Loading...
Loading...
Implement Exa PII handling, data retention, and GDPR/CCPA compliance patterns. Use when handling sensitive data, implementing data redaction, configuring retention policies, or ensuring compliance with privacy regulations for Exa integrations. Trigger with phrases like "exa data", "exa PII", "exa GDPR", "exa data retention", "exa privacy", "exa CCPA".
npx skill4agent add jeremylongshore/claude-code-plugins-plus-skills exa-data-handling| Category | Examples | Handling |
|---|---|---|
| PII | Email, name, phone | Encrypt, minimize |
| Sensitive | API keys, tokens | Never log, rotate |
| Business | Usage metrics | Aggregate when possible |
| Public | Product names | Standard handling |
const PII_PATTERNS = [
{ type: 'email', regex: /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/g },
{ type: 'phone', regex: /\b\d{3}[-.]?\d{3}[-.]?\d{4}\b/g },
{ type: 'ssn', regex: /\b\d{3}-\d{2}-\d{4}\b/g },
{ type: 'credit_card', regex: /\b\d{4}[- ]?\d{4}[- ]?\d{4}[- ]?\d{4}\b/g },
];
function detectPII(text: string): { type: string; match: string }[] {
const findings: { type: string; match: string }[] = [];
for (const pattern of PII_PATTERNS) {
const matches = text.matchAll(pattern.regex);
for (const match of matches) {
findings.push({ type: pattern.type, match: match[0] });
}
}
return findings;
}function redactPII(data: Record<string, any>): Record<string, any> {
const sensitiveFields = ['email', 'phone', 'ssn', 'password', 'apiKey'];
const redacted = { ...data };
for (const field of sensitiveFields) {
if (redacted[field]) {
redacted[field] = '[REDACTED]';
}
}
return redacted;
}
// Use in logging
console.log('Exa request:', redactPII(requestData));| Data Type | Retention | Reason |
|---|---|---|
| API logs | 30 days | Debugging |
| Error logs | 90 days | Root cause analysis |
| Audit logs | 7 years | Compliance |
| PII | Until deletion request | GDPR/CCPA |
async function cleanupExaData(retentionDays: number): Promise<void> {
const cutoff = new Date();
cutoff.setDate(cutoff.getDate() - retentionDays);
await db.exaLogs.deleteMany({
createdAt: { $lt: cutoff },
type: { $nin: ['audit', 'compliance'] },
});
}
// Schedule daily cleanup
cron.schedule('0 3 * * *', () => cleanupExaData(30));async function exportUserData(userId: string): Promise<DataExport> {
const exaData = await exaClient.getUserData(userId);
return {
source: 'Exa',
exportedAt: new Date().toISOString(),
data: {
profile: exaData.profile,
activities: exaData.activities,
// Include all user-related data
},
};
}async function deleteUserData(userId: string): Promise<DeletionResult> {
// 1. Delete from Exa
await exaClient.deleteUser(userId);
// 2. Delete local copies
await db.exaUserCache.deleteMany({ userId });
// 3. Audit log (required to keep)
await auditLog.record({
action: 'GDPR_DELETION',
userId,
service: 'exa',
timestamp: new Date(),
});
return { success: true, deletedAt: new Date() };
}// Only request needed fields
const user = await exaClient.getUser(userId, {
fields: ['id', 'name'], // Not email, phone, address
});
// Don't store unnecessary data
const cacheData = {
id: user.id,
name: user.name,
// Omit sensitive fields
};| Issue | Cause | Solution |
|---|---|---|
| PII in logs | Missing redaction | Wrap logging with redact |
| Deletion failed | Data locked | Check dependencies |
| Export incomplete | Timeout | Increase batch size |
| Audit gap | Missing entries | Review log pipeline |
const findings = detectPII(JSON.stringify(userData));
if (findings.length > 0) {
console.warn(`PII detected: ${findings.map(f => f.type).join(', ')}`);
}const safeData = redactPII(apiResponse);
logger.info('Exa response:', safeData);const userExport = await exportUserData('user-123');
await sendToUser(userExport);exa-enterprise-rbac