Zenovay can push your daily analytics aggregates to your own AWS S3 bucket on a schedule. You bring your own bucket and IAM credentials; Zenovay signs the PUT requests with AWS SigV4. The data is yours, in your account, with your retention policy — Zenovay just writes to it.
What gets exported
V1 exports analytics_daily aggregates: one row per website per date with the same numbers you see on your dashboard.
| Column | Description |
|---|---|
website_id | UUID of the website the row belongs to |
date | The date the row aggregates (UTC) |
total_visitors | Total visitors that day |
unique_visitors | Unique visitors that day |
pageviews | Pageviews that day |
bounce_rate | Bounce rate (0–1) |
avg_session_duration | Average session duration in seconds |
Future expansion (BigQuery, Snowflake, and richer datasets like custom events) is on the roadmap. This article covers S3 only.
What you'll need
- An AWS account
- An S3 bucket (any region)
- An IAM user (or role) with
s3:PutObjecton the prefix you'll configure — no other permissions are needed - Access key ID + secret access key for that IAM user
- A Zenovay team on the Scale plan or above
Step 1 — Create the IAM policy
In the AWS IAM console, create a policy with this minimal permission set. Replace your-bucket and zenovay/ with the bucket and prefix you'll use.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ZenovayWarehouseExportPut",
"Effect": "Allow",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::your-bucket/zenovay/*"
}
]
}
Zenovay never lists, reads, or deletes objects in your bucket. The policy gives only PutObject on a single prefix.
Step 2 — Create an IAM user
Attach the policy from Step 1 to a new IAM user. Generate an access key for the user and copy the access key ID + secret access key — you'll paste them into Zenovay in Step 4.
Step 3 — (Optional) lifecycle policy on your bucket
Each scheduled run writes to:
s3://your-bucket/<prefix><team_id>/<date>/analytics_daily.csv
The object key is idempotent — re-running for the same date overwrites the same key. You can configure an S3 lifecycle policy to:
- Transition older objects to S3 Glacier or Glacier Deep Archive for cheaper long-term storage
- Expire objects after N days/years if you don't need long-term retention
This is fully under your control; Zenovay does not manage lifecycle on your bucket.
Step 4 — Connect the destination in Zenovay
- Open your website's dashboard and go to its Settings, then under the Data section open the Warehouse tab
- Click Add S3 destination
- Fill in the form:
| Field | Value |
|---|---|
| Bucket name | your-bucket |
| AWS region | The region your bucket is in (e.g. eu-central-1) |
| Access key ID | From Step 2 |
| Secret access key | From Step 2 |
| Object key prefix | zenovay/ (or any prefix; must match your IAM policy) |
| Schedule | Daily or hourly |
Zenovay encrypts your secret access key at rest with AES-GCM and never echoes it back in API responses.
Step 5 — Test the destination
After saving, click Run now on the destination row. Zenovay will:
- Read the most recent day's
analytics_dailyrows from your data - Format as CSV
- PUT to
s3://your-bucket/<prefix><team_id>/<yesterday>/analytics_daily.csv
The result shows up in seconds. If it fails, the error message tells you what AWS rejected — usually a typo in the bucket name, region mismatch, or missing IAM permission.
Schedule cadence
- Daily: runs once every 24 hours per destination
- Hourly: runs every hour at minute 0
Zenovay's hourly cron processes up to 200 destinations per tick; if your team has many destinations, runs may stagger by a few minutes.
Pause, resume, delete
- Pause stops scheduled runs without losing the configuration. Manual "Run now" still works.
- Resume turns scheduled runs back on with the same
next_run_atclock. - Delete removes the destination configuration AND its run history. Existing files in your S3 bucket are not touched — they remain under your control.
Privacy and account deletion
- Aggregates only; no individual visitor IPs or PII leave Zenovay
- Credentials stored encrypted at rest with AES-GCM
- Deleting your Zenovay account purges the encrypted credentials and the destination configuration as part of the standard right-to-be-forgotten cascade
Frequently asked
Can I use a non-AWS S3-compatible store like MinIO, R2, or Wasabi? Yes. In the destination form, expand Advanced (S3-compatible endpoints) and paste your provider's S3 endpoint URL (for example https://abc123.r2.cloudflarestorage.com). For Cloudflare R2 and other non-AWS targets, pick the Auto (Cloudflare R2 / S3-compatible) region. The endpoint must be publicly reachable — to test against a local MinIO instance, expose it through a tunnel (cloudflared or ngrok) and use the public URL.
What about BigQuery and Snowflake? Coming in a follow-up release. The same scheduling, plan-gating, and credential storage will apply; only the connector differs.
Can I export to my own bucket in a different AWS account? Yes — that's the supported model. Your IAM user, your bucket, your account. Zenovay just signs the PUT.
How do I download the data once it's in S3? Standard AWS tools — aws s3 cp, the AWS console, or any S3 client. From there it's yours: query with Athena, load into Glue/Redshift/BigQuery, or feed into your own pipelines.
What region should I pick for the bucket? Wherever your downstream tools live. Zenovay charges no data-egress fees — those are between you and AWS. EU customers usually pick eu-central-1 for residency reasons.