clerk-data-handling
@jeremylongshore/clerk-data-handling
Handle user data, privacy, and GDPR compliance with Clerk. Use when implementing data export, user deletion, or privacy compliance features. Trigger with phrases like "clerk user data", "clerk GDPR", "clerk privacy", "clerk data export", "clerk delete user".
Installation
$skills install @jeremylongshore/clerk-data-handling
Claude Code
Cursor
Copilot
Codex
Antigravity
Details
Pathplugins/saas-packs/clerk-pack/skills/clerk-data-handling/SKILL.md
Branchmain
Scoped Name@jeremylongshore/clerk-data-handling
Usage
After installing, this skill will be available to your AI coding assistant.
Verify installation:
skills listSkill Instructions
name: clerk-data-handling description: | Handle user data, privacy, and GDPR compliance with Clerk. Use when implementing data export, user deletion, or privacy compliance features. Trigger with phrases like "clerk user data", "clerk GDPR", "clerk privacy", "clerk data export", "clerk delete user". allowed-tools: Read, Write, Edit, Bash(npm:*), Grep version: 1.0.0 license: MIT author: Jeremy Longshore jeremy@intentsolutions.io
Clerk Data Handling
Overview
Manage user data, implement privacy features, and ensure compliance with regulations.
Prerequisites
- Clerk integration working
- Understanding of GDPR/CCPA requirements
- Database with user-related data
Instructions
Step 1: User Data Export
// lib/data-export.ts
import { clerkClient } from '@clerk/nextjs/server'
import { db } from './db'
interface UserDataExport {
clerk: ClerkUserData
application: ApplicationUserData
exportedAt: string
}
interface ClerkUserData {
id: string
email: string | undefined
firstName: string | null
lastName: string | null
createdAt: Date
lastSignIn: Date | null
metadata: Record<string, any>
}
interface ApplicationUserData {
profile: any
orders: any[]
preferences: any
activityLog: any[]
}
export async function exportUserData(userId: string): Promise<UserDataExport> {
const client = await clerkClient()
// Get Clerk user data
const clerkUser = await client.users.getUser(userId)
// Get application data
const [profile, orders, preferences, activityLog] = await Promise.all([
db.userProfile.findUnique({ where: { clerkId: userId } }),
db.order.findMany({ where: { userId }, orderBy: { createdAt: 'desc' } }),
db.userPreference.findMany({ where: { userId } }),
db.activityLog.findMany({
where: { userId },
orderBy: { timestamp: 'desc' },
take: 1000
})
])
return {
clerk: {
id: clerkUser.id,
email: clerkUser.primaryEmailAddress?.emailAddress,
firstName: clerkUser.firstName,
lastName: clerkUser.lastName,
createdAt: new Date(clerkUser.createdAt),
lastSignIn: clerkUser.lastSignInAt ? new Date(clerkUser.lastSignInAt) : null,
metadata: {
public: clerkUser.publicMetadata,
// Note: privateMetadata should be handled carefully
}
},
application: {
profile: sanitizeForExport(profile),
orders: orders.map(sanitizeForExport),
preferences: preferences.map(sanitizeForExport),
activityLog: activityLog.map(sanitizeForExport)
},
exportedAt: new Date().toISOString()
}
}
function sanitizeForExport(data: any): any {
if (!data) return null
// Remove internal fields
const { id, createdAt, updatedAt, ...rest } = data
return rest
}
Step 2: User Deletion (Right to be Forgotten)
// lib/user-deletion.ts
import { clerkClient } from '@clerk/nextjs/server'
import { db } from './db'
interface DeletionResult {
success: boolean
deletedFrom: string[]
errors: string[]
}
export async function deleteUserCompletely(userId: string): Promise<DeletionResult> {
const result: DeletionResult = {
success: true,
deletedFrom: [],
errors: []
}
// Step 1: Delete from application database
try {
await db.$transaction([
// Delete related records first (foreign key constraints)
db.activityLog.deleteMany({ where: { userId } }),
db.order.deleteMany({ where: { userId } }),
db.userPreference.deleteMany({ where: { userId } }),
db.userProfile.delete({ where: { clerkId: userId } })
])
result.deletedFrom.push('application_database')
} catch (error: any) {
result.errors.push(`Database deletion failed: ${error.message}`)
result.success = false
}
// Step 2: Delete from Clerk
try {
const client = await clerkClient()
await client.users.deleteUser(userId)
result.deletedFrom.push('clerk')
} catch (error: any) {
result.errors.push(`Clerk deletion failed: ${error.message}`)
result.success = false
}
// Step 3: Delete from external services
try {
await deleteFromExternalServices(userId)
result.deletedFrom.push('external_services')
} catch (error: any) {
result.errors.push(`External service deletion failed: ${error.message}`)
}
// Log deletion for audit
await logDeletionEvent(userId, result)
return result
}
async function deleteFromExternalServices(userId: string) {
// Delete from analytics
// Delete from email service
// Delete from payment provider
// etc.
