clay-data-handling
Implement GDPR/CCPA-compliant data handling for Clay enrichment pipelines. Use when handling PII from enrichments, implementing data retention policies, or ensuring regulatory compliance for Clay-enriched lead data. Trigger with phrases like "clay data", "clay PII", "clay GDPR", "clay data retention", "clay privacy", "clay CCPA", "clay compliance".
Best use case
clay-data-handling is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Implement GDPR/CCPA-compliant data handling for Clay enrichment pipelines. Use when handling PII from enrichments, implementing data retention policies, or ensuring regulatory compliance for Clay-enriched lead data. Trigger with phrases like "clay data", "clay PII", "clay GDPR", "clay data retention", "clay privacy", "clay CCPA", "clay compliance".
Teams using clay-data-handling should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/clay-data-handling/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How clay-data-handling Compares
| Feature / Agent | clay-data-handling | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Implement GDPR/CCPA-compliant data handling for Clay enrichment pipelines. Use when handling PII from enrichments, implementing data retention policies, or ensuring regulatory compliance for Clay-enriched lead data. Trigger with phrases like "clay data", "clay PII", "clay GDPR", "clay data retention", "clay privacy", "clay CCPA", "clay compliance".
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
ChatGPT vs Claude for Agent Skills
Compare ChatGPT and Claude for AI agent skills across coding, writing, research, and reusable workflow execution.
SKILL.md Source
# Clay Data Handling
## Overview
Manage lead data through Clay enrichment pipelines in compliance with GDPR, CCPA, and data privacy best practices. Clay enriches records with PII (emails, phone numbers, LinkedIn profiles, job titles), requiring careful handling of consent, retention, and export controls.
## Prerequisites
- Clay account with enriched tables
- Understanding of GDPR/CCPA requirements for B2B data
- Data retention policy defined by your legal team
- CRM or database for enriched data storage
## Instructions
### Step 1: Classify Enriched Data by Sensitivity
```typescript
// src/clay/data-classification.ts
enum DataSensitivity {
PUBLIC = 'public', // Company name, industry, employee count
BUSINESS = 'business', // Work email, job title, LinkedIn URL
PERSONAL = 'personal', // Phone number, personal email
RESTRICTED = 'restricted' // Home address, personal phone
}
const FIELD_CLASSIFICATION: Record<string, DataSensitivity> = {
company_name: DataSensitivity.PUBLIC,
industry: DataSensitivity.PUBLIC,
employee_count: DataSensitivity.PUBLIC,
domain: DataSensitivity.PUBLIC,
work_email: DataSensitivity.BUSINESS,
job_title: DataSensitivity.BUSINESS,
linkedin_url: DataSensitivity.BUSINESS,
first_name: DataSensitivity.BUSINESS,
last_name: DataSensitivity.BUSINESS,
phone_number: DataSensitivity.PERSONAL,
personal_email: DataSensitivity.RESTRICTED,
home_address: DataSensitivity.RESTRICTED,
};
function classifyRow(row: Record<string, unknown>): Record<DataSensitivity, string[]> {
const classified: Record<DataSensitivity, string[]> = {
public: [], business: [], personal: [], restricted: [],
};
for (const [field, value] of Object.entries(row)) {
if (value == null) continue;
const sensitivity = FIELD_CLASSIFICATION[field] || DataSensitivity.BUSINESS;
classified[sensitivity].push(field);
}
return classified;
}
```
### Step 2: Validate Input Data Before Enrichment
```typescript
// src/clay/data-validation.ts
import { z } from 'zod';
const ClayInputSchema = z.object({
domain: z.string().min(3).refine(d => d.includes('.'), 'Invalid domain'),
first_name: z.string().min(1).max(100),
last_name: z.string().min(1).max(100),
email: z.string().email().optional(),
source: z.string().optional(),
consent_basis: z.enum(['legitimate_interest', 'consent', 'contract']).optional(),
});
function validateForEnrichment(rows: unknown[]): {
valid: z.infer<typeof ClayInputSchema>[];
invalid: { row: unknown; errors: string[] }[];
} {
const valid: z.infer<typeof ClayInputSchema>[] = [];
const invalid: { row: unknown; errors: string[] }[] = [];
for (const row of rows) {
const result = ClayInputSchema.safeParse(row);
if (result.success) {
valid.push(result.data);
} else {
invalid.push({
row,
errors: result.error.issues.map(i => `${i.path.join('.')}: ${i.message}`),
});
}
}
return { valid, invalid };
}
```
### Step 3: Deduplicate Before Enrichment
```typescript
