playbooks

home / skills / jeremylongshore / claude-code-plugins-plus-skills / perplexity-data-handling

perplexity-data-handling skill

/plugins/saas-packs/perplexity-pack/skills/perplexity-data-handling

This skill helps you implement Perplexity data handling to protect PII, enforce retention, and ensure GDPR/CCPA compliance.

npx playbooks add skill jeremylongshore/claude-code-plugins-plus-skills --skill perplexity-data-handling

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
5.6 KB
---
name: perplexity-data-handling
description: |
  Implement Perplexity PII handling, data retention, and GDPR/CCPA compliance patterns.
  Use when handling sensitive data, implementing data redaction, configuring retention policies,
  or ensuring compliance with privacy regulations for Perplexity integrations.
  Trigger with phrases like "perplexity data", "perplexity PII",
  "perplexity GDPR", "perplexity data retention", "perplexity privacy", "perplexity CCPA".
allowed-tools: Read, Write, Edit
version: 1.0.0
license: MIT
author: Jeremy Longshore <[email protected]>
---

# Perplexity Data Handling

## Overview
Handle sensitive data correctly when integrating with Perplexity.

## Prerequisites
- Understanding of GDPR/CCPA requirements
- Perplexity SDK with data export capabilities
- Database for audit logging
- Scheduled job infrastructure for cleanup

## Data Classification

| Category | Examples | Handling |
|----------|----------|----------|
| PII | Email, name, phone | Encrypt, minimize |
| Sensitive | API keys, tokens | Never log, rotate |
| Business | Usage metrics | Aggregate when possible |
| Public | Product names | Standard handling |

## PII Detection

```typescript
const PII_PATTERNS = [
  { type: 'email', regex: /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/g },
  { type: 'phone', regex: /\b\d{3}[-.]?\d{3}[-.]?\d{4}\b/g },
  { type: 'ssn', regex: /\b\d{3}-\d{2}-\d{4}\b/g },
  { type: 'credit_card', regex: /\b\d{4}[- ]?\d{4}[- ]?\d{4}[- ]?\d{4}\b/g },
];

function detectPII(text: string): { type: string; match: string }[] {
  const findings: { type: string; match: string }[] = [];

  for (const pattern of PII_PATTERNS) {
    const matches = text.matchAll(pattern.regex);
    for (const match of matches) {
      findings.push({ type: pattern.type, match: match[0] });
    }
  }

  return findings;
}
```

## Data Redaction

```typescript
function redactPII(data: Record<string, any>): Record<string, any> {
  const sensitiveFields = ['email', 'phone', 'ssn', 'password', 'apiKey'];
  const redacted = { ...data };

  for (const field of sensitiveFields) {
    if (redacted[field]) {
      redacted[field] = '[REDACTED]';
    }
  }

  return redacted;
}

// Use in logging
console.log('Perplexity request:', redactPII(requestData));
```

## Data Retention Policy

### Retention Periods
| Data Type | Retention | Reason |
|-----------|-----------|--------|
| API logs | 30 days | Debugging |
| Error logs | 90 days | Root cause analysis |
| Audit logs | 7 years | Compliance |
| PII | Until deletion request | GDPR/CCPA |

### Automatic Cleanup

```typescript
async function cleanupPerplexityData(retentionDays: number): Promise<void> {
  const cutoff = new Date();
  cutoff.setDate(cutoff.getDate() - retentionDays);

  await db.perplexityLogs.deleteMany({
    createdAt: { $lt: cutoff },
    type: { $nin: ['audit', 'compliance'] },
  });
}

// Schedule daily cleanup
cron.schedule('0 3 * * *', () => cleanupPerplexityData(30));
```

## GDPR/CCPA Compliance

### Data Subject Access Request (DSAR)

```typescript
async function exportUserData(userId: string): Promise<DataExport> {
  const perplexityData = await perplexityClient.getUserData(userId);

  return {
    source: 'Perplexity',
    exportedAt: new Date().toISOString(),
    data: {
      profile: perplexityData.profile,
      activities: perplexityData.activities,
      // Include all user-related data
    },
  };
}
```

