intercom-data-handling
Implement Intercom data handling for GDPR, contact export, data retention, and PII. Use when handling sensitive data, implementing data export/deletion requests, or ensuring compliance with privacy regulations for Intercom integrations. Trigger with phrases like "intercom data", "intercom PII", "intercom GDPR", "intercom data retention", "intercom privacy", "intercom CCPA", "intercom data export", "intercom delete contact".
Best use case
intercom-data-handling is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Implement Intercom data handling for GDPR, contact export, data retention, and PII. Use when handling sensitive data, implementing data export/deletion requests, or ensuring compliance with privacy regulations for Intercom integrations. Trigger with phrases like "intercom data", "intercom PII", "intercom GDPR", "intercom data retention", "intercom privacy", "intercom CCPA", "intercom data export", "intercom delete contact".
Teams using intercom-data-handling should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/intercom-data-handling/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How intercom-data-handling Compares
| Feature / Agent | intercom-data-handling | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Implement Intercom data handling for GDPR, contact export, data retention, and PII. Use when handling sensitive data, implementing data export/deletion requests, or ensuring compliance with privacy regulations for Intercom integrations. Trigger with phrases like "intercom data", "intercom PII", "intercom GDPR", "intercom data retention", "intercom privacy", "intercom CCPA", "intercom data export", "intercom delete contact".
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
ChatGPT vs Claude for Agent Skills
Compare ChatGPT and Claude for AI agent skills across coding, writing, research, and reusable workflow execution.
SKILL.md Source
# Intercom Data Handling
## Overview
Handle sensitive contact data in Intercom integrations with GDPR/CCPA compliance, data export via the Data Export API, contact deletion, PII redaction in logs, and data retention policies.
## Prerequisites
- Understanding of GDPR/CCPA requirements
- `intercom-client` SDK installed
- Database for audit logging
- Familiarity with Intercom's contact and conversation data model
## Data Classification for Intercom
| Category | Intercom Fields | Handling |
|----------|----------------|----------|
| PII | `email`, `name`, `phone`, `location` | Encrypt at rest, redact in logs |
| Identifiers | `id`, `external_id`, `user_id` | Use for lookups, no display |
| Conversation content | `body`, `conversation_parts` | May contain PII, scan before logging |
| Custom attributes | User-defined | Depends on content |
| System metadata | `created_at`, `updated_at`, `role` | Standard handling |
## Instructions
### Step 1: GDPR Data Subject Access Request (DSAR)
Export all Intercom data for a specific user.
```typescript
import { IntercomClient } from "intercom-client";
const client = new IntercomClient({
token: process.env.INTERCOM_ACCESS_TOKEN!,
});
async function exportContactData(contactId: string): Promise<{
contact: any;
conversations: any[];
tags: any[];
segments: any[];
events: any[];
}> {
// 1. Get contact profile
const contact = await client.contacts.find({ contactId });
// 2. Get conversations for this contact
const conversations = [];
const convList = await client.conversations.search({
query: {
field: "contact_ids",
operator: "=",
value: contactId,
},
});
for (const convo of convList.conversations) {
// Get full conversation with parts
const full = await client.conversations.find({
conversationId: convo.id,
});
conversations.push(full);
}
// 3. Get tags
const tags = await client.contacts.listTags({ contactId });
// 4. Get segments
const segments = await client.contacts.listSegments({ contactId });
// 5. Get data events
const events = await client.dataEvents.list({
type: "user",
userId: contact.externalId,
});
return {
contact: {
id: contact.id,
email: contact.email,
name: contact.name,
phone: contact.phone,
role: contact.role,
external_id: contact.externalId,
custom_attributes: contact.customAttributes,
location: contact.location,
created_at: contact.createdAt,
last_seen_at: contact.lastSeenAt,
},
conversations,
tags: tags.data || [],
segments: segments.data || [],
events: events.data || [],
};
}
```
### Step 2: Right to Deletion (GDPR Article 17)
```typescript
async function deleteContactData(contactId: string): Promise<{
deleted: boolean;
auditRecord: any;
}> {
// 1. Export data for audit trail BEFORE deletion
const exportedData = await exportContactData(contactId);
// 2. Delete from Intercom
await client.contacts.delete({ contactId });
// 3. Delete from local cache/database
await localDb.intercomContacts.deleteMany({ intercom_id: contactId });
await localDb.intercomCache.deleteMany({ contact_id: contactId });
