Data Export for Users

Export visitor data to fulfill GDPR data portability requests and maintain compliance.

Understanding Data Portability

GDPR Article 20

Individuals have the right to:

• Receive their personal data
• In a structured, commonly used format
• Machine-readable (e.g., JSON, CSV)
• Transmit to another controller

When It Applies

Data portability applies when:

• Processing based on consent or contract
• Processing is automated
• Request is from the data subject

Exporting Individual User Data

Via Dashboard

1. Go to Settings → Privacy → Data Export
2. Enter user ID or email
3. Select data types:
   • Page views
   • Events
   • Sessions
   • User profile
4. Choose format (JSON/CSV)
5. Click Generate Export
6. Download when ready

Via API

Use the External API to retrieve analytics data for export:

# Retrieve visitor analytics data for a website
curl -X GET "https://api.zenovay.com/api/external/v1/analytics/{websiteId}/visitors" \
  -H "X-API-Key: zv_YOUR_API_KEY"

# Retrieve page analytics data
curl -X GET "https://api.zenovay.com/api/external/v1/analytics/{websiteId}/pages" \
  -H "X-API-Key: zv_YOUR_API_KEY"

For full user-level data exports (combining all data types into a single downloadable file), use the dashboard export feature described above. The dashboard supports JSON and CSV formats with automatic packaging.

Export Data Format

JSON Format

{
  "export_id": "exp_abc123",
  "generated_at": "2025-01-15T10:30:00Z",
  "user": {
    "user_id": "user_123",
    "email": "user@example.com",
    "name": "John Doe",
    "created_at": "2024-06-15T08:00:00Z",
    "properties": {
      "plan": "pro",
      "company": "Acme Inc"
    }
  },
  "pageviews": [
    {
      "timestamp": "2025-01-14T15:30:00Z",
      "url": "/products/widget",
      "title": "Widget Product Page",
      "referrer": "https://google.com",
      "device": "desktop",
      "browser": "Chrome",
      "country": "US"
    }
  ],
  "events": [
    {
      "timestamp": "2025-01-14T15:35:00Z",
      "name": "add_to_cart",
      "properties": {
        "product_id": "SKU-001",
        "price": 99.99
      }
    }
  ],
  "sessions": [
    {
      "session_id": "sess_xyz",
      "started_at": "2025-01-14T15:30:00Z",
      "ended_at": "2025-01-14T15:45:00Z",
      "pages_viewed": 5,
      "events_triggered": 3
    }
  ]
}

CSV Format

Separate files for each data type:

pageviews.csv:

timestamp,url,title,referrer,device,browser,country
2025-01-14T15:30:00Z,/products/widget,Widget Product Page,https://google.com,desktop,Chrome,US
2025-01-14T15:32:00Z,/checkout,Checkout,/products/widget,desktop,Chrome,US

events.csv:

timestamp,name,property_product_id,property_price,property_quantity
2025-01-14T15:35:00Z,add_to_cart,SKU-001,99.99,1
2025-01-14T15:40:00Z,purchase,SKU-001,99.99,1

Bulk Data Export

Export All Analytics Data

Use the External API endpoints to retrieve different types of analytics data:

# Overall analytics
curl -X GET "https://api.zenovay.com/api/external/v1/analytics/{websiteId}?from=2024-01-01&to=2024-12-31" \
  -H "X-API-Key: zv_YOUR_API_KEY"

# Visitor data
curl -X GET "https://api.zenovay.com/api/external/v1/analytics/{websiteId}/visitors?from=2024-01-01&to=2024-12-31" \
  -H "X-API-Key: zv_YOUR_API_KEY"

# Page data
curl -X GET "https://api.zenovay.com/api/external/v1/analytics/{websiteId}/pages?from=2024-01-01&to=2024-12-31" \
  -H "X-API-Key: zv_YOUR_API_KEY"

For bulk exports with combined data types in a single file, use the dashboard at Settings → Data Export → Scheduled or One-Time Export.