}
async function logDeletionEvent(userId: string, result: DeletionResult) {
// Maintain audit log of deletions (anonymized)
await db.deletionLog.create({
data: {
anonymizedId: hashUserId(userId),
deletedAt: new Date(),
success: result.success,
errors: result.errors
}
})
}
Step 3: Data Retention Policies
// lib/data-retention.ts
import { db } from './db'
import { clerkClient } from '@clerk/nextjs/server'
interface RetentionPolicy {
activityLogs: number // days
sessions: number // days
inactiveUsers: number // days
}
const RETENTION_POLICY: RetentionPolicy = {
activityLogs: 90,
sessions: 30,
inactiveUsers: 365
}
export async function enforceRetentionPolicy() {
const now = new Date()
// Clean up old activity logs
const activityCutoff = new Date(
now.getTime() - RETENTION_POLICY.activityLogs * 24 * 60 * 60 * 1000
)
const deletedLogs = await db.activityLog.deleteMany({
where: {
timestamp: { lt: activityCutoff }
}
})
console.log(`Deleted ${deletedLogs.count} old activity logs`)
// Identify inactive users for notification
const inactiveCutoff = new Date(
now.getTime() - RETENTION_POLICY.inactiveUsers * 24 * 60 * 60 * 1000
)
const inactiveUsers = await db.userProfile.findMany({
where: {
lastActiveAt: { lt: inactiveCutoff },
notifiedAboutInactivity: false
}
})
// Notify inactive users before deletion
for (const user of inactiveUsers) {
await notifyInactiveUser(user.clerkId)
await db.userProfile.update({
where: { id: user.id },
data: { notifiedAboutInactivity: true }
})
}
console.log(`Notified ${inactiveUsers.length} inactive users`)
}
Step 4: Consent Management
// lib/consent.ts
import { currentUser } from '@clerk/nextjs/server'
interface ConsentRecord {
marketing: boolean
analytics: boolean
thirdParty: boolean
updatedAt: Date
}
export async function getConsent(userId: string): Promise<ConsentRecord | null> {
const user = await currentUser()
if (!user) return null
return {
marketing: user.publicMetadata?.consent?.marketing ?? false,
analytics: user.publicMetadata?.consent?.analytics ?? false,
thirdParty: user.publicMetadata?.consent?.thirdParty ?? false,
updatedAt: new Date(user.publicMetadata?.consent?.updatedAt || user.createdAt)
}
}
export async function updateConsent(
userId: string,
consent: Partial<ConsentRecord>
) {
const client = await clerkClient()
const user = await client.users.getUser(userId)
const currentConsent = user.publicMetadata?.consent || {}
await client.users.updateUser(userId, {
publicMetadata: {
...user.publicMetadata,
consent: {
...currentConsent,
...consent,
updatedAt: new Date().toISOString()
}
}
})
// Log consent change for audit
await logConsentChange(userId, consent)
}
Step 5: GDPR API Endpoints
// app/api/user/data/route.ts
import { auth } from '@clerk/nextjs/server'
import { exportUserData } from '@/lib/data-export'
// Data Export (GDPR Article 20)
export async function GET() {
const { userId } = await auth()
if (!userId) {
return Response.json({ error: 'Unauthorized' }, { status: 401 })
}
const userData = await exportUserData(userId)
return new Response(JSON.stringify(userData, null, 2), {
headers: {
'Content-Type': 'application/json',
'Content-Disposition': `attachment; filename="user-data-${userId}.json"`
}
})
}
// app/api/user/delete/route.ts
import { deleteUserCompletely } from '@/lib/user-deletion'
// Data Deletion (GDPR Article 17)
export async function DELETE() {
const { userId } = await auth()
