Stats
Actions
Tags
From clerk-pack
Implements Clerk user data export and deletion for GDPR/CCPA compliance in Next.js apps, covering Clerk data, app database cleanup, and audit logging.
How this skill is triggered — by the user, by Claude, or both
Slash command
/clerk-pack:clerk-data-handlingThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Manage user data, implement privacy features, and ensure GDPR/CCPA compliance using the Clerk Backend API. Covers data export, right to be forgotten, consent management, and audit logging.
Manage user data, implement privacy features, and ensure GDPR/CCPA compliance using the Clerk Backend API. Covers data export, right to be forgotten, consent management, and audit logging.
// app/api/privacy/export/route.ts
import { auth, clerkClient } from '@clerk/nextjs/server'
export async function GET() {
const { userId } = await auth()
if (!userId) return Response.json({ error: 'Unauthorized' }, { status: 401 })
const client = await clerkClient()
const clerkUser = await client.users.getUser(userId)
// Gather data from Clerk
const clerkData = {
id: clerkUser.id,
emails: clerkUser.emailAddresses.map((e) => e.emailAddress),
firstName: clerkUser.firstName,
lastName: clerkUser.lastName,
createdAt: clerkUser.createdAt,
lastSignInAt: clerkUser.lastSignInAt,
publicMetadata: clerkUser.publicMetadata,
}
// Gather data from your database
const appData = await db.user.findUnique({
where: { clerkId: userId },
include: { posts: true, comments: true, preferences: true },
})
return Response.json({
exportDate: new Date().toISOString(),
clerkProfile: clerkData,
applicationData: appData,
})
}
// app/api/privacy/delete/route.ts
import { auth, clerkClient } from '@clerk/nextjs/server'
export async function DELETE() {
const { userId } = await auth()
if (!userId) return Response.json({ error: 'Unauthorized' }, { status: 401 })
const deletionLog: { step: string; status: string }[] = []
try {
// 1. Delete application data first
await db.comment.deleteMany({ where: { authorId: userId } })
deletionLog.push({ step: 'comments', status: 'deleted' })
await db.post.deleteMany({ where: { authorId: userId } })
deletionLog.push({ step: 'posts', status: 'deleted' })
await db.user.delete({ where: { clerkId: userId } })
deletionLog.push({ step: 'app_user', status: 'deleted' })
// 2. Delete from Clerk (this ends the session)
const client = await clerkClient()
await client.users.deleteUser(userId)
deletionLog.push({ step: 'clerk_user', status: 'deleted' })
// 3. Log deletion for compliance audit trail
await db.auditLog.create({
data: {
action: 'USER_DELETED',
subjectId: userId,
details: JSON.stringify(deletionLog),
timestamp: new Date(),
},
})
return Response.json({ deleted: true, log: deletionLog })
} catch (error) {
return Response.json({ error: 'Partial deletion', log: deletionLog }, { status: 500 })
}
}
// lib/consent.ts
import { clerkClient } from '@clerk/nextjs/server'
interface ConsentRecord {
marketing: boolean
analytics: boolean
thirdParty: boolean
updatedAt: string
}
export async function updateConsent(userId: string, consent: Partial<ConsentRecord>) {
const client = await clerkClient()
const user = await client.users.getUser(userId)
const existing = (user.publicMetadata.consent as ConsentRecord) || {}
const updated: ConsentRecord = {
...existing,
...consent,
updatedAt: new Date().toISOString(),
}
await client.users.updateUser(userId, {
publicMetadata: { ...user.publicMetadata, consent: updated },
})
return updated
}
export async function getConsent(userId: string): Promise<ConsentRecord | null> {
const client = await clerkClient()
const user = await client.users.getUser(userId)
return (user.publicMetadata.consent as ConsentRecord) || null
}
'use client'
import { useUser } from '@clerk/nextjs'
import { useState } from 'react'
export function ConsentManager() {
const { user } = useUser()
const consent = (user?.publicMetadata as any)?.consent || {}
const [marketing, setMarketing] = useState(consent.marketing ?? false)
const [analytics, setAnalytics] = useState(consent.analytics ?? true)
const saveConsent = async () => {
await fetch('/api/privacy/consent', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ marketing, analytics }),
})
}
return (
<div>
<h3>Privacy Preferences</h3>
<label>
<input type="checkbox" checked={marketing} onChange={(e) => setMarketing(e.target.checked)} />
Marketing communications
</label>
<label>
<input type="checkbox" checked={analytics} onChange={(e) => setAnalytics(e.target.checked)} />
Analytics tracking
</label>
<button onClick={saveConsent}>Save Preferences</button>
</div>
)
}
// app/api/webhooks/clerk/route.ts (audit section)
async function logAuditEvent(evt: WebhookEvent) {
const auditEntry = {
eventType: evt.type,
userId: 'user_id' in evt.data ? evt.data.user_id : evt.data.id,
timestamp: new Date().toISOString(),
metadata: JSON.stringify(evt.data),
}
await db.auditLog.create({ data: auditEntry })
// Track compliance-relevant events
if (['user.deleted', 'user.updated'].includes(evt.type)) {
console.log(`[COMPLIANCE] ${evt.type} for user ${auditEntry.userId}`)
}
}
| Scenario | Action |
|---|---|
| Partial deletion failure | Log completed steps, retry failed services, alert ops team |
| Export timeout on large data | Queue export job, email user download link when ready |
| Consent sync failure | Retry with exponential backoff, fall back to local storage |
| Clerk API rate limit on bulk delete | Batch deletions with delays between requests |
// scripts/cleanup-orphaned-users.ts
import { createClerkClient } from '@clerk/backend'
const clerk = createClerkClient({ secretKey: process.env.CLERK_SECRET_KEY! })
async function cleanupOrphanedDbUsers() {
const dbUsers = await db.user.findMany({ select: { clerkId: true } })
for (const dbUser of dbUsers) {
try {
await clerk.users.getUser(dbUser.clerkId)
} catch (err: any) {
if (err.status === 404) {
console.log(`Orphaned user: ${dbUser.clerkId} — removing from DB`)
await db.user.delete({ where: { clerkId: dbUser.clerkId } })
}
}
}
}
Proceed to clerk-enterprise-rbac for enterprise SSO and RBAC.
npx claudepluginhub jeremylongshore/claude-code-plugins-plus-skills --plugin clerk-packProvides expert patterns for Clerk auth in Next.js App Router: providers, middleware, route protection, sign-in/up pages, organizations, webhooks, user sync. Use for secure auth setup.
Provides access to Clerk CLI for authentication, user/org/session management, deployment verification, environment keys, and Clerk API calls. Handles auth and formatting automatically.
Sets up Clerk webhook endpoints in Next.js to verify signatures and handle auth events for user sync using @clerk/backend or Svix.