gamma-data-handling
Handle data privacy, retention, and compliance for Gamma integrations. Use when implementing GDPR compliance, data retention policies, or managing user data within Gamma workflows. Trigger with phrases like "gamma data", "gamma privacy", "gamma GDPR", "gamma data retention", "gamma compliance".
Best use case
gamma-data-handling is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Handle data privacy, retention, and compliance for Gamma integrations. Use when implementing GDPR compliance, data retention policies, or managing user data within Gamma workflows. Trigger with phrases like "gamma data", "gamma privacy", "gamma GDPR", "gamma data retention", "gamma compliance".
Teams using gamma-data-handling should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/gamma-data-handling/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How gamma-data-handling Compares
| Feature / Agent | gamma-data-handling | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Handle data privacy, retention, and compliance for Gamma integrations. Use when implementing GDPR compliance, data retention policies, or managing user data within Gamma workflows. Trigger with phrases like "gamma data", "gamma privacy", "gamma GDPR", "gamma data retention", "gamma compliance".
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
ChatGPT vs Claude for Agent Skills
Compare ChatGPT and Claude for AI agent skills across coding, writing, research, and reusable workflow execution.
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
SKILL.md Source
# Gamma Data Handling
## Overview
Data handling, privacy controls, and compliance for Gamma API integrations. Gamma processes user-submitted content through AI to generate presentations -- understand what data flows where and how to handle PII, retention, and GDPR requirements.
## Prerequisites
- Understanding of data privacy regulations (GDPR, CCPA)
- Completed `gamma-install-auth` setup
- Data classification policies defined
## Data Flow Map
```
User Input (content, prompts)
│
▼
┌──────────────┐
│ Your App │ ← PII may be in content (names, company data)
│ (API key) │
└──────┬───────┘
│ POST /v1.0/generations
▼
┌──────────────┐
│ Gamma API │ ← Content processed by AI
│ (gamma.app) │ ← Images generated
└──────┬───────┘
│ gammaUrl + exportUrl
▼
┌──────────────┐
│ Generated │ ← Presentation stored in Gamma workspace
│ Content │ ← Export files (PDF/PPTX/PNG) temporary
└──────────────┘
```
## Data Classification
| Data Type | Classification | Where Stored | Retention |
|-----------|---------------|--------------|-----------|
| API key | Secret | Your env vars | Active use only |
| Content/prompts | May contain PII | Gamma servers (during generation) | Gamma's policy |
| Generated gammas | User data | Gamma workspace | User-controlled |
| Export files (PDF/PPTX) | User data | Temporary URLs | Download promptly, URLs expire |
| User prompts in logs | PII risk | Your infrastructure | Your policy (sanitize!) |
| Credit usage | Billing data | Gamma | Per Gamma ToS |
## Instructions
### Step 1: Sanitize Content Before Sending
```typescript
// src/gamma/sanitize.ts
// Remove PII from content before sending to Gamma if not needed
interface SanitizeOptions {
removeEmails: boolean;
removePhones: boolean;
maskNames: boolean;
}
function sanitizeContent(content: string, opts: SanitizeOptions): string {
let sanitized = content;
if (opts.removeEmails) {
sanitized = sanitized.replace(/[\w.-]+@[\w.-]+\.\w+/g, "[email]");
}
if (opts.removePhones) {
sanitized = sanitized.replace(/\+?[\d\s()-]{10,}/g, "[phone]");
}
if (opts.maskNames) {
// Only mask if you have a list of known names
// Generic regex would be too aggressive
}
return sanitized;
}
// Usage: sanitize before generation
const safeContent = sanitizeContent(userContent, {
removeEmails: true,
removePhones: true,
maskNames: false,
});
await gamma.generate({
content: safeContent,
outputFormat: "presentation",
});
```
### Step 2: Sanitize Logs
```typescript
// src/gamma/logging.ts
// Never log raw content or API keys
function logGeneration(request: any, result: any) {
console.log(JSON.stringify({
event: "gamma_generation",
timestamp: new Date().toISOString(),
generationId: result.generationId,
outputFormat: request.outputFormat,
