miro-data-handling
Implement Miro REST API v2 data handling with PII detection in board content, data export via API, retention policies, and GDPR/CCPA compliance patterns. Trigger with phrases like "miro data", "miro PII", "miro GDPR", "miro data export", "miro privacy", "miro compliance".
Best use case
miro-data-handling is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Implement Miro REST API v2 data handling with PII detection in board content, data export via API, retention policies, and GDPR/CCPA compliance patterns. Trigger with phrases like "miro data", "miro PII", "miro GDPR", "miro data export", "miro privacy", "miro compliance".
Teams using miro-data-handling should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/miro-data-handling/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How miro-data-handling Compares
| Feature / Agent | miro-data-handling | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Implement Miro REST API v2 data handling with PII detection in board content, data export via API, retention policies, and GDPR/CCPA compliance patterns. Trigger with phrases like "miro data", "miro PII", "miro GDPR", "miro data export", "miro privacy", "miro compliance".
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
ChatGPT vs Claude for Agent Skills
Compare ChatGPT and Claude for AI agent skills across coding, writing, research, and reusable workflow execution.
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
SKILL.md Source
# Miro Data Handling
## Overview
Handle sensitive data correctly when integrating with Miro REST API v2. Miro boards can contain PII in sticky notes, cards, and text items. This skill covers detecting PII in board content, exporting board data for DSAR requests, implementing retention policies, and ensuring GDPR/CCPA compliance.
## Data Classification for Miro Content
| Category | Examples in Miro | Handling |
|----------|-----------------|----------|
| PII | Emails/names in sticky notes, assignee info in cards | Detect, redact in logs, export on DSAR request |
| Sensitive | OAuth tokens, API keys in text items | Never cache, alert on detection |
| Business | Board names, project plans, diagrams | Standard handling, respect board sharing policy |
| Public | Template content, product names | No special handling needed |
## PII Detection in Board Items
Scan board content for personally identifiable information:
```typescript
const PII_PATTERNS = [
{ type: 'email', regex: /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/g },
{ type: 'phone', regex: /\b\d{3}[-.]?\d{3}[-.]?\d{4}\b/g },
{ type: 'ssn', regex: /\b\d{3}-\d{2}-\d{4}\b/g },
{ type: 'credit_card', regex: /\b\d{4}[- ]?\d{4}[- ]?\d{4}[- ]?\d{4}\b/g },
{ type: 'ip_address', regex: /\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b/g },
];
interface PiiFindings {
boardId: string;
itemId: string;
itemType: string;
findings: Array<{ type: string; field: string; count: number }>;
}
async function scanBoardForPii(boardId: string): Promise<PiiFindings[]> {
const results: PiiFindings[] = [];
// Fetch all text-containing items
const itemTypes = ['sticky_note', 'card', 'text', 'shape'];
for (const type of itemTypes) {
const items = await fetchAllItems(boardId, type);
for (const item of items) {
const contentFields = extractTextContent(item);
const findings: PiiFindings['findings'] = [];
for (const [field, text] of Object.entries(contentFields)) {
if (!text) continue;
for (const pattern of PII_PATTERNS) {
const matches = text.match(pattern.regex);
if (matches) {
findings.push({ type: pattern.type, field, count: matches.length });
}
}
}
if (findings.length > 0) {
results.push({ boardId, itemId: item.id, itemType: item.type, findings });
}
}
}
return results;
}
function extractTextContent(item: any): Record<string, string> {
switch (item.type) {
case 'sticky_note': return { content: item.data?.content };
case 'card': return { title: item.data?.title, description: item.data?.description };
case 'text': return { content: item.data?.content };
case 'shape': return { content: item.data?.content };
default: return {};
}
}
```
## Board Data Export (for DSAR Requests)
When a user requests their data under GDPR Article 15 / CCPA:
