playbooks

home / skills / jeremylongshore / claude-code-plugins-plus-skills / vercel-data-handling

vercel-data-handling skill

/plugins/saas-packs/vercel-pack/skills/vercel-data-handling

This skill helps you implement Vercel PII handling, data retention, and GDPR/CCPA compliance across integrations, ensuring privacy-first data processing.

npx playbooks add skill jeremylongshore/claude-code-plugins-plus-skills --skill vercel-data-handling

Review the files below or copy the command above to add this skill to your agents.

Files (4)
SKILL.md
1.8 KB
---
name: vercel-data-handling
description: |
  Implement Vercel PII handling, data retention, and GDPR/CCPA compliance patterns.
  Use when handling sensitive data, implementing data redaction, configuring retention policies,
  or ensuring compliance with privacy regulations for Vercel integrations.
  Trigger with phrases like "vercel data", "vercel PII",
  "vercel GDPR", "vercel data retention", "vercel privacy", "vercel CCPA".
allowed-tools: Read, Write, Edit
version: 1.0.0
license: MIT
author: Jeremy Longshore <[email protected]>
---

# Vercel Data Handling

## Overview
Handle sensitive data correctly when integrating with Vercel.

## Prerequisites
- Understanding of GDPR/CCPA requirements
- Vercel SDK with data export capabilities
- Database for audit logging
- Scheduled job infrastructure for cleanup

## Data Classification

| Category | Examples | Handling |
|----------|----------|----------|
| PII | Email, name, phone | Encrypt, minimize |
| Sensitive | API keys, tokens | Never log, rotate |
| Business | Usage metrics | Aggregate when possible |
| Public | Product names | Standard handling |

## PII Detection

```typescript
const PII_PATTERNS = [
  { type: 'email', regex: /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/g },
  { type: 'phone', regex: /\b\d{3}[-.]?\d{3}[-.]?\d{4}\b/g },
  { type: 'ssn', regex: /\b\d{3}-\d{2}-\d{4}\b/g },
  { type: 'credit_card', regex: /\b\d{4}[- ]?\d{4}[- ]?\d{4}[- ]?\d{4}\b/g },
];

function detectPII(text: string): { type: string; match: string }[] {
  const findings: { type: string; match: string }[] = [];

  for (const pattern of PII_PATTERNS) {
    const matches = text.matchAll(pattern.regex);
    for (const match of matches) {

## Detailed Reference

See `{baseDir}/references/implementation.md` for complete data handling guide.

Overview

This skill implements Vercel-focused PII handling, data retention, and GDPR/CCPA compliance patterns. It provides detection, classification, redaction, and retention policy guidance for data flowing through Vercel integrations. Use it to minimize surfaced sensitive data and to automate cleanup and audit logging for regulatory needs.

How this skill works

The skill inspects request and log payloads for common PII patterns (emails, phones, SSNs, credit cards) and tags each finding with a classification. It supports configurable redaction and encryption rules, writes immutable audit entries to a database, and integrates with scheduled jobs to enforce retention and deletion policies. The implementation includes patterns for never-logging secrets, rotating tokens, and aggregating business metrics to avoid exposing raw identifiers.

When to use it

  • Integrating user-facing forms, uploads, or logs with Vercel where personal data may appear
  • Implementing automated redaction for logs, error reports, or analytics sent from Vercel
  • Enforcing GDPR or CCPA retention and deletion requests on Vercel-hosted services
  • Protecting API keys, tokens, and secrets processed by serverless functions
  • Creating audit trails for data access and deletion operations

Best practices

  • Classify data at ingress: label as PII, sensitive, business, or public before storage
  • Never log secrets or tokens; use short-lived credentials and automated rotation
  • Encrypt PII at rest and restrict decryption to explicit, logged workflows
  • Implement retention jobs that delete or anonymize data according to policy and keep audit records
  • Aggregate or hash identifiers when raw values are not required for processing

Example use cases

  • Scan incoming request bodies and logs in Vercel serverless functions and redact emails and phone numbers before storage
  • Automate data subject access and deletion requests by mapping user identifiers to stored records and running retention jobs
  • Integrate with monitoring to strip sensitive fields from error reports and still capture contextual metadata
  • Rotate and replace exposed API tokens detected in application logs and create a logged rotation workflow
  • Apply aggregation rules for usage metrics to preserve business insight without storing PII

FAQ

Can this handle custom PII types?

Yes. You can extend the detection patterns with custom regexes or named detectors and map them to your classification rules.

How do retention jobs ensure safe deletion?

Retention jobs should run from a trusted scheduler, perform idempotent deletions or irreversible anonymization, and write immutable audit records showing what was removed and why.