contentLength: request.content?.length,
// NEVER log: content (may have PII), apiKey
status: result.status,
creditsUsed: result.creditsUsed,
}));
}
```
### Step 3: Export File Handling
```typescript
// src/gamma/exports.ts
// Export URLs are temporary — download and store securely
import { writeFile } from "node:fs/promises";
import { S3Client, PutObjectCommand } from "@aws-sdk/client-s3";
async function archiveExport(
exportUrl: string,
metadata: { generationId: string; userId: string }
) {
// Download immediately — URLs expire
const res = await fetch(exportUrl);
if (!res.ok) throw new Error(`Export download failed: ${res.status}`);
const buffer = Buffer.from(await res.arrayBuffer());
// Store with encryption
const s3 = new S3Client({ region: "us-east-1" });
const key = `gamma-exports/${metadata.userId}/${metadata.generationId}.pdf`;
await s3.send(new PutObjectCommand({
Bucket: process.env.EXPORTS_BUCKET!,
Key: key,
Body: buffer,
ContentType: "application/pdf",
ServerSideEncryption: "aws:kms",
Metadata: {
generationId: metadata.generationId,
archivedAt: new Date().toISOString(),
},
}));
console.log(`Archived: s3://${process.env.EXPORTS_BUCKET}/${key}`);
}
```
### Step 4: Data Retention Policy
```typescript
// src/gamma/retention.ts
interface RetentionPolicy {
exportMaxDays: number; // Delete local export copies
logRetentionDays: number; // Anonymize generation logs
promptRetentionDays: number; // Delete stored prompts
}
const POLICY: RetentionPolicy = {
exportMaxDays: 90, // Keep exports 90 days
logRetentionDays: 30, // Anonymize logs after 30 days
promptRetentionDays: 7, // Delete prompts after 7 days
};
async function enforceRetention() {
const cutoff = new Date();
// Delete old exports from S3
cutoff.setDate(cutoff.getDate() - POLICY.exportMaxDays);
await deleteOldExports(cutoff);
// Anonymize old logs
cutoff.setDate(cutoff.getDate() + POLICY.exportMaxDays - POLICY.logRetentionDays);
await anonymizeLogs(cutoff);
// Delete stored prompts
cutoff.setDate(cutoff.getDate() + POLICY.logRetentionDays - POLICY.promptRetentionDays);
await deletePrompts(cutoff);
}
```
### Step 5: GDPR Request Handling
```typescript
// Handle data subject access/erasure requests
async function handleGdprRequest(
type: "access" | "erasure",
userId: string
) {
if (type === "access") {
// Return all data we store about this user
return {
generations: await db.generations.findMany({ where: { userId } }),
exports: await listS3Objects(`gamma-exports/${userId}/`),
// Note: data stored IN Gamma's workspace is Gamma's responsibility
// Direct user to gamma.app to access/delete their workspace data
};
}
if (type === "erasure") {
// Delete from our systems
await db.generations.deleteMany({ where: { userId } });
await deleteS3Prefix(`gamma-exports/${userId}/`);
// Instruct user to delete Gamma workspace data at gamma.app
return { deleted: true, note: "Delete Gamma workspace data at gamma.app" };
}
}
```
## Compliance Checklist
- [ ] Content sanitized before sending to Gamma API (PII removed if not needed)
- [ ] API keys never logged
- [ ] Export URLs downloaded promptly and stored encrypted
- [ ] Retention policies defined and enforced
- [ ] GDPR access/erasure request process documented
- [ ] User consent obtained for AI processing of their content
- [ ] Gamma DPA signed (if required by your jurisdiction)
- [ ] Logs sanitized (no raw content or PII)
## Error Handling
| Error | Cause | Solution |
|-------|-------|----------|
| Export URL expired | Downloaded too late | Download immediately on generation completion |
| PII in logs | Missing sanitization | Add log sanitization middleware |
| Retention job failed | Scheduler stopped | Monitor cron job health |
| GDPR request incomplete | Gamma workspace not addressed | Direct user to gamma.app for workspace data |
## Resources
- [Gamma Privacy Policy](https://gamma.app/privacy)
- [Gamma Terms of Service](https://gamma.app/tos)
- [GDPR Compliance Guide](https://gdpr.eu/)
## Next Steps
Proceed to `gamma-enterprise-rbac` for access control.Related Skills
generating-test-data
Generate realistic test data including edge cases and boundary conditions. Use when creating realistic fixtures or edge case test data. Trigger with phrases like "generate test data", "create fixtures", or "setup test database".