// 4. Record audit entry (required by GDPR to prove deletion)
const auditRecord = {
action: "GDPR_DELETION",
contact_id: contactId,
contact_email_hash: hashEmail(exportedData.contact.email), // Hash, don't store
deleted_at: new Date().toISOString(),
data_sources_purged: ["intercom", "local_cache", "local_db"],
conversations_affected: exportedData.conversations.length,
};
await localDb.auditLog.insert(auditRecord);
return { deleted: true, auditRecord };
}
```
### Step 3: Intercom Data Export API (Bulk)
```typescript
// Export all messages for a date range (bulk export)
async function bulkExportMessages(
startDate: string,
endDate: string
): Promise<string> {
// POST /export/messages/data
const response = await fetch("https://api.intercom.io/export/messages/data", {
method: "POST",
headers: {
Authorization: `Bearer ${process.env.INTERCOM_ACCESS_TOKEN}`,
"Content-Type": "application/json",
},
body: JSON.stringify({
created_at_after: Math.floor(new Date(startDate).getTime() / 1000),
created_at_before: Math.floor(new Date(endDate).getTime() / 1000),
}),
});
const data = await response.json();
// Returns: { job_identifier: "abc123", status: "pending", download_url: null }
// Poll for completion
return data.job_identifier;
}
async function checkExportStatus(jobId: string): Promise<{
status: string;
downloadUrl?: string;
}> {
const response = await fetch(
`https://api.intercom.io/export/messages/data/${jobId}`,
{
headers: { Authorization: `Bearer ${process.env.INTERCOM_ACCESS_TOKEN}` },
}
);
const data = await response.json();
// When complete: { status: "complete", download_url: "https://..." }
// Download URL provides a CSV file
return { status: data.status, downloadUrl: data.download_url };
}
```
### Step 4: PII Redaction in Logs
```typescript
// Fields to always redact from log output
const PII_FIELDS = new Set([
"email", "name", "phone", "location", "ip_address",
"custom_attributes.address", "custom_attributes.ssn",
]);
function redactIntercomData(data: Record<string, any>): Record<string, any> {
const redacted = { ...data };
for (const field of PII_FIELDS) {
const parts = field.split(".");
let current: any = redacted;
for (let i = 0; i < parts.length - 1; i++) {
current = current[parts[i]];
if (!current) break;
}
if (current && current[parts[parts.length - 1]]) {
current[parts[parts.length - 1]] = "[REDACTED]";
}
}
return redacted;
}
// Use in all logging
console.log("Contact data:", redactIntercomData(contact));
// Output: { id: "abc", email: "[REDACTED]", name: "[REDACTED]", role: "user" }
```
### Step 5: Data Retention Policy
```typescript
// Retention periods for cached Intercom data
const RETENTION = {
contact_cache: 30, // days - cached contact profiles
conversation_cache: 90, // days - cached conversations
webhook_events: 30, // days - processed webhook records
audit_log: 2555, // days (7 years) - compliance requirement
data_export: 7, // days - export download files
};
async function enforceRetention(): Promise<{ deleted: Record<string, number> }> {
const results: Record<string, number> = {};
for (const [type, days] of Object.entries(RETENTION)) {
if (type === "audit_log") continue; // Never auto-delete audit logs
const cutoff = new Date();
cutoff.setDate(cutoff.getDate() - days);
const result = await localDb.collection(type).deleteMany({
created_at: { $lt: cutoff },
});
results[type] = result.deletedCount;
}
return { deleted: results };
}
// Schedule daily at 3 AM
// cron: "0 3 * * *"
```
## Data Minimization
```typescript
// Only sync the fields you actually need from Intercom
async function syncContactMinimal(contactId: string) {
const contact = await client.contacts.find({ contactId });
// Store only necessary fields
return {
intercom_id: contact.id,
external_id: contact.externalId,
role: contact.role,
plan: contact.customAttributes?.plan,
last_seen_at: contact.lastSeenAt,
// DO NOT store: email, name, phone, location
};
}
```
## Error Handling
| Issue | Cause | Solution |
|-------|-------|----------|
| Export job stuck in "pending" | Large dataset | Poll every 30s, timeout at 1h |
| Deletion returns 404 | Already deleted | Log and continue (idempotent) |
| PII in conversation bodies | User-submitted content | Scan with regex, redact in logs |
| Audit log gap | Failed write | Use write-ahead log or queue |
## Resources
- [Data Export API](https://developers.intercom.com/docs/references/rest-api/api.intercom.io/data-export/data_export)
- [Contacts API](https://developers.intercom.com/docs/references/rest-api/api.intercom.io/contacts)
- [GDPR Guide](https://gdpr.eu/developers/)
- [Intercom Privacy](https://www.intercom.com/privacy)
## Next Steps
For enterprise access control, see `intercom-enterprise-rbac`.Related Skills
generating-test-data
Generate realistic test data including edge cases and boundary conditions. Use when creating realistic fixtures or edge case test data. Trigger with phrases like "generate test data", "create fixtures", or "setup test database".
