDPR_DELETION audit entry.
Schedule nightly cleanup to delete API logs older than 30 days while preserving audit records for compliance.
Detect accidental PII leaks in free-text fields and alert security or redact automatically.

FAQ

How are audit logs treated differently from other logs?

Audit logs are preserved according to compliance requirements (typically longer retention) and excluded from automatic deletion rules while other logs follow configured retention periods.

What PII patterns are supported by default?

The default set includes email, phone, SSN, and common credit card patterns; you can extend the regex list to cover additional formats.

How does the deletion workflow ensure completeness?

The workflow deletes data from Instantly, purges local caches, and records an immutable audit entry; retries and dependency checks handle transient failures.