From notion-pack
Implements data handling, PII detection and redaction, export/deletion, and GDPR/CCPA compliance for Notion integrations.
How this skill is triggered — by the user, by Claude, or both
Slash command
/notion-pack:notion-data-handlingThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Handle sensitive data correctly when integrating with Notion: detect PII in page
Handle sensitive data correctly when integrating with Notion: detect PII in page
properties and text content, redact sensitive fields before logging or exporting,
minimize data exposure with filter_properties, and implement GDPR/CCPA compliance
patterns — right-of-access exports, right-of-deletion (archive or field clearing), and
retention-based archival, all with audit logging.
The full, copy-ready TypeScript and Python implementations live in references/ so this
file stays a navigable map. Read top-to-bottom for the workflow; drill into a reference
file when you need the complete code for a step.
@notionhq/client v2+ installed (npm install @notionhq/client)notion-client (pip install notion-client)All examples authenticate with an internal integration token read from the environment — never hardcode it:
const notion = new Client({ auth: process.env.NOTION_TOKEN });
Create the token at notion.so/my-integrations and
share each target database with the integration. Deletion and retention flows additionally
require the integration to hold Update capability, or pages.update returns 403.
Work through three stages. Each links to a reference file with the complete implementation.
Notion pages carry PII in dedicated email/phone_number/people properties and
embedded in free-text rich_text/title values. Scan both: check known-sensitive
property types directly, and run regex matchers (email, phone, SSN, credit card, IP) over
text. Loop the whole database through pagination until has_more is false. Skeleton:
function scanPageForPII(page: PageObjectResponse): PIIFinding[] {
// check email / phone_number / people property types,
// then run PII_PATTERNS regexes over rich_text + title text
}
Full TS + Python scanners: pii-detection.md.
Never log or export raw page objects. Pass every page through an allowlist-shaped redactor
that masks sensitive property types and named fields while letting vetted scalar types pass
through. Then cut exposure at the source with filter_properties, which returns only the
properties you name:
notion.databases.query({ database_id: dbId, filter_properties: ['Status', 'Name'] });
Full redactPageProperties implementation and minimization guidance:
redaction-minimization.md.
Three data-subject workflows, each emitting a structured audit event you retain as proof:
archive (soft-delete the whole page,
recoverable ~30 days) or clear_pii (null the PII fields, keep the record). Throttle
bulk updates to ~3 req/s.last_edited_time is older than the retention window.Full export, deletion, and retention functions: compliance-patterns.md.
filter_properties in API queries| Issue | Cause | Solution |
|---|---|---|
| PII in application logs | Missing redaction layer | Use redactPageProperties for all logging |
| Deletion fails on pages (403) | Integration lacks Update capability | Edit integration at notion.so/my-integrations |
| Export missing pages | Pagination not handled | Use start_cursor loop until has_more is false |
| Rate limit during bulk deletion | Too many update calls | Throttle to 3 requests/second with delays |
| Regex false positives | Overly broad patterns | Tune patterns for your data; consider allowlists |
| Regex misses on second page | Stateful g-flag lastIndex | Reset pattern.lastIndex = 0 before each .test() |
| Audit log gaps | Async logging dropped events | Use synchronous logging for compliance events |
A quick database PII audit and a compact Python export, composing the building blocks above:
const findings = await auditDatabaseForPII(process.env.NOTION_DB_ID!);
console.log(`PII audit: ${findings.length} pages with PII detected`);
Both full examples (TS audit summary + Python Article 15 export): examples.md.
filter_propertiesnotion-enterprise-rbac.npx claudepluginhub jeremylongshore/claude-code-plugins-plus-skills --plugin notion-packEnforces Notion governance policies: integration naming standards, page sharing rules, property naming conventions, database schema validation, and access audits.
Read, create, update Notion pages and databases, query databases, and inspect schemas via the Notion API. Requires a CLI tool.
Interacts with the Notion API via REST calls to read, create, update, or delete pages, databases, blocks, comments, and other content. Covers authentication, endpoints, pagination, error handling, and best practices.