if (!userId) {
return Response.json({ error: 'Unauthorized' }, { status: 401 })
}
// Require confirmation
const confirmed = request.headers.get('X-Confirm-Delete') === 'true'
if (!confirmed) {
return Response.json(
{ error: 'Confirmation required', requiresHeader: 'X-Confirm-Delete: true' },
{ status: 400 }
)
}
const result = await deleteUserCompletely(userId)
if (result.success) {
return Response.json({ message: 'Account deleted successfully' })
} else {
return Response.json(
{ error: 'Partial deletion', details: result },
{ status: 500 }
)
}
}
Step 6: Audit Logging
// lib/audit-log.ts
interface AuditEvent {
type: 'data_access' | 'data_export' | 'data_deletion' | 'consent_change'
userId: string
performedBy: string
details: Record<string, any>
timestamp: Date
}
export async function logAuditEvent(event: Omit<AuditEvent, 'timestamp'>) {
await db.auditLog.create({
data: {
...event,
timestamp: new Date()
}
})
// For compliance, also log to external service
if (process.env.AUDIT_LOG_ENDPOINT) {
await fetch(process.env.AUDIT_LOG_ENDPOINT, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ ...event, timestamp: new Date() })
})
}
}
Privacy Checklist
- Data export functionality (GDPR Article 20)
- Data deletion functionality (GDPR Article 17)
- Consent management
- Data retention policies
- Audit logging
- Privacy policy updated
- Cookie consent implemented
- Data processing agreements
Output
- Data export functionality
- User deletion capability
- Consent management
- Audit logging
Error Handling
| Scenario | Action |
|---|---|
| Partial deletion | Retry failed services, log for manual review |
| Export timeout | Queue export, email when complete |
| Consent sync fail | Retry with exponential backoff |
Resources
Next Steps
Proceed to clerk-enterprise-rbac for enterprise SSO and RBAC.
More by jeremylongshore
View allrabbitmq-queue-setup
1,004Rabbitmq Queue Setup - Auto-activating skill for Backend Development. Triggers on: rabbitmq queue setup, rabbitmq queue setup Part of the Backend Development skill category.
model-evaluation-suite
1,004evaluating-machine-learning-models: This skill allows Claude to evaluate machine learning models using a comprehensive suite of metrics. It should be used when the user requests model performance analysis, validation, or testing. Claude can use this skill to assess model accuracy, precision, recall, F1-score, and other relevant metrics. Trigger this skill when the user mentions "evaluate model", "model performance", "testing metrics", "validation results", or requests a comprehensive "model evaluation".
neural-network-builder
1,004building-neural-networks: This skill allows Claude to construct and configure neural network architectures using the neural-network-builder plugin. It should be used when the user requests the creation of a new neural network, modification of an existing one, or assistance with defining the layers, parameters, and training process. The skill is triggered by requests involving terms like "build a neural network," "define network architecture," "configure layers," or specific mentions of neural network types (e.g., "CNN," "RNN," "transformer").
oauth-callback-handler
1,004Oauth Callback Handler - Auto-activating skill for API Integration. Triggers on: oauth callback handler, oauth callback handler Part of the API Integration skill category.