Customer Data Guardrails

Safe handling of personal and customer data in AI prompts, logs, validation pipelines, and application code.

CopilotCursorKilo
AuthorNeexoCore
Apply to**/*.{ts,tsx,py,md}
Updated
privacypiiguardrails

Overview

When building data enrichment or assistant features, treat customer and personal data as high-risk.

Rules

  • Never paste real names, emails, phone numbers, or identifiers into agent prompts or commit messages
  • Use synthetic fixtures in examples and tests
  • Redact PII in logs, error reports, and session transcripts
  • Scope data access by organization or tenant — never return cross-tenant rows
  • Validate all external payloads with Zod (or equivalent) before persistence
  • Document lawful basis and retention only in internal compliance docs — keep code comments technical

AI session hygiene

  • Do not attach production database dumps to agent context
  • Prefer aggregated or anonymized samples for debugging
  • If uncertain whether data is sensitive, treat it as sensitive

Raw content

Copy into your project — e.g. .instructions.md, .agent.md, or SKILL.md

## Overview

When building data enrichment or assistant features, treat customer and personal data as high-risk.

## Rules

- Never paste real names, emails, phone numbers, or identifiers into agent prompts or commit messages
- Use synthetic fixtures in examples and tests
- Redact PII in logs, error reports, and session transcripts
- Scope data access by organization or tenant — never return cross-tenant rows
- Validate all external payloads with Zod (or equivalent) before persistence
- Document lawful basis and retention only in internal compliance docs — keep code comments technical

## AI session hygiene

- Do not attach production database dumps to agent context
- Prefer aggregated or anonymized samples for debugging
- If uncertain whether data is sensitive, treat it as sensitive

Next steps

Matched by shared tags and category. Browse all instructions