playbooks

home / skills / jeremylongshore / claude-code-plugins-plus-skills / sentry-data-handling

sentry-data-handling skill

/plugins/saas-packs/sentry-pack/skills/sentry-data-handling

This skill helps you configure and verify Sentry data scrubbing and GDPR compliance to protect PII across applications.

npx playbooks add skill jeremylongshore/claude-code-plugins-plus-skills --skill sentry-data-handling

Review the files below or copy the command above to add this skill to your agents.

Files (6)
SKILL.md
1.8 KB
---
name: sentry-data-handling
description: |
  Manage sensitive data properly in Sentry.
  Use when configuring PII scrubbing, data retention,
  GDPR compliance, or data security settings.
  Trigger with phrases like "sentry pii", "sentry gdpr",
  "sentry data privacy", "scrub sensitive data sentry".
allowed-tools: Read, Write, Edit, Grep
version: 1.0.0
license: MIT
author: Jeremy Longshore <[email protected]>
---

# Sentry Data Handling

## Prerequisites

- Sentry project with admin access
- Compliance requirements documented (GDPR, HIPAA, PCI-DSS)
- List of sensitive data patterns to scrub
- Understanding of data retention requirements

## Instructions

1. Enable server-side data scrubbing in Project Settings > Security & Privacy
2. Configure client-side scrubbing in beforeSend hook for PII fields
3. Add custom scrubbing rules for credit cards, SSNs, and email patterns
4. Disable sendDefaultPii in SDK configuration
5. Configure IP address anonymization or disable IP collection
6. Set appropriate data retention period in organization settings
7. Implement user consent handling for GDPR compliance
8. Document right to erasure process with API deletion endpoint
9. Run tests to verify sensitive data is properly scrubbed
10. Complete compliance checklist for applicable regulations

## Output
- PII scrubbing rules configured
- GDPR compliance documentation
- Data retention policies implemented
- User consent handling code

## Error Handling

See `{baseDir}/references/errors.md` for comprehensive error handling.

## Examples

See `{baseDir}/references/examples.md` for detailed examples.

## Resources
- [Sentry Data Privacy](https://docs.sentry.io/product/data-management-settings/data-privacy/)
- [GDPR Compliance](https://sentry.io/legal/gdpr/)
- [Data Scrubbing](https://docs.sentry.io/product/data-management-settings/scrubbing/)

Overview

This skill guides configuring Sentry to manage sensitive data, enforce privacy controls, and meet compliance requirements. It focuses on setting up PII scrubbing, retention policies, consent handling, and IP anonymization. Use it to harden Sentry projects and document GDPR/HIPAA-related controls.

How this skill works

The skill inspects Sentry project settings and SDK configuration patterns, then provides step-by-step actions to enable server-side scrubbing, configure client-side hooks, and add custom scrubbing rules. It covers disabling default PII capture, setting retention periods, and documenting deletion/erasure procedures. It also includes verification steps and test guidance to confirm sensitive data is removed before storage.

When to use it

  • Configuring new Sentry projects with compliance needs
  • Adding or updating PII scrubbing rules (credit cards, SSNs, emails)
  • Implementing GDPR right-to-erasure and consent handling
  • Setting data retention and IP anonymization policies
  • Auditing Sentry settings for security reviews

Best practices

  • Enable server-side scrubbing in Project Settings > Security & Privacy as a baseline
  • Disable sendDefaultPii in SDKs and handle PII explicitly in beforeSend hooks
  • Create and test custom regex rules for credit cards, SSNs, and email patterns
  • Anonymize or disable IP collection when full addresses are not required
  • Document retention and erasure processes and expose deletion endpoints for compliance
  • Run automated tests that simulate PII to verify scrubbing rules are effective

Example use cases

  • Block and redact credit card and SSN patterns before events reach Sentry
  • Implement a beforeSend hook to remove user.email and user.username from events
  • Set organization retention to 90 days and document rationale for audits
  • Add a GDPR consent flag and conditionally drop events when consent is missing
  • Create an API endpoint to process right-to-erasure requests and remove events

FAQ

Do I need both client-side and server-side scrubbing?

Yes. Server-side scrubbing is the last line of defense; client-side hooks reduce exposure and limit sending PII in the first place.

How do I verify scrubbing rules work?

Run automated tests that send synthetic events containing known PII patterns, then inspect stored events or logs to confirm the patterns were removed.