managing-database-tests
Test database testing including fixtures, transactions, and rollback management. Use when performing specialized testing. Trigger with phrases like "test the database", "run database tests", or "validate data integrity".
encrypting-and-decrypting-data
Validate encryption implementations and cryptographic practices. Use when reviewing data security measures. Trigger with 'check encryption', 'validate crypto', or 'review security keys'.
scanning-for-data-privacy-issues
Scan for data privacy issues and sensitive information exposure. Use when reviewing data handling practices. Trigger with 'scan privacy issues', 'check sensitive data', or 'validate data protection'.
windsurf-data-handling
Control what code and data Windsurf AI can access and process in your workspace. Use when handling sensitive data, implementing data exclusion patterns, or ensuring compliance with privacy regulations in Windsurf environments. Trigger with phrases like "windsurf data privacy", "windsurf PII", "windsurf GDPR", "windsurf compliance", "codeium data", "windsurf telemetry".
webflow-data-handling
Implement Webflow data handling — CMS content delivery patterns, PII redaction in form submissions, GDPR/CCPA compliance for ecommerce data, and data retention policies. Trigger with phrases like "webflow data", "webflow PII", "webflow GDPR", "webflow data retention", "webflow privacy", "webflow CCPA", "webflow forms data".
vercel-data-handling
Implement data handling, PII protection, and GDPR/CCPA compliance for Vercel deployments. Use when handling sensitive data in serverless functions, implementing data redaction, or ensuring privacy compliance on Vercel. Trigger with phrases like "vercel data", "vercel PII", "vercel GDPR", "vercel data retention", "vercel privacy", "vercel compliance".
veeva-data-handling
Veeva Vault data handling for enterprise operations. Use when implementing advanced Veeva Vault patterns. Trigger: "veeva data handling".
vastai-data-handling
Manage training data and model artifacts securely on Vast.ai GPU instances. Use when transferring data to instances, managing checkpoints, or implementing secure data lifecycle on rented hardware. Trigger with phrases like "vastai data", "vastai upload data", "vastai checkpoints", "vastai data security", "vastai artifacts".
twinmind-data-handling
Handle TwinMind meeting data with GDPR compliance: transcript storage, memory vault management, data export, and deletion policies. Use when implementing data handling, or managing TwinMind meeting AI operations. Trigger with phrases like "twinmind data handling", "twinmind data handling".
supabase-data-handling
Implement GDPR/CCPA compliance with Supabase: RLS for data isolation, user deletion via auth.admin.deleteUser(), data export via SQL, PII column management, backup/restore workflows, and retention policies. Use when handling sensitive data, implementing right-to-deletion, configuring data retention, or auditing PII in Supabase database columns. Trigger: "supabase GDPR", "supabase data handling", "supabase PII", "supabase compliance", "supabase data retention", "supabase delete user", "supabase data export".
speak-data-handling
Handle student audio data, assessment records, and learning progress with GDPR/COPPA compliance. Use when implementing data handling, or managing Speak language learning platform operations. Trigger with phrases like "speak data handling", "speak data handling".