// src/clay/dedup.ts — prevent credit waste on duplicates
function deduplicateLeads(
rows: Record<string, unknown>[],
keyFields: string[] = ['domain', 'first_name', 'last_name'],
): { unique: Record<string, unknown>[]; duplicates: number } {
const seen = new Set<string>();
const unique: Record<string, unknown>[] = [];
let duplicates = 0;
for (const row of rows) {
const key = keyFields
.map(f => String(row[f] || '').toLowerCase().trim())
.join(':');
if (seen.has(key)) {
duplicates++;
continue;
}
seen.add(key);
unique.push(row);
}
return { unique, duplicates };
}
```
### Step 4: Add Retention Metadata to Enriched Data
```typescript
// src/clay/retention.ts
interface EnrichedRecordWithRetention {
// Original enriched data
[key: string]: unknown;
// Retention metadata
_enriched_at: string; // ISO timestamp
_retention_expires: string; // ISO timestamp
_enrichment_source: string; // 'clay'
_consent_basis: string; // Legal basis for processing
_data_subject_rights: string; // How to handle deletion requests
}
function addRetentionMetadata(
enrichedRow: Record<string, unknown>,
retentionDays: number = 365,
consentBasis: string = 'legitimate_interest',
): EnrichedRecordWithRetention {
const now = new Date();
const expires = new Date(now.getTime() + retentionDays * 24 * 60 * 60 * 1000);
return {
...enrichedRow,
_enriched_at: now.toISOString(),
_retention_expires: expires.toISOString(),
_enrichment_source: 'clay',
_consent_basis: consentBasis,
_data_subject_rights: 'Contact privacy@yourcompany.com for deletion/access requests',
};
}
```
### Step 5: GDPR-Compliant Export
```typescript
// src/clay/export.ts
/** Strip PII for analytics/reporting exports */
function anonymizeForAnalytics(row: Record<string, unknown>): Record<string, unknown> {
const anonymized = { ...row };
// Hash identifiers instead of including plaintext
if (anonymized.work_email) {
anonymized.email_hash = crypto.createHash('sha256')
.update(String(anonymized.work_email).toLowerCase())
.digest('hex');
delete anonymized.work_email;
}
// Remove all personal identifiers
delete anonymized.first_name;
delete anonymized.last_name;
delete anonymized.phone_number;
delete anonymized.linkedin_url;
delete anonymized.personal_email;
return anonymized;
}
/** Full export for CRM push (with consent tracking) */
function exportForCRM(row: Record<string, unknown>): Record<string, unknown> {
return {
...row,
processing_consent: row._consent_basis || 'legitimate_interest',
enrichment_date: row._enriched_at,
data_source: 'clay_enrichment',
};
}
```
### Step 6: Data Subject Rights Implementation
```typescript
// src/clay/data-rights.ts — handle GDPR deletion/access requests
async function handleDeletionRequest(email: string): Promise<{
tablesAffected: string[];
recordsDeleted: number;
}> {
// In Clay: manually delete rows containing this email
// In your database: automated deletion
console.log(`Processing deletion request for ${email}`);
// 1. Find all records
const records = await db.query('SELECT * FROM enriched_leads WHERE email = ?', [email]);
// 2. Delete from database
await db.query('DELETE FROM enriched_leads WHERE email = ?', [email]);
// 3. Log for compliance audit
await db.query('INSERT INTO deletion_log (email_hash, deleted_at, record_count) VALUES (?, ?, ?)', [
crypto.createHash('sha256').update(email).digest('hex'),
new Date().toISOString(),
records.length,
]);
// 4. Note: Clay table rows must be deleted manually in Clay UI
return {
tablesAffected: ['enriched_leads'],
recordsDeleted: records.length,
};
}
```
## Error Handling
| Issue | Cause | Solution |
|-------|-------|----------|
| High duplicate rate | Same list imported twice | Run dedup before sending to Clay |
| Invalid emails in export | Bad source data | Validate with Zod before import |
| Expired data in CRM | No retention cleanup | Schedule weekly expiration check |
| Missing consent basis | No legal basis tracked | Add consent_basis to all records |
| GDPR deletion incomplete | Data in multiple systems | Track all systems in data map |
## Resources
- [GDPR Official Text](https://gdpr.eu/what-is-gdpr/)
- [CCPA Requirements](https://oag.ca.gov/privacy/ccpa)
- [Clay Community](https://community.clay.com)
## Next Steps
For access control, see `clay-enterprise-rbac`.Related Skills
generating-test-data
Generate realistic test data including edge cases and boundary conditions. Use when creating realistic fixtures or edge case test data. Trigger with phrases like "generate test data", "create fixtures", or "setup test database".
