From lindy-pack
Guides data handling best practices for Lindy AI agents: classify PII, add prompt controls, secure knowledge bases, ensure GDPR/HIPAA compliance.
How this skill is triggered — by the user, by Claude, or both
Slash command
/lindy-pack:lindy-data-handlingThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Lindy agents process data through triggers, LLM calls, actions, knowledge bases,
Lindy agents process data through triggers, LLM calls, actions, knowledge bases, and memory. Data flows through Lindy's managed infrastructure with AES-256 encryption at rest and in transit. This skill covers data classification, PII handling, prompt-level data controls, and regulatory compliance.
| Component | Data Storage | Retention |
|---|---|---|
| Tasks | Task inputs, outputs, step data | Visible in dashboard |
| Memory | Persistent snippets across tasks | Until manually deleted |
| Context | Per-task accumulated context | Task lifetime only |
| Knowledge Base | Uploaded files, crawled sites | Until manually removed |
| Integrations | OAuth tokens, connection data | Until disconnected |
| Computer Use | Browser session, screenshots | 30 days after last use |
Map what data each agent processes:
| Data Category | Examples | Handling |
|---|---|---|
| Public | Product info, FAQs, pricing | No restrictions |
| Internal | Sales reports, meeting notes | Limit to authorized agents |
| Confidential | Customer emails, CRM data | Access controls + audit |
| Restricted | PII, PHI, payment data | Minimize exposure + compliance |
Add data handling instructions directly to agent prompts:
## Data Handling Rules
- Never include full email addresses in summaries — use "[name]@[domain]"
- Redact phone numbers in logs — show only last 4 digits
- Do not forward customer personal information to Slack channels
- When storing to spreadsheet, omit columns: email, phone, address
- If asked to share customer data externally, decline and escalate
Knowledge base files are searchable by the agent. Control what goes in:
DO upload:
DO NOT upload:
Resync considerations: KB auto-refreshes every 24 hours. If you upload sensitive content by mistake, remove it AND trigger a manual Resync.
Agent memories persist across all future tasks. Be deliberate:
Safe memory: "Customer prefers email communication over phone"
Safe memory: "Billing questions should escalate to [email protected]"
Risky memory: "John Smith's SSN is 123-45-6789" ← NEVER store PII in memory
Risky memory: "API key for Stripe: sk_live_xxxx" ← NEVER store secrets
Add to agent prompt:
## Memory Rules
- Never store personally identifiable information (PII) in memory
- Never store credentials, API keys, or passwords in memory
- Memories should contain preferences, patterns, and procedures only
If using Computer Use (browser automation):
GDPR (EU Data Protection):
CCPA (California Consumer Privacy):
HIPAA (Healthcare):
Agent Prompt Addition:
## Data Retention
- Do not reference data from tasks older than 30 days
- Clear task context after each run (do not accumulate indefinitely)
- When updating memory, remove outdated entries
- Summarize customer interactions, do not store verbatim transcripts
| Issue | Cause | Solution |
|---|---|---|
| PII in Slack channel | Agent forwarded customer email | Add "never forward PII to Slack" to prompt |
| Sensitive file in KB | Uploaded by mistake | Remove file + trigger KB resync immediately |
| Memory contains PII | Agent auto-created memory | Delete memory + add "never store PII" to prompt |
| Audit finding | Agent accessing unnecessary data | Remove unused integrations from agent |
Proceed to lindy-enterprise-rbac for access control.
npx claudepluginhub camillanapoles/claude-code-plugins-plus-skills --plugin lindy-pack5plugins reuse this skill
First indexed Jul 10, 2026
Manages sensitive data in Lindy AI agent workflows with PII controls, data classification, and compliance (GDPR, HIPAA). Activates on phrases like 'lindy data' or 'lindy privacy'.
Creates structured, bite-sized implementation plans from specs or requirements before writing code. Useful for breaking down multi-step tasks into testable steps with file structure and task boundaries.