Archivo del skill

Privacy Audit

Name: Privacy Audit
Author: ryangaraygay

Privacy compliance verification including PII detection, local-first validation, and data retention checks.

ryangaraygay0 estrellas21 ene 2026

Ocupación
Categorías: Seguridad

Contenido de la habilidad

Privacy compliance and data protection verification.

Features

PII Detection: Identify handling of personal data
Local-First Validation: Verify data stays on device when expected
Data Retention: Check for proper data lifecycle management
Consent Tracking: Verify consent mechanisms
Third-Party Data Sharing: Detect external data transmission

Checks Performed

1. PII Detection

Data Type	Pattern	Risk Level
Email addresses	`email`, `@`, regex patterns	Medium
Phone numbers	`phone`, `tel`, digit patterns	Medium
Names

Skills relacionados

Privacy Audit | Skills Pool

# Full privacy audit
./scripts/privacy-audit.sh

# Specific framework
./scripts/privacy-audit.sh --framework hipaa

# Backend only
./scripts/privacy-audit.sh --scope backend

## Privacy Audit Report

**Framework:** GDPR
**Date:** 2025-01-20

### PII Inventory

| Data Type | Locations | Storage | Transmission |
|-----------|-----------|---------|--------------|
| Email | 5 files | Local + Server | ⚠️ API calls |
| Name | 3 files | Local + Server | API calls |
| Phone | 1 file | Local only | ✅ None |

### Local-First Compliance

| Feature | Status | Notes |
|---------|--------|-------|
| Offline functionality | ✅ | Works without network |
| Local encryption | ⚠️ | Missing for user prefs |
| Sync consent | ✅ | Explicit opt-in |

### Third-Party Services

| Service | Data Shared | Consent Required |
|---------|-------------|------------------|
| Google Analytics | Page views | ✅ Cookie consent |
| Stripe | Payment info | ✅ Transaction consent |
| Sentry | Error logs | ⚠️ May contain PII |

### Data Retention

| Data | Retention | Deletion | Status |
|------|-----------|----------|--------|
| User accounts | Indefinite | Manual | ⚠️ Add auto-purge |
| Session logs | 30 days | Automatic | ✅ |
| Analytics | 2 years | Automatic | ✅ |

### Recommendations

1. **CRITICAL**: Encrypt user preferences in localStorage
2. **HIGH**: Scrub PII from Sentry error logs
3. **MEDIUM**: Add account deletion automation after 2 years inactivity

Check	Expected	Severity
PII stored locally only	No server transmission	High
Encryption at rest	Local storage encrypted	High
No cloud sync without consent	Explicit opt-in	Critical

Check	Requirement
Deletion mechanism exists	User can delete data
Retention period defined	Data not kept indefinitely
Automatic cleanup	Old data purged

Check	Detection
Analytics scripts	Google Analytics, Mixpanel, etc.
Tracking pixels	Facebook, LinkedIn, etc.
CDN data exposure	External resource loading
API data sharing	PII in external API calls

Privacy Audit

Features

Checks Performed

1. PII Detection

Privacy Audit

Features

Checks Performed

1. PII Detection

2. Local-First Compliance

3. Data Retention

4. Third-Party Analysis

Usage

Output Format

Prerequisites

See Also

1password

Springboot Security

Security Review

Laravel Security

Security Review

Django Security