```typescript
interface BoardDataExport {
exportedAt: string;
requestedBy: string;
boards: Array<{
boardId: string;
boardName: string;
role: string;
items: Array<{
id: string;
type: string;
content: string | null;
createdAt: string;
createdBy: string;
}>;
}>;
}
async function exportUserBoardData(userId: string): Promise<BoardDataExport> {
// Step 1: List all boards the user has access to
const boards = await fetchAllBoards();
const exportData: BoardDataExport = {
exportedAt: new Date().toISOString(),
requestedBy: userId,
boards: [],
};
for (const board of boards) {
// Step 2: Get board members to check user's role
const members = await miroFetch(`/v2/boards/${board.id}/members?limit=50`);
const userMember = members.data.find((m: any) => m.id === userId);
if (!userMember) continue;
// Step 3: Get all items created by this user
const allItems = await fetchAllItems(board.id);
const userItems = allItems.filter((item: any) => item.createdBy?.id === userId);
exportData.boards.push({
boardId: board.id,
boardName: board.name,
role: userMember.role,
items: userItems.map((item: any) => ({
id: item.id,
type: item.type,
content: item.data?.content ?? item.data?.title ?? null,
createdAt: item.createdAt,
createdBy: item.createdBy?.id,
})),
});
}
return exportData;
}
```
## Data Redaction in Logs
Never log board content that might contain PII:
```typescript
function redactMiroData(data: Record<string, any>): Record<string, any> {
const sensitiveFields = [
'content', 'title', 'description', 'assigneeId',
'access_token', 'refresh_token', 'client_secret',
];
const redacted = JSON.parse(JSON.stringify(data));
function redactDeep(obj: any): void {
for (const key of Object.keys(obj)) {
if (sensitiveFields.includes(key) && typeof obj[key] === 'string') {
obj[key] = `[REDACTED:${obj[key].length} chars]`;
} else if (typeof obj[key] === 'object' && obj[key] !== null) {
redactDeep(obj[key]);
}
}
}
redactDeep(redacted);
return redacted;
}
// Use in logging middleware
function logMiroResponse(path: string, status: number, body: any): void {
console.log('[MIRO]', {
path,
status,
body: redactMiroData(body), // Content never appears in logs
});
}
```
## Data Retention for Cached Miro Data
If you cache or sync Miro board data locally:
```typescript
interface RetentionPolicy {
dataType: string;
retentionDays: number;
reason: string;
}
const RETENTION_POLICIES: RetentionPolicy[] = [
{ dataType: 'board_cache', retentionDays: 1, reason: 'Performance cache only' },
{ dataType: 'webhook_events', retentionDays: 30, reason: 'Debugging' },
{ dataType: 'api_audit_logs', retentionDays: 365, reason: 'Compliance' },
{ dataType: 'user_tokens', retentionDays: 0, reason: 'Delete on user disconnect' },
];
async function enforceRetention(db: Database): Promise<RetentionReport> {
const report: RetentionReport = { deletedCounts: {} };
for (const policy of RETENTION_POLICIES) {
const cutoff = new Date();
cutoff.setDate(cutoff.getDate() - policy.retentionDays);
const deleted = await db.deleteWhere(policy.dataType, {
createdAt: { $lt: cutoff },
});
report.deletedCounts[policy.dataType] = deleted;
}
return report;
}
// Schedule daily
// cron: 0 3 * * * node -e "enforceRetention(db)"
```
## Right to Deletion (GDPR Article 17)
```typescript
async function deleteUserMiroData(userId: string): Promise<DeletionResult> {
const steps: string[] = [];
// 1. Delete cached board data for this user
await db.boardCache.deleteMany({ userId });
steps.push('Deleted cached board data');
// 2. Delete webhook event logs mentioning this user
await db.webhookEvents.deleteMany({ 'event.createdBy.id': userId });
steps.push('Deleted webhook event logs');
// 3. Delete stored OAuth tokens
await tokenStorage.delete(userId);
steps.push('Deleted OAuth tokens');
// 4. Audit log the deletion (required to keep for compliance)
await db.auditLogs.insert({
action: 'GDPR_DELETION',
userId,
service: 'miro',
deletedAt: new Date().toISOString(),
steps,
});
// NOTE: You cannot delete data from Miro boards via API on behalf of a user.
// The user must delete their own board content in Miro directly,
// or a board admin can remove the user's items.