managing-database-tests
Test database testing including fixtures, transactions, and rollback management. Use when performing specialized testing. Trigger with phrases like "test the database", "run database tests", or "validate data integrity".
encrypting-and-decrypting-data
Validate encryption implementations and cryptographic practices. Use when reviewing data security measures. Trigger with 'check encryption', 'validate crypto', or 'review security keys'.
scanning-for-data-privacy-issues
Scan for data privacy issues and sensitive information exposure. Use when reviewing data handling practices. Trigger with 'scan privacy issues', 'check sensitive data', or 'validate data protection'.
windsurf-data-handling
Control what code and data Windsurf AI can access and process in your workspace. Use when handling sensitive data, implementing data exclusion patterns, or ensuring compliance with privacy regulations in Windsurf environments. Trigger with phrases like "windsurf data privacy", "windsurf PII", "windsurf GDPR", "windsurf compliance", "codeium data", "windsurf telemetry".
webflow-data-handling
Implement Webflow data handling — CMS content delivery patterns, PII redaction in form submissions, GDPR/CCPA compliance for ecommerce data, and data retention policies. Trigger with phrases like "webflow data", "webflow PII", "webflow GDPR", "webflow data retention", "webflow privacy", "webflow CCPA", "webflow forms data".
vercel-data-handling
Implement data handling, PII protection, and GDPR/CCPA compliance for Vercel deployments. Use when handling sensitive data in serverless functions, implementing data redaction, or ensuring privacy compliance on Vercel. Trigger with phrases like "vercel data", "vercel PII", "vercel GDPR", "vercel data retention", "vercel privacy", "vercel compliance".
veeva-data-handling
Veeva Vault data handling for enterprise operations. Use when implementing advanced Veeva Vault patterns. Trigger: "veeva data handling".
vastai-data-handling
Manage training data and model artifacts securely on Vast.ai GPU instances. Use when transferring data to instances, managing checkpoints, or implementing secure data lifecycle on rented hardware. Trigger with phrases like "vastai data", "vastai upload data", "vastai checkpoints", "vastai data security", "vastai artifacts".
twinmind-data-handling
Handle TwinMind meeting data with GDPR compliance: transcript storage, memory vault management, data export, and deletion policies. Use when implementing data handling, or managing TwinMind meeting AI operations. Trigger with phrases like "twinmind data handling", "twinmind data handling".
supabase-data-handling
Implement GDPR/CCPA compliance with Supabase: RLS for data isolation, user deletion via auth.admin.deleteUser(), data export via SQL, PII column management, backup/restore workflows, and retention policies. Use when handling sensitive data, implementing right-to-deletion, configuring data retention, or auditing PII in Supabase database columns. Trigger: "supabase GDPR", "supabase data handling", "supabase PII", "supabase compliance", "supabase data retention", "supabase delete user", "supabase data export".
speak-data-handling
Handle student audio data, assessment records, and learning progress with GDPR/COPPA compliance. Use when implementing data handling, or managing Speak language learning platform operations. Trigger with phrases like "speak data handling", "speak data handling".