Scheduled Exports

Set up automatic exports:

1. Go to Settings → Data Export → Scheduled
2. Configure:
   • Frequency: Daily, Weekly, Monthly
   • Format: JSON or CSV
   • Data types to include
   • Delivery method: Email, S3, GCS, SFTP
3. Enable and save

Export to Cloud Storage

Amazon S3:

{
  "destination": {
    "type": "s3",
    "bucket": "your-bucket",
    "region": "us-east-1",
    "path": "zenovay-exports/",
    "access_key_id": "AKIAIOSFODNN7EXAMPLE",
    "secret_access_key": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
  }
}

Google Cloud Storage:

{
  "destination": {
    "type": "gcs",
    "bucket": "your-bucket",
    "path": "zenovay-exports/",
    "service_account_json": "..."
  }
}

Handling Data Subject Requests

Request Workflow

1. Receive Request
   └── Verify identity

2. Generate Export
   └── Dashboard: Settings → Privacy → Data Export
   └── Or API: GET /api/external/v1/analytics/{websiteId}/visitors

3. Prepare Data
   └── Download from dashboard or process API response

4. Deliver Data
   └── Email download link
   └── Or direct delivery

5. Confirm Completion
   └── Log for compliance

Email Delivery

// Generate and email export
async function handleDataRequest(userEmail) {
  // Find user
  const user = await findUserByEmail(userEmail);
  if (!user) {
    return { error: 'User not found' };
  }

  // Generate export
  const exportResult = await zenovayAPI.post(
    `/users/${user.id}/export`,
    { format: 'json', include: 'all' }
  );

  // Wait for completion
  const completed = await waitForExport(exportResult.export_id);

  // Send to user
  await sendEmail(userEmail, {
    subject: 'Your Data Export is Ready',
    body: `
      Download your data here: ${completed.download_url}

      This link expires in 7 days.

      The export includes:
      - Page view history
      - Event tracking data
      - Session information
      - Your profile data
    `
  });

  return { success: true };
}

Security Considerations

Download Link Security

• Links expire after 7 days
• One-time download tokens available
• HTTPS only
• Authenticated access required

Data Encryption

Exports can be encrypted using the dashboard's export feature:

1. Go to Settings → Privacy → Data Export
2. Generate the export
3. Enable Encryption and provide your PGP public key
4. Download the encrypted export file

Access Logging

All exports are logged:

• Who requested
• What data
• When generated
• Download status

Compliance Documentation

Export Receipts

Generate receipt for records:

{
  "receipt_id": "rcpt_abc123",
  "export_id": "exp_abc123",
  "requested_by": "admin@company.com",
  "subject_email": "user@example.com",
  "data_included": [
    "pageviews",
    "events",
    "sessions",
    "profile"
  ],
  "date_range": {
    "start": "2024-01-01",
    "end": "2024-12-31"
  },
  "generated_at": "2025-01-15T10:30:00Z",
  "delivered_at": "2025-01-15T10:35:00Z",
  "delivery_method": "email"
}

Audit Trail

View export history:

1. Go to Settings → Audit Log
2. Filter by "Data Export"
3. See all exports with:
   • Timestamp
   • Requester
   • Subject
   • Status

Rate Limits

Export Limits

Plan	Exports per Day	Max Data per Export
Pro	50	1 GB
Scale	200	10 GB
Enterprise	Unlimited	Unlimited

Large Exports

For exports > 1 GB:

1. Export is split into multiple files
2. Download as ZIP archive
3. Or stream to cloud storage

Best Practices

Verify Before Exporting

Always verify identity:

• Send verification email
• Confirm via known contact method
• Document verification

Document Everything

Keep records of:

• Request received date
• Verification performed
• Export generated
• Data delivered
• User confirmed receipt

Timely Response

GDPR requires response within 30 days:

• Set up internal tracking
• Escalate approaching deadlines
• Extend if necessary (notify user)

Secure Delivery

• Use encrypted channels
• Set expiry on download links
• Confirm delivery

Troubleshooting

Export Failed

Check:

• User/visitor exists
• Date range valid
• Within plan limits
• API key has permissions

Large Export Timeout

For very large exports:

• Split into smaller date ranges
• Use async export endpoint
• Stream to cloud storage

Missing Data

If export seems incomplete:

• Check date range
• Verify data wasn't already deleted
• Check retention policy

Next Steps

• Right to Erasure
• Data Retention
• GDPR Overview