Classification levels
| Level | Description | Storage rules | Backup rules |
|---|---|---|---|
| L1 — Public | Already public; no restriction | any | any |
| L2 — Internal | Operational data, no PII | mode 600/700, owner-only | quarterly |
| L3 — Sensitive PII | Names + emails + phones | mode 600, Keychain for tokens, FileVault recommended | quarterly + iCloud mirror |
| L4 — Restricted | Financial / SSN / health / OAuth tokens | Keychain ONLY, never in plaintext on disk | NEVER in unencrypted backups |
Inventory
L4 — Restricted (Keychain only)
| Account | Service | Last rotated | Notes |
|---|---|---|---|
cloudflare_api_token | SkyRun | 2026-04-24 (.env mtime) | Account-level, full edit. ROTATE EVERY 90D. |
ntfy_topic | SkyRun | 2026-04-22 | Public-by-design (push channel name) — Keychain'd for consistency, not security |
- HubSpot API token (currently relying on browser CSRF)
- Gmail OAuth refresh token (currently held by Gmail MCP)
- SmartLead API key (not used; CSV browser injection only)
- BeenVerified session cookies (currently chrome_bridge'd)
- Track / KeyData credentials (not yet automated)
L3 — Sensitive PII (mode 600 files, mode 700 dirs, FileVault recommended)
| Path | Content | PII fields | Records |
|---|---|---|---|
~/Desktop/SkyRun/DNC_active_homeowners.json | Current customer roster — DO-NOT-CONTACT canonical source | email, phone (last10), name tokens | ~141 emails, 97 phones, 263 name tokens |
~/Desktop/SkyRun/knowledge_graph.json | Operator KG — people, deals, meetings | name, email, phone, deal stage, transcripts referenced | 39 people, 11 deals (post-2026-05-02), 26 meetings |
~/Desktop/SkyRun/Prospecting & Leads/master_lead_inventory_807.json | Lead inventory — full prospect data | name, email, phone, address, AV, purchase price, OOS flag | 865 leads |
~/Desktop/SkyRun/Prospecting & Leads/STR Engine Archive/Grand_County_STR_Engine_v3.5_filtered.xlsx | Master workbook (4 tabs) | same as inventory + Score Reason + tier classification | 865 rows × 41 cols (Lead Details) |
~/Desktop/SkyRun/Prospecting & Leads/Postcard_Targets_GrandCounty_v3.5.xlsx | Postcard targets | name, mailing address | ~789 rows |
~/Desktop/SkyRun/Call Transcripts/transcripts/*.txt | Verbatim call transcripts | speaker names, content | ~36 files (~558K chars) |
~/Desktop/SkyRun/Call Transcripts/notes/*.txt | Meeting notes / summaries | same | many |
~/Desktop/SkyRun/Email Scans/*.json + insights_today.jsonl | Gmail-scan output | email subjects, sender, snippets | accumulates daily |
~/Library/Application Support/SkyRun/pwa/data/pending_*.jsonl | Approval queues | recipient names + emails + draft bodies | varies |
~/Library/Application Support/SkyRun/known_hs_duplicates.json | Lead-id ledger of acked dups | lead_ids only (no PII directly) | 30 entries |
~/Library/Application Support/SkyRun/health/*.json | Heartbeats | task summaries, occasionally include names in summary text | 30-day rolling |
~/Desktop/SkyRun/audit/<date>/*.json | Skill audit summaries | varies | accumulates |
~/.claude/projects/-Users-josephbowens-Desktop-SkyRun/memory/project_active_deal_*.md | Per-deal memory | full prospect context | ~7 active deal files |
~/.claude/projects/-Users-josephbowens-Desktop-SkyRun/memory/feedback_*.md | Voice + drafting feedback | includes draft examples with recipient names | many |
~/Desktop/SkyRun/Property Deliverables/<address>/*.{docx,pptx,pdf,xlsx} | Per-property deliverables | owner name, address, financials, Track comp data | ~per-prospect |
L2 — Internal (mode 600/700, no PII directly)
| Path | Content |
|---|---|
~/Library/Application Support/SkyRun/{chrome_bridge,dnc_check,system_hygiene,build_pwa,deploy_pwa,quarterly_backup,notify,pwa_auto_rebuild,fleet_status_push,recompute_health_summary,secrets,schema_guards}.{py,sh,md} | Helper scripts |
~/Library/Application Support/SkyRun/.env | Keychain-backed secret shim (no values in plaintext) |
~/.claude/scheduled-tasks/*/SKILL.md | Skill prompts (operator-agnostic logic; no PII baked in directly) |
~/.claude/projects/-Users-josephbowens-Desktop-SkyRun/memory/reference_*.md | Reference docs |
~/.claude/projects/-Users-josephbowens-Desktop-SkyRun/memory/MEMORY.md | Index — paths + summaries (no raw PII) |
L1 — Public
| Path | Content |
|---|---|
~/Library/Logs/skyrun-*.log (CARE — operational logs may contain snippets that approach L3; rotate aggressively) | |
~/Desktop/SkyRun/Brand & Marketing/* | Brand assets, public marketing |
Handling rules
NEVER
- ❌ Email PII outside the operator's Workspace account
- ❌ Paste PII into a public LLM playground (use the local SkyRun Claude project only)
- ❌ Upload PII to a public diagram/paste service
- ❌ Commit PII to a public Git repo
- ❌ Include PII in a screenshot shared on social/Slack/anywhere external
- ❌ Store L4 secrets in plaintext on disk (use Keychain via
secrets.py)
ALWAYS
- ✅ chmod 600 on L3 files; 700 on L3 dirs (gate-proof + system_hygiene auto-restore drift)
- ✅ Use Keychain (
secrets.py get/set) for all L4 tokens - ✅ Quarterly backup runs include all L2 + L3 (3-source: user + runtime + memory + secrets manifest)
- ✅ Token rotation reminder fires at 90d; rotate at 90d
- ✅ Verify FileVault is ON (currently OFF — top operator action)
- ✅ Audit trail: every write to L3 files logged in
~/Desktop/SkyRun/audit/<date>/
Subject Access / Right-to-Be-Forgotten
If a lead requests removal:
1. Find their lead_id (search master_lead_inventory by name/email/address)
2. Add to DNC_active_homeowners.json with reason "do-not-contact-by-request" + remove lead_id from outbound queues (SmartLead, postcards, pending_drafts)
3. Mark KG entity do_not_contact: true
4. Optionally: blank PII fields in master inventory (keep lead_id + DNC status; remove email/phone/name)
5. HS contact: set lifecyclestage=other and add a note recording the request
6. Ledger the action in ~/Desktop/SkyRun/audit/<date>/dsar_<lead_id>.json with timestamp + scope
Cross-references
reference_dnc_system.md— DNC enforcementreference_security_posture.md— overall security architecturereference_vendor_security_posture.md— vendor risk + DPA trackingreference_incident_runbook.md— IR scenariosreference_disaster_recovery.md— DR procedures