GDPR Article 20 (Right to Data Portability) gives you the right to receive your personal data in a structured, commonly-used, machine-readable format. Zenovay supports this as a self-service download — no support ticket needed.
How to run the export
- Sign in to app.zenovay.com.
- Go to Profile → Account → Export My Data.
- Click Generate export.
The export is built on demand. For most accounts it completes in 30-60 seconds; very large accounts (Scale or Enterprise with years of data) may take up to 5 minutes.
When ready, the page shows a download link to a .zip file. The link expires after 24 hours — if you miss the window, just click Generate export again.
What's in the archive
Inside the zip you'll find these JSON files (and a README.txt):
| File | Contents |
|---|---|
profile.json | Your account email, full name, role, plan, signup date, locale preference. |
websites.json | Metadata for every website you own — domain, tracking code, plan, retention setting. (No visitor data — that's per-website data, not your personal data.) |
team_memberships.json | Every team you're a member of, with role and join date. |
audit_log.json | Audit entries where you were the actor (logins, settings changes, invites sent). |
oauth_identities.json | Linked Google/GitHub accounts (provider, provider-account-id; never the password or token). |
stripe.json | Stripe customer ID, current subscription status, invoice history. |
mfa_devices.json | Registered TOTP / WebAuthn devices (no secrets). |
All values are plaintext JSON, UTF-8 encoded. The structure is intentionally simple so you can grep, jq, or import into Excel/Sheets without specialised tooling.
What's NOT in the archive
- Visitor analytics for websites you own — those visitors are not "you", so they're not your personal data under Article 20. Visitors can request their own exports separately by emailing privacy@zenovay.com (we then identify them via the visitor-ID hash and provide their slice).
- Aggregate / anonymised data — Article 20 only covers data tied to you as an identified natural person.
- Server logs older than 90 days — those are rotated out of hot storage on schedule.
Article 15 vs Article 20
- Article 15 (Right of Access) — broader: you can request a description of what data we hold about you and why, even if we don't deliver it as a file.
- Article 20 (Right to Portability) — narrower but more useful: machine-readable file you can re-upload to a competitor or feed into your own systems.
The self-service export covers both. If you need a written description for a regulator, email privacy@zenovay.com.
Verifying authenticity
The archive's top-level README.txt includes a SHA-256 checksum of every JSON file. If you want to prove the file wasn't modified after download, the same checksums are mirrored in our internal export-log keyed against the timestamp — email privacy@zenovay.com with the timestamp from the export and we'll confirm.
Plan applicability + cost
Free, on every plan. Article 20 cannot be paywalled — we cannot legally charge for the export, and we don't.