Implement Windsurf PII handling, data retention, and GDPR/CCPA compliance patterns. Use when handling sensitive data, implementing data redaction, configuring retention policies, or ensuring compliance with privacy regulations for Windsurf integrations. Trigger with phrases like "windsurf data", "windsurf PII", "windsurf GDPR", "windsurf data retention", "windsurf privacy", "windsurf CCPA".
View on GitHubjeremylongshore/claude-code-plugins-plus-skills
windsurf-pack
plugins/saas-packs/windsurf-pack/skills/windsurf-data-handling/SKILL.md
February 1, 2026
Select agents to install to:
npx add-skill https://github.com/jeremylongshore/claude-code-plugins-plus-skills/blob/main/plugins/saas-packs/windsurf-pack/skills/windsurf-data-handling/SKILL.md -a claude-code --skill windsurf-data-handlingInstallation paths:
.claude/skills/windsurf-data-handling/# Windsurf Data Handling
## Overview
Handle sensitive data correctly when integrating with Windsurf.
## Prerequisites
- Understanding of GDPR/CCPA requirements
- Windsurf SDK with data export capabilities
- Database for audit logging
- Scheduled job infrastructure for cleanup
## Data Classification
| Category | Examples | Handling |
|----------|----------|----------|
| PII | Email, name, phone | Encrypt, minimize |
| Sensitive | API keys, tokens | Never log, rotate |
| Business | Usage metrics | Aggregate when possible |
| Public | Product names | Standard handling |
## PII Detection
```typescript
const PII_PATTERNS = [
{ type: 'email', regex: /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/g },
{ type: 'phone', regex: /\b\d{3}[-.]?\d{3}[-.]?\d{4}\b/g },
{ type: 'ssn', regex: /\b\d{3}-\d{2}-\d{4}\b/g },
{ type: 'credit_card', regex: /\b\d{4}[- ]?\d{4}[- ]?\d{4}[- ]?\d{4}\b/g },
];
function detectPII(text: string): { type: string; match: string }[] {
const findings: { type: string; match: string }[] = [];
for (const pattern of PII_PATTERNS) {
const matches = text.matchAll(pattern.regex);
for (const match of matches) {
findings.push({ type: pattern.type, match: match[0] });
}
}
return findings;
}
```
## Data Redaction
```typescript
function redactPII(data: Record<string, any>): Record<string, any> {
const sensitiveFields = ['email', 'phone', 'ssn', 'password', 'apiKey'];
const redacted = { ...data };
for (const field of sensitiveFields) {
if (redacted[field]) {
redacted[field] = '[REDACTED]';
}
}
return redacted;
}
// Use in logging
console.log('Windsurf request:', redactPII(requestData));
```
## Data Retention Policy
### Retention Periods
| Data Type | Retention | Reason |
|-----------|-----------|--------|
| API logs | 30 days | Debugging |
| Error logs | 90 days | Root cause analysis |
| Audit logs | 7 years | Compliance |
| PII | Until deletion request | GDPR/CCPA |
### Automatic Cleanup
`