Skill

lindy-data-handling

Guides data handling best practices for Lindy AI agents: classify PII, add prompt controls, secure knowledge bases, ensure GDPR/HIPAA compliance.

security

ai-ml

npx claudepluginhub jeremylongshore/claude-code-plugins-plus-skills --plugin lindy-pack

Tool Access

This skill is limited to using the following tools:

ReadWriteEdit

Preview

Lindy agents process data through triggers, LLM calls, actions, knowledge bases,

Supporting Assets

references/implementation-guide.md

SKILL.md

Similar Skills

lindy-security-basics

1.9k

Implements security best practices for Lindy AI agents: API key management with secrets managers, webhook verification in TypeScript/Express, and permission scoping.

2 files4 tools

lindy-pack

agent-governance

29.8k

Implements governance patterns for AI agents: policy-based tool controls, intent classification, trust scoring, audit trails, rate limits. For LangChain, CrewAI, OpenAI Agents.

awesome-copilot-refactor

using-superpowers

178.4k

Mandates invoking relevant skills via tools before any response in coding sessions. Covers access, priorities, and adaptations for Claude Code, Copilot CLI, Gemini CLI.

3 files

superpowers

Stats

Parent Repo Stars1854

Parent Repo Forks248

Last CommitApr 3, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Lindy Data Handling

Overview

Lindy agents process data through triggers, LLM calls, actions, knowledge bases, and memory. Data flows through Lindy's managed infrastructure with AES-256 encryption at rest and in transit. This skill covers data classification, PII handling, prompt-level data controls, and regulatory compliance.

Prerequisites

Understanding of data types processed by your agents
Knowledge of applicable regulations (GDPR, CCPA, HIPAA)
For HIPAA: Business Associate Agreement (BAA) with Lindy (Enterprise plan)

Lindy Data Architecture

Component	Data Storage	Retention
Tasks	Task inputs, outputs, step data	Visible in dashboard
Memory	Persistent snippets across tasks	Until manually deleted
Context	Per-task accumulated context	Task lifetime only
Knowledge Base	Uploaded files, crawled sites	Until manually removed
Integrations	OAuth tokens, connection data	Until disconnected
Computer Use	Browser session, screenshots	30 days after last use

Instructions

Step 1: Classify Data in Agent Workflows

Map what data each agent processes:

Data Category	Examples	Handling
Public	Product info, FAQs, pricing	No restrictions
Internal	Sales reports, meeting notes	Limit to authorized agents
Confidential	Customer emails, CRM data	Access controls + audit
Restricted	PII, PHI, payment data	Minimize exposure + compliance

Step 2: PII Controls in Agent Prompts

Add data handling instructions directly to agent prompts:

## Data Handling Rules
- Never include full email addresses in summaries — use "[name]@[domain]"
- Redact phone numbers in logs — show only last 4 digits
- Do not forward customer personal information to Slack channels
- When storing to spreadsheet, omit columns: email, phone, address
- If asked to share customer data externally, decline and escalate

Step 3: Knowledge Base Data Safety

Knowledge base files are searchable by the agent. Control what goes in:

DO upload:

Product documentation
FAQ articles
Policy documents
Public knowledge articles

DO NOT upload:

Customer databases with PII
Credentials or API keys
Internal HR documents (unless agent specifically needs them)
Financial records with account numbers

Resync considerations: KB auto-refreshes every 24 hours. If you upload sensitive content by mistake, remove it AND trigger a manual Resync.

Step 4: Secure Memory Usage

Agent memories persist across all future tasks. Be deliberate:

Safe memory: "Customer prefers email communication over phone"
Safe memory: "Billing questions should escalate to finance@company.com"

Risky memory: "John Smith's SSN is 123-45-6789"  ← NEVER store PII in memory
Risky memory: "API key for Stripe: sk_live_xxxx"  ← NEVER store secrets

Add to agent prompt:

## Memory Rules
- Never store personally identifiable information (PII) in memory
- Never store credentials, API keys, or passwords in memory
- Memories should contain preferences, patterns, and procedures only

Step 5: Computer Use Data Isolation

If using Computer Use (browser automation):

Sessions persist for 30 days with saved credentials
Enable Incognito mode for sessions handling sensitive data
Use dedicated (not shared) computer assignments for sensitive agents
Review screenshots captured during execution for data exposure

Step 6: Integration Account Isolation

Authorize dedicated service accounts per agent (not personal accounts)
Use Gmail with a team alias, not an individual inbox
Create read-only database credentials where possible
Revoke access immediately when an agent is decommissioned

Step 7: Regulatory Compliance

GDPR (EU Data Protection):

Document what personal data each agent processes
Ensure agents only process data with valid legal basis
Implement data subject access/deletion capabilities
Agent prompt includes "do not retain personal data beyond task completion"
Review Lindy's data processing agreement

CCPA (California Consumer Privacy):

Identify agents processing California resident data
Ensure opt-out mechanisms exist for data processing
Agent prompt prevents selling/sharing personal information

HIPAA (Healthcare):

Enterprise plan with BAA in place
Agents only access minimum necessary PHI
No PHI in agent memory or knowledge base
Audit trail enabled for all PHI access
Agent prompt includes PHI handling restrictions

Step 8: Data Retention Management

Agent Prompt Addition:
## Data Retention
- Do not reference data from tasks older than 30 days
- Clear task context after each run (do not accumulate indefinitely)
- When updating memory, remove outdated entries
- Summarize customer interactions, do not store verbatim transcripts

Data Handling Checklist

Each agent's data classification documented
PII handling rules in every agent prompt
Knowledge base audited for sensitive content
Memory creation restricted (no PII, no secrets)
Integration accounts isolated per agent
Computer Use sessions set to dedicated + incognito where needed
Regulatory compliance requirements mapped
BAA in place if handling healthcare data
Data retention policy defined and enforced in prompts

Error Handling

Issue	Cause	Solution
PII in Slack channel	Agent forwarded customer email	Add "never forward PII to Slack" to prompt
Sensitive file in KB	Uploaded by mistake	Remove file + trigger KB resync immediately
Memory contains PII	Agent auto-created memory	Delete memory + add "never store PII" to prompt
Audit finding	Agent accessing unnecessary data	Remove unused integrations from agent

Resources

Next Steps

Proceed to lindy-enterprise-rbac for access control.