playbooks

home / skills / jeremylongshore / claude-code-plugins-plus-skills / retellai-data-handling

retellai-data-handling skill

/plugins/saas-packs/retellai-pack/skills/retellai-data-handling

This skill helps you implement Retell AI data handling, including PII detection, redaction, and GDPR/CCPA compliant retention.

npx playbooks add skill jeremylongshore/claude-code-plugins-plus-skills --skill retellai-data-handling

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
5.6 KB
---
name: retellai-data-handling
description: |
  Implement Retell AI PII handling, data retention, and GDPR/CCPA compliance patterns.
  Use when handling sensitive data, implementing data redaction, configuring retention policies,
  or ensuring compliance with privacy regulations for Retell AI integrations.
  Trigger with phrases like "retellai data", "retellai PII",
  "retellai GDPR", "retellai data retention", "retellai privacy", "retellai CCPA".
allowed-tools: Read, Write, Edit
version: 1.0.0
license: MIT
author: Jeremy Longshore <[email protected]>
---

# Retell AI Data Handling

## Overview
Handle sensitive data correctly when integrating with Retell AI.

## Prerequisites
- Understanding of GDPR/CCPA requirements
- Retell AI SDK with data export capabilities
- Database for audit logging
- Scheduled job infrastructure for cleanup

## Data Classification

| Category | Examples | Handling |
|----------|----------|----------|
| PII | Email, name, phone | Encrypt, minimize |
| Sensitive | API keys, tokens | Never log, rotate |
| Business | Usage metrics | Aggregate when possible |
| Public | Product names | Standard handling |

## PII Detection

```typescript
const PII_PATTERNS = [
  { type: 'email', regex: /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/g },
  { type: 'phone', regex: /\b\d{3}[-.]?\d{3}[-.]?\d{4}\b/g },
  { type: 'ssn', regex: /\b\d{3}-\d{2}-\d{4}\b/g },
  { type: 'credit_card', regex: /\b\d{4}[- ]?\d{4}[- ]?\d{4}[- ]?\d{4}\b/g },
];

function detectPII(text: string): { type: string; match: string }[] {
  const findings: { type: string; match: string }[] = [];

  for (const pattern of PII_PATTERNS) {
    const matches = text.matchAll(pattern.regex);
    for (const match of matches) {
      findings.push({ type: pattern.type, match: match[0] });
    }
  }

  return findings;
}
```

## Data Redaction

```typescript
function redactPII(data: Record<string, any>): Record<string, any> {
  const sensitiveFields = ['email', 'phone', 'ssn', 'password', 'apiKey'];
  const redacted = { ...data };

  for (const field of sensitiveFields) {
    if (redacted[field]) {
      redacted[field] = '[REDACTED]';
    }
  }

  return redacted;
}

// Use in logging
console.log('Retell AI request:', redactPII(requestData));
```

## Data Retention Policy

### Retention Periods
| Data Type | Retention | Reason |
|-----------|-----------|--------|
| API logs | 30 days | Debugging |
| Error logs | 90 days | Root cause analysis |
| Audit logs | 7 years | Compliance |
| PII | Until deletion request | GDPR/CCPA |

### Automatic Cleanup

```typescript
async function cleanupRetell AIData(retentionDays: number): Promise<void> {
  const cutoff = new Date();
  cutoff.setDate(cutoff.getDate() - retentionDays);

  await db.retellaiLogs.deleteMany({
    createdAt: { $lt: cutoff },
    type: { $nin: ['audit', 'compliance'] },
  });
}

// Schedule daily cleanup
cron.schedule('0 3 * * *', () => cleanupRetell AIData(30));
```

## GDPR/CCPA Compliance

### Data Subject Access Request (DSAR)

```typescript
async function exportUserData(userId: string): Promise<DataExport> {
  const retellaiData = await retellaiClient.getUserData(userId);

  return {
    source: 'Retell AI',
    exportedAt: new Date().toISOString(),
    data: {
      profile: retellaiData.profile,
      activities: retellaiData.activities,
      // Include all user-related data
    },
  };
}
```

### Right to Deletion

```typescript
async function deleteUserData(userId: string): Promise<DeletionResult> {
  // 1. Delete from Retell AI
  await retellaiClient.deleteUser(userId);

  // 2. Delete local copies
  await db.retellaiUserCache.deleteMany({ userId });

  // 3. Audit log (required to keep)
  await auditLog.record({
    action: 'GDPR_DELETION',
    userId,
    service: 'retellai',
    timestamp: new Date(),
  });

  return { success: true, deletedAt: new Date() };
}
```

