Pii Privacy
# Angle: PII / privacy / audit trail Paste this as the `{{ANGLE_SPECIFIC_CHECKLIST}}` in the audit-agent prompt. Target: privacy-adjacent defects — unvalidated PII writes, missing audit logs, PII leaks in over-fetched responses, delete flows that leave zombie data. Applicable regardless of local regulation (GDPR, CCPA, PIPA, LGPD, PDPA, etc.). ## Look for 1. **Unvalidated PII on PATCH/POST.** Server accepts arbitrary strings for `phone`, `birthday`, `country`, `gender`, `postal_code`, `national_id` without format validation. Downstream code that trusts these values (`findCountry()`, SMS routing, CSV export) silently degrades. 2. **`SELECT *` on user/profile tables** returning fields the caller doesn't need. Every extra field is a potential PII surface if a future column holds sensitive data. 3. **Missing audit logs on write.** Writes to PII-bearing tables (user, profile, address, consent) should emit a structured audit event. Field NAMES only, not values (log values doubles the PII footprint). 4. **Consent lifecycle.** Marketing consent tracked as a boolean with no `consent_at` / `consent_source` / `consent_withdrawn_at` timestamps. If a regulator asks "prove this user gave consent on date X", you have a boolean. 5. **Account deletion completeness.** DELETE flow leaves rows in: comments, reviews, wishlists, chatbot leads, order history (should anonymize, not delete, for accounting compliance), audit logs (keep). Check every table that could reference the user. 6. **Zombie sessions after deletion.** Account deletion succeeds on the DB side but Cognito/Firebase/Auth0 delete is "best effort" and silently fails — user's session cookie still works for hours. 7. **Delete-flow friction.** Uses `window.confirm()` twice as the only friction. No email confirmation, no "download my data" export, no grace period. 8. **Data export missing.** GDPR/CCPA/PIPA-style data portability: is there a "download my data" endpoint? Or does the user have to email support? 9. **Cross-tab race / last-write-wins.** No optimistic concurrency control on profile PATCH. Two tabs open → tab A edits phone → tab B (loaded before A saved) hits Save with stale form → clobbers A's edit silently. 10. **Full PII displayed in the clear.** Profile page renders email/phone/birthday verbatim. Shoulder-surfing risk. Screenshot-to-support-ticket risk. No masking / show-hide toggle. 11. **PII in logs.** Grep `console.log`, `console.error` for lines that log email addresses, phone numbers, birthdays, addresses. Hash them (use SHA-256 truncated) before logging. 12. **PII in URL query strings.** GET `/api/user?email=foo@bar.com` — email lands in server logs, CDN logs, referrer headers. 13. **Reserved / staff-name impersonation on user-content fields.** Any comment / post / review form that lets a customer set their display name to "Admin", "Staff", "관리자" (Korean for "admin"), "サポート" (Japanese for "support") — need a reserved-name blocklist with NFKC normalization. 14. **Rate limits on account creation, password reset, comment/post.** Missing rate limits let one leaked credential flood the site. 15. **Delete cascades leaving orphans.** Foreign keys with no ON DELETE clause — deleting a user leaves orphan comments/orders/wishlist rows referencing a nonexistent user_id. 16. **Custom-fields JSONB bloat.** Any `custom_fields: Record<string, string>` shipped straight into a jsonb column with no key-count cap, no value-length cap, no key-name allow-list? A compromised browser extension could inject arbitrary keys. ## Files to prioritize - `/api/customer/profile/*` (or equivalent PATCH/DELETE for user profile) - `/api/customer/me/*` (or session/identity route) - Sign-up / registration routes - Account deletion routes - Any component displaying PII - Audit log helper (grep for one; if there isn't one, that IS the finding) - Cognito / Firebase / Auth0 admin helpers ## Grep starters
fill the variables
This prompt has 1 variable. Pro fills them into a ready-to-paste prompt for you — no manual find-and-replace.
{{ANGLE_SPECIFIC_CHECKLIST}
Unlock with Pro →when to use it
Community prompt sourced from the open-source GitHub repo jeonhs9110/agentic-audit-loop (MIT). A "Pii Privacy" style prompt — adapt the placeholders and specifics to your task. Imported as-is and not independently retested here, so check the output before relying on it.
tags
productivitycommunitydeveloper
source
jeonhs9110/agentic-audit-loop · MIT
more in Productivity
Productivity✓ tested
Summarize a doc into decisions & actions
chief of staff who extracts what to DO, not just what was said
Productivity✓ tested
Draft a reply to a hard email
calm, direct communicator who de-escalates without caving
Productivity✓ tested
Turn a brain-dump into a weekly plan
planning coach who protects your focus, not just your calendar