managing-database-tests
Test database testing including fixtures, transactions, and rollback management. Use when performing specialized testing. Trigger with phrases like "test the database", "run database tests", or "validate data integrity".
encrypting-and-decrypting-data
Validate encryption implementations and cryptographic practices. Use when reviewing data security measures. Trigger with 'check encryption', 'validate crypto', or 'review security keys'.
scanning-for-data-privacy-issues
Scan for data privacy issues and sensitive information exposure. Use when reviewing data handling practices. Trigger with 'scan privacy issues', 'check sensitive data', or 'validate data protection'.
windsurf-data-handling
Control what code and data Windsurf AI can access and process in your workspace. Use when handling sensitive data, implementing data exclusion patterns, or ensuring compliance with privacy regulations in Windsurf environments. Trigger with phrases like "windsurf data privacy", "windsurf PII", "windsurf GDPR", "windsurf compliance", "codeium data", "windsurf telemetry".
webflow-data-handling
Implement Webflow data handling — CMS content delivery patterns, PII redaction in form submissions, GDPR/CCPA compliance for ecommerce data, and data retention policies. Trigger with phrases like "webflow data", "webflow PII", "webflow GDPR", "webflow data retention", "webflow privacy", "webflow CCPA", "webflow forms data".
vercel-data-handling
Implement data handling, PII protection, and GDPR/CCPA compliance for Vercel deployments. Use when handling sensitive data in serverless functions, implementing data redaction, or ensuring privacy compliance on Vercel. Trigger with phrases like "vercel data", "vercel PII", "vercel GDPR", "vercel data retention", "vercel privacy", "vercel compliance".
veeva-data-handling
Veeva Vault data handling for enterprise operations. Use when implementing advanced Veeva Vault patterns. Trigger: "veeva data handling".
vastai-data-handling
Manage training data and model artifacts securely on Vast.ai GPU instances. Use when transferring data to instances, managing checkpoints, or implementing secure data lifecycle on rented hardware. Trigger with phrases like "vastai data", "vastai upload data", "vastai checkpoints", "vastai data security", "vastai artifacts".
twinmind-data-handling
Handle TwinMind meeting data with GDPR compliance: transcript storage, memory vault management, data export, and deletion policies. Use when implementing data handling, or managing TwinMind meeting AI operations. Trigger with phrases like "twinmind data handling", "twinmind data handling".
supabase-data-handling
Implement GDPR/CCPA compliance with Supabase: RLS for data isolation, user deletion via auth.admin.deleteUser(), data export via SQL, PII column management, backup/restore workflows, and retention policies. Use when handling sensitive data, implementing right-to-deletion, configuring data retention, or auditing PII in Supabase database columns. Trigger: "supabase GDPR", "supabase data handling", "supabase PII", "supabase compliance", "supabase data retention", "supabase delete user", "supabase data export".
speak-data-handling
Handle student audio data, assessment records, and learning progress with GDPR/COPPA compliance. Use when implementing data handling, or managing Speak language learning platform operations. Trigger with phrases like "speak data handling", "speak data handling".