## Data Minimization

```typescript
// Only request needed fields
const user = await retellaiClient.getUser(userId, {
  fields: ['id', 'name'], // Not email, phone, address
});

// Don't store unnecessary data
const cacheData = {
  id: user.id,
  name: user.name,
  // Omit sensitive fields
};
```

## Instructions

### Step 1: Classify Data
Categorize all Retell AI data by sensitivity level.

### Step 2: Implement PII Detection
Add regex patterns to detect sensitive data in logs.

### Step 3: Configure Redaction
Apply redaction to sensitive fields before logging.

### Step 4: Set Up Retention
Configure automatic cleanup with appropriate retention periods.

## Output
- Data classification documented
- PII detection implemented
- Redaction in logging active
- Retention policy enforced

## Error Handling
| Issue | Cause | Solution |
|-------|-------|----------|
| PII in logs | Missing redaction | Wrap logging with redact |
| Deletion failed | Data locked | Check dependencies |
| Export incomplete | Timeout | Increase batch size |
| Audit gap | Missing entries | Review log pipeline |

## Examples

### Quick PII Scan
```typescript
const findings = detectPII(JSON.stringify(userData));
if (findings.length > 0) {
  console.warn(`PII detected: ${findings.map(f => f.type).join(', ')}`);
}
```

### Redact Before Logging
```typescript
const safeData = redactPII(apiResponse);
logger.info('Retell AI response:', safeData);
```

### GDPR Data Export
```typescript
const userExport = await exportUserData('user-123');
await sendToUser(userExport);
```

## Resources
- [GDPR Developer Guide](https://gdpr.eu/developers/)
- [CCPA Compliance Guide](https://oag.ca.gov/privacy/ccpa)
- [Retell AI Privacy Guide](https://docs.retellai.com/privacy)

## Next Steps
For enterprise access control, see `retellai-enterprise-rbac`.

Overview

This skill implements Retell AI PII handling, data retention, and GDPR/CCPA compliance patterns for integrations. It provides detection, redaction, export, deletion, and automated retention controls to reduce risk when processing sensitive data. Use it to standardize privacy-safe logging and lifecycle management for Retell AI data.

How this skill works

The skill classifies incoming Retell AI data by sensitivity, scans text and payloads for PII using configurable regex patterns, and redacts or masks sensitive fields before logging or storage. It exposes routines to export user data for DSARs, to perform lawful deletion while preserving audit records, and to run scheduled cleanup jobs that enforce retention policies. Hooks are provided to integrate with Retell AI SDK calls and your audit database.

When to use it

  • When sending or storing Retell AI requests/responses that may contain PII
  • When implementing GDPR/CCPA data subject access or deletion flows
  • When you need automated retention and scheduled cleanup of logs and caches
  • When building audit trails while minimizing stored sensitive information
  • When integrating Retell AI into production systems that require compliance controls

Best practices

  • Classify data up front into PII, sensitive, business, and public categories
  • Detect PII with multiple patterns (email, phone, SSN, credit cards) and tune regexes for your locale
  • Redact sensitive fields before any logging, and avoid storing raw tokens or secrets
  • Keep audit logs immutable but minimize the data they contain; retain only required metadata
  • Automate retention with scheduled cleanup jobs and exclude compliance-critical records from deletion
  • Provide explicit export and deletion endpoints that log actions for accountability

Example use cases

  • Scan and redact user-submitted transcripts before persisting to logs or analytics
  • Implement a DSAR export that aggregates Retell AI profile and activity data for a user
  • Automate deletion of non-audit logs older than 30 days while retaining audit logs for 7 years
  • Prevent accidental logging of API keys and rotate credentials on detection of sensitive leaks
  • Minimize data retrieved from Retell AI by only requesting required fields for a given operation

FAQ

How do I handle deletion requests while keeping auditability?

Delete user data from Retell AI and local stores, then record a minimal immutable audit entry noting the deletion action, timestamp, and service. Do not include deleted PII in the audit record.

Which retention windows are recommended?

Use short windows for debug logs (30 days), longer for error analysis (90 days), and retain audit/compliance logs as required (commonly up to 7 years) while respecting local regulations.