return { success: true, steps };
}
```
## Board Content Security Scanning
```typescript
// Detect secrets accidentally pasted into board items
const SECRET_PATTERNS = [
{ type: 'aws_key', regex: /AKIA[0-9A-Z]{16}/g },
{ type: 'github_token', regex: /ghp_[A-Za-z0-9_]{36}/g },
{ type: 'miro_token', regex: /eyJ[A-Za-z0-9_-]{20,}/g },
{ type: 'private_key', regex: /-----BEGIN (RSA |EC )?PRIVATE KEY-----/g },
];
async function scanBoardForSecrets(boardId: string): Promise<SecurityAlert[]> {
const alerts: SecurityAlert[] = [];
const items = await fetchAllItems(boardId);
for (const item of items) {
const content = item.data?.content ?? item.data?.title ?? '';
for (const pattern of SECRET_PATTERNS) {
if (pattern.regex.test(content)) {
alerts.push({
severity: 'critical',
type: pattern.type,
itemId: item.id,
itemType: item.type,
boardId,
});
pattern.regex.lastIndex = 0; // Reset regex
}
}
}
return alerts;
}
```
## Error Handling
| Issue | Cause | Solution |
|-------|-------|----------|
| PII in cached data | No redaction | Apply `redactMiroData()` before caching |
| DSAR export timeout | Too many boards | Paginate and use background job |
| Deletion incomplete | Missing data stores | Audit all locations where Miro data is stored |
| Secret in board | User pasted credentials | Alert via `scanBoardForSecrets()` |
## Resources
- [Miro Privacy Policy](https://miro.com/legal/privacy-policy/)
- [Miro Security](https://miro.com/security/)
- [GDPR Developer Guide](https://gdpr.eu/developers/)
- [CCPA Compliance](https://oag.ca.gov/privacy/ccpa)
## Next Steps
For enterprise access control, see `miro-enterprise-rbac`.Related Skills
generating-test-data
Generate realistic test data including edge cases and boundary conditions. Use when creating realistic fixtures or edge case test data. Trigger with phrases like "generate test data", "create fixtures", or "setup test database".
managing-database-tests
Test database testing including fixtures, transactions, and rollback management. Use when performing specialized testing. Trigger with phrases like "test the database", "run database tests", or "validate data integrity".
encrypting-and-decrypting-data
Validate encryption implementations and cryptographic practices. Use when reviewing data security measures. Trigger with 'check encryption', 'validate crypto', or 'review security keys'.
scanning-for-data-privacy-issues
Scan for data privacy issues and sensitive information exposure. Use when reviewing data handling practices. Trigger with 'scan privacy issues', 'check sensitive data', or 'validate data protection'.
windsurf-data-handling
Control what code and data Windsurf AI can access and process in your workspace. Use when handling sensitive data, implementing data exclusion patterns, or ensuring compliance with privacy regulations in Windsurf environments. Trigger with phrases like "windsurf data privacy", "windsurf PII", "windsurf GDPR", "windsurf compliance", "codeium data", "windsurf telemetry".
webflow-data-handling
Implement Webflow data handling — CMS content delivery patterns, PII redaction in form submissions, GDPR/CCPA compliance for ecommerce data, and data retention policies. Trigger with phrases like "webflow data", "webflow PII", "webflow GDPR", "webflow data retention", "webflow privacy", "webflow CCPA", "webflow forms data".
vercel-data-handling
Implement data handling, PII protection, and GDPR/CCPA compliance for Vercel deployments. Use when handling sensitive data in serverless functions, implementing data redaction, or ensuring privacy compliance on Vercel. Trigger with phrases like "vercel data", "vercel PII", "vercel GDPR", "vercel data retention", "vercel privacy", "vercel compliance".
veeva-data-handling
Veeva Vault data handling for enterprise operations. Use when implementing advanced Veeva Vault patterns. Trigger: "veeva data handling".
vastai-data-handling
Manage training data and model artifacts securely on Vast.ai GPU instances. Use when transferring data to instances, managing checkpoints, or implementing secure data lifecycle on rented hardware. Trigger with phrases like "vastai data", "vastai upload data", "vastai checkpoints", "vastai data security", "vastai artifacts".
twinmind-data-handling
Handle TwinMind meeting data with GDPR compliance: transcript storage, memory vault management, data export, and deletion policies. Use when implementing data handling, or managing TwinMind meeting AI operations. Trigger with phrases like "twinmind data handling", "twinmind data handling".
supabase-data-handling
Implement GDPR/CCPA compliance with Supabase: RLS for data isolation, user deletion via auth.admin.deleteUser(), data export via SQL, PII column management, backup/restore workflows, and retention policies. Use when handling sensitive data, implementing right-to-deletion, configuring data retention, or auditing PII in Supabase database columns. Trigger: "supabase GDPR", "supabase data handling", "supabase PII", "supabase compliance", "supabase data retention", "supabase delete user", "supabase data export".
speak-data-handling
Handle student audio data, assessment records, and learning progress with GDPR/COPPA compliance. Use when implementing data handling, or managing Speak language learning platform operations. Trigger with phrases like "speak data handling", "speak data handling".