groq-data-handling
Use when you need to keep PII out of Groq API calls, filter model responses, audit-log conversations, or track token cost and usage for a Groq integration. Implements prompt sanitization, PII redaction, response filtering, and usage tracking. Trigger with phrases like "groq data", "groq PII", "groq GDPR", "groq data retention", "groq privacy", "groq compliance".
Allowed Tools
Provided by Plugin
groq-pack
Claude Code skill pack for Groq (24 skills)
Installation
This skill is included in the groq-pack plugin:
/plugin install groq-pack@claude-code-plugins-plus
Click to copy
Instructions
Groq Data Handling
Overview
Manage data flowing through Groq's inference API. This skill wires a privacy
pipeline around the Groq SDK: sanitize prompts before they are sent, filter
responses after they return, redact PII, hash-log an audit trail, and track
token usage and cost. Key fact: Groq does not use API data for model training
Prerequisites
- Node.js project with the
groq-sdkpackage installed (npm i groq-sdk). - A Groq API key exported as
GROQAPIKEY. The SDK reads it automatically
from the environment — new Groq() needs no explicit argument. Never hardcode
the key; keep it in an untracked .env or your secret manager.
- Node's built-in
cryptomodule (for the audit hash) — no install needed.
Instructions
The pipeline layers in four stages; drop simple add-ons (moderation, cost
reporting) on top. Each snippet below is the skeleton — the full, copy-ready
code for every stage is in references/implementation.md.
- Sanitize input — run a PII rule table over every message before it
leaves your process, flagging which categories were caught:
function sanitizeMessages(messages: any[]): { messages: any[]; hadPII: boolean } {
// apply PII_RULES to each message's content; return redacted copy + flag
}
- Wrap the completion call — call
safeCompletion(...)instead of the raw
groq.chat.completions.create, so input and response both pass the sanitizer.
- Track usage —
trackUsage(model, completion.usage, sessionId)records
token counts and estimated cost per call using a per-model price table.
- Audit —
auditedCompletion(...)ties it together and logs a SHA-256
hash of the prompt (never the prompt text) so the audit trail carries no
sensitive content.
For content moderation via Llama Guard and a daily cost report, see
Groq data policy
- Groq does not train on API request/response data.
- Prompts and completions are processed and discarded.
- Groq may temporarily log requests for abuse prevention.
- For enterprise: contact Groq for DPA and SOC 2 compliance details.
Output
- Sanitized messages/responses — text with
[EMAIL],[PHONE],[SSN],
[CARD], [IP] placeholders swapped in for detected PII, plus a hadPII
boolean and a list of redacted categories.
- Usage records — one JSON line per call (
type: "groq_usage") with model,
token counts, and estimatedCostUsd.
- Audit entries — one JSON line per call (
type: "groq_audit") carrying a
prompt hash, piiDetected, responseFiltered, and the usage record.
- Cost report — an aggregated object with
totalCost,totalTokens,
totalCalls, and a per-model breakdown (see the sample in
Error Handling
| Issue | Cause | Solution |
|---|---|---|
| PII leaks in response | Model echoes sensitive input | Apply response filtering on all completions |
| Cost spike | 70B model for all requests | Route simple tasks to 8B |
| Missing usage data | Streaming mode | Use non-streaming for tracked requests, or estimate |
| Audit gaps | Not all code paths use wrapper | Lint rule: ban direct groq.chat.completions.create |
GROQAPIKEY not set |
Key missing from environment | Export the key before running; the SDK throws on an unauthenticated call |
Examples
- Full four-stage pipeline (sanitizer, safe wrapper, usage tracker,
audited completion) — references/implementation.md.
- Content safety check with Llama Guard and a daily cost report —
Minimal end-to-end use once the helpers are in place:
const { content, audit } = await auditedCompletion(sessionId, messages);
// content is PII-filtered; audit is a hash-only record safe to persist
Resources
For enterprise access controls, see the groq-enterprise-rbac skill.