clerk-data-handling

Name: clerk-data-handling - Agent Skill
Rating: 5.0 (1046 reviews)
Author: jeremylongshore

1,046

MIT

Handle user data, privacy, and GDPR compliance with Clerk. Use when implementing data export, user deletion, or privacy compliance features. Trigger with phrases like "clerk user data", "clerk GDPR", "clerk privacy", "clerk data export", "clerk delete user".

Download Folder View on GitHub

CLI Install

Recommended

Use the skills CLI to install this skill with one command. Auto-detects all installed AI assistants.

Method 1 - skills CLI

npx skills i jeremylongshore/claude-code-plugins-plus-skills/plugins/saas-packs/clerk-pack/skills/clerk-data-handling

Method 2 - openskills (supports sync & update)

npx openskills install jeremylongshore/claude-code-plugins-plus-skills

Auto-detects Claude Code, Cursor, Codex CLI, Gemini CLI, and more. One install, works everywhere.

Installation Path

Download and extract to one of the following locations:

~/.claude/skills/clerk-data-handling/

SKILL.md

Skill Instructions

Back

Run with Cloud Agent

No setup needed. Let our cloud agents run this skill for you.

Select Provider

Select Model

Claude Sonnet 4.5

$0.20/task

Best for coding tasks

No setup required

Clerk Data Handling

Overview

Manage user data, implement privacy features, and ensure compliance with regulations.

Prerequisites

Clerk integration working
Understanding of GDPR/CCPA requirements
Database with user-related data

Instructions

Step 1: User Data Export

// lib/data-export.ts
import { clerkClient } from '@clerk/nextjs/server'
import { db } from './db'
 
interface UserDataExport {
  clerk: ClerkUserData
  application: ApplicationUserData
  exportedAt: string
}
 
interface ClerkUserData {
  id: string
  email: string | undefined
  firstName: string | null

Step 2: User Deletion (Right to be Forgotten)

// lib/user-deletion.ts
import { clerkClient } from '@clerk/nextjs/server'
import { db } from './db'

Step 3: Data Retention Policies

// lib/data-retention.ts
import { db } from './db'
import { clerkClient } from '@clerk/nextjs/server'
 
interface RetentionPolicy {
  activityLogs: number // days
  sessions

// lib/consent.ts
import { currentUser } from '@clerk/nextjs/server'
 
interface ConsentRecord {
  marketing: boolean
  analytics: boolean
  thirdParty: boolean
  updatedAt: Date

// app/api/user/data/route.ts
import { auth } from '@clerk/nextjs/server'
import { exportUserData } from '@/lib/data-export'
 
// Data Export (GDPR Article 20)
export async function GET() {
  const {

Step 6: Audit Logging

// lib/audit-log.ts
interface AuditEvent {
  type: 'data_access' | 'data_export' | 'data_deletion' | 'consent_change'
  userId: string
  performedBy: string
  details: Record<string, any>
  timestamp

Privacy Checklist

Output

Data export functionality
User deletion capability
Consent management
Audit logging

Error Handling

Scenario	Action
Partial deletion	Retry failed services, log for manual review
Export timeout	Queue export, email when complete
Consent sync fail	Retry with exponential backoff

Resources

Next Steps

Proceed to clerk-enterprise-rbac for enterprise SSO and RBAC.

lastName: string | null

lastSignIn: Date | null

metadata: Record<string, any>

interface ApplicationUserData {

export async function exportUserData(userId: string): Promise<UserDataExport> {

const client = await clerkClient()

// Get Clerk user data

const clerkUser = await client.users.getUser(userId)

// Get application data

const [profile, orders, preferences, activityLog] = await Promise.all([

db.userProfile.findUnique({ where: { clerkId: userId } }),

db.order.findMany({ where: { userId }, orderBy: { createdAt: 'desc' } }),

db.userPreference.findMany({ where: { userId } }),

db.activityLog.findMany({

orderBy: { timestamp: 'desc' },

email: clerkUser.primaryEmailAddress?.emailAddress,

firstName: clerkUser.firstName,

lastName: clerkUser.lastName,

createdAt: new Date(clerkUser.createdAt),

lastSignIn: clerkUser.lastSignInAt ? new Date(clerkUser.lastSignInAt) : null,

public: clerkUser.publicMetadata,

// Note: privateMetadata should be handled carefully

profile: sanitizeForExport(profile),

orders: orders.map(sanitizeForExport),

preferences: preferences.map(sanitizeForExport),

activityLog: activityLog.map(sanitizeForExport)

exportedAt: new Date().toISOString()

function sanitizeForExport(data: any): any {

if (!data) return null

// Remove internal fields

const { id, createdAt, updatedAt, ...rest } = data

interface DeletionResult {

deletedFrom: string[]

export async function deleteUserCompletely(userId: string): Promise<DeletionResult> {

const result: DeletionResult = {

// Step 1: Delete from application database

await db.$transaction([

// Delete related records first (foreign key constraints)

db.activityLog.deleteMany({ where: { userId } }),

db.order.deleteMany({ where: { userId } }),

db.userPreference.deleteMany({ where: { userId } }),

db.userProfile.delete({ where: { clerkId: userId } })

result.deletedFrom.push('application_database')