### Right to Deletion

```typescript
async function deleteUserData(userId: string): Promise<DeletionResult> {
  // 1. Delete from Perplexity
  await perplexityClient.deleteUser(userId);

  // 2. Delete local copies
  await db.perplexityUserCache.deleteMany({ userId });

  // 3. Audit log (required to keep)
  await auditLog.record({
    action: 'GDPR_DELETION',
    userId,
    service: 'perplexity',
    timestamp: new Date(),
  });

  return { success: true, deletedAt: new Date() };
}
```

## Data Minimization

```typescript
// Only request needed fields
const user = await perplexityClient.getUser(userId, {
  fields: ['id', 'name'], // Not email, phone, address
});

// Don't store unnecessary data
const cacheData = {
  id: user.id,
  name: user.name,
  // Omit sensitive fields
};
```

## Instructions

### Step 1: Classify Data
Categorize all Perplexity data by sensitivity level.

### Step 2: Implement PII Detection
Add regex patterns to detect sensitive data in logs.

### Step 3: Configure Redaction
Apply redaction to sensitive fields before logging.

### Step 4: Set Up Retention
Configure automatic cleanup with appropriate retention periods.

## Output
- Data classification documented
- PII detection implemented
- Redaction in logging active
- Retention policy enforced

## Error Handling
| Issue | Cause | Solution |
|-------|-------|----------|
| PII in logs | Missing redaction | Wrap logging with redact |
| Deletion failed | Data locked | Check dependencies |
| Export incomplete | Timeout | Increase batch size |
| Audit gap | Missing entries | Review log pipeline |

## Examples

### Quick PII Scan
```typescript
const findings = detectPII(JSON.stringify(userData));
if (findings.length > 0) {
  console.warn(`PII detected: ${findings.map(f => f.type).join(', ')}`);
}
```

### Redact Before Logging
```typescript
const safeData = redactPII(apiResponse);
logger.info('Perplexity response:', safeData);
```

### GDPR Data Export
```typescript
const userExport = await exportUserData('user-123');
await sendToUser(userExport);
```

## Resources
- [GDPR Developer Guide](https://gdpr.eu/developers/)
- [CCPA Compliance Guide](https://oag.ca.gov/privacy/ccpa)
- [Perplexity Privacy Guide](https://docs.perplexity.com/privacy)

## Next Steps
For enterprise access control, see `perplexity-enterprise-rbac`.

Overview

This skill implements Perplexity-specific PII handling, data retention, and GDPR/CCPA compliance patterns for integrations. It provides detection, redaction, retention automation, and DSAR/deletion helpers tailored to Perplexity data flows. Use it to reduce exposure of sensitive fields and to document and enforce retention rules.

How this skill works

The skill inspects request/response payloads and logs for PII using configurable regex patterns and field lists. It applies deterministic redaction to sensitive fields before persistence or logging, and triggers scheduled cleanup jobs based on retention policies. It also provides routines to export user data for DSARs and to orchestrate deletion while keeping required audit records.

When to use it

  • When ingesting Perplexity request or response data into logs or caches
  • When you must detect and redact emails, phones, SSNs, or API keys
  • When implementing retention schedules and automatic cleanup jobs
  • When responding to GDPR/CCPA data export or deletion requests
  • When designing minimal data requests to Perplexity APIs

Best practices

  • Classify all Perplexity-derived data by sensitivity (PII, sensitive, business, public) before storing
  • Use both pattern-based detection and explicit sensitive field lists to avoid gaps
  • Always redact or encrypt PII before logging or persisting non-audit records
  • Keep audit logs immutable and exempt from short retention but minimize contained PII
  • Schedule daily cleanup for short-lived logs and retain audit logs per compliance needs
  • Provide explicit DSAR export and deletion flows and record those actions in audit trails

Example use cases

  • Run a PII scan on incoming Perplexity responses and block raw logging of matches
  • Redact email/phone fields in API request logs and replace with [REDACTED] before storage
  • Schedule a cron job to remove API/debug logs older than 30 days while preserving audit entries
  • Export a user’s Perplexity profile and activity for a DSAR with a packaged JSON export
  • Execute deletion workflow that removes user data from Perplexity, local caches, and logs while recording a GDPR deletion audit record

FAQ

How do I detect custom PII types?

Add regex patterns or field names to the detection configuration and test against sample payloads; combine pattern matching with allowlists for fields to reduce false positives.

What should I do with audit logs that contain PII?

Avoid putting raw PII in audit logs; if unavoidable, encrypt audit entries and restrict access. Retain audit logs per legal retention requirements while minimizing stored PII.