} catch (error: any) {

result.errors.push(`Database deletion failed: ${error.message}`)

result.success = false

// Step 2: Delete from Clerk

const client = await clerkClient()

await client.users.deleteUser(userId)

result.deletedFrom.push('clerk')

} catch (error: any) {

result.errors.push(`Clerk deletion failed: ${error.message}`)

result.success = false

// Step 3: Delete from external services

await deleteFromExternalServices(userId)

result.deletedFrom.push('external_services')

} catch (error: any) {

result.errors.push(`External service deletion failed: ${error.message}`)

// Log deletion for audit

await logDeletionEvent(userId, result)

async function deleteFromExternalServices(userId: string) {

// Delete from analytics

// Delete from email service

// Delete from payment provider

async function logDeletionEvent(userId: string, result: DeletionResult) {

// Maintain audit log of deletions (anonymized)

await db.deletionLog.create({

anonymizedId: hashUserId(userId),

deletedAt: new Date(),

success: result.success,

errors: result.errors

inactiveUsers: number // days

const RETENTION_POLICY: RetentionPolicy = {

export async function enforceRetentionPolicy() {

const now = new Date()

// Clean up old activity logs

const activityCutoff = new Date(

now.getTime() - RETENTION_POLICY.activityLogs * 24 * 60 * 60 * 1000

const deletedLogs = await db.activityLog.deleteMany({

timestamp: { lt: activityCutoff }

console.log(`Deleted ${deletedLogs.count} old activity logs`)

// Identify inactive users for notification

const inactiveCutoff = new Date(

now.getTime() - RETENTION_POLICY.inactiveUsers * 24 * 60 * 60 * 1000

const inactiveUsers = await db.userProfile.findMany({

lastActiveAt: { lt: inactiveCutoff },

notifiedAboutInactivity: false

// Notify inactive users before deletion

for (const user of inactiveUsers) {

await notifyInactiveUser(user.clerkId)

await db.userProfile.update({

where: { id: user.id },

data: { notifiedAboutInactivity: true }

console.log(`Notified ${inactiveUsers.length} inactive users`)

export async function getConsent(userId: string): Promise<ConsentRecord | null> {

const user = await currentUser()

if (!user) return null

marketing: user.publicMetadata?.consent?.marketing ?? false,

analytics: user.publicMetadata?.consent?.analytics ?? false,

thirdParty: user.publicMetadata?.consent?.thirdParty ?? false,

updatedAt: new Date(user.publicMetadata?.consent?.updatedAt || user.createdAt)

export async function updateConsent(

consent: Partial<ConsentRecord>

const client = await clerkClient()

const user = await client.users.getUser(userId)

const currentConsent = user.publicMetadata?.consent || {}

await client.users.updateUser(userId, {

...user.publicMetadata,

updatedAt: new Date().toISOString()

// Log consent change for audit

await logConsentChange(userId, consent)

return Response.json({ error: 'Unauthorized' }, { status: 401 })

const userData = await exportUserData(userId)

return new Response(JSON.stringify(userData, null, 2), {

'Content-Type': 'application/json',

'Content-Disposition': `attachment; filename="user-data-${userId}.json"`

// app/api/user/delete/route.ts

import { deleteUserCompletely } from '@/lib/user-deletion'

// Data Deletion (GDPR Article 17)

export async function DELETE() {

const { userId } = await auth()

return Response.json({ error: 'Unauthorized' }, { status: 401 })

// Require confirmation

const confirmed = request.headers.get('X-Confirm-Delete') === 'true'

return Response.json(

{ error: 'Confirmation required', requiresHeader: 'X-Confirm-Delete: true' },

const result = await deleteUserCompletely(userId)

if (result.success) {

return Response.json({ message: 'Account deleted successfully' })

return Response.json(

{ error: 'Partial deletion', details: result },

export async function logAuditEvent(event: Omit<AuditEvent, 'timestamp'>) {

await db.auditLog.create({

timestamp: new Date()

// For compliance, also log to external service

if (process.env.AUDIT_LOG_ENDPOINT) {

await fetch(process.env.AUDIT_LOG_ENDPOINT, {

headers: { 'Content-Type': 'application/json' },

body: JSON.stringify({ ...event, timestamp: new Date() })

clerk-data-handling

CLI Install

Skill Instructions

Run with Cloud Agent

Clerk Data Handling

Overview

Prerequisites

Instructions

Step 1: User Data Export

Step 2: User Deletion (Right to be Forgotten)

Step 3: Data Retention Policies

Step 4: Consent Management

Step 5: GDPR API Endpoints

Step 6: Audit Logging

Privacy Checklist

Output

Error Handling

Resources

Next Steps