Skip to main content
Zenovay
Pro Plan10 minutesBeginner

Data Export for Users

Export personal data and analytics data for GDPR data portability requests and compliance. Learn about the two export paths in this privacy compliance guide.

exportdata-portabilitygdprdownloadprivacy
Last updated:

Zenovay gives you two distinct export paths, and it helps to keep them straight:

  • Your own personal data (the account holder): a free GDPR Article 20 / Article 15 export of the data Zenovay holds about you, the Zenovay user.
  • Your analytics data (the visitors of the sites you track): the business data you collect with Zenovay, exported as CSV or JSON for your records or for fulfilling requests from your own users.

This article covers both.

Understanding Data Portability

GDPR Article 20

Individuals have the right to:

  • Receive their personal data
  • In a structured, commonly used format
  • That is machine-readable (e.g. JSON)
  • And transmit it to another controller

When It Applies

Data portability applies when:

  • Processing is based on consent or contract
  • Processing is automated
  • The request is from the data subject

Exporting Your Own Personal Data (free, all plans)

This is your GDPR Article 20 right to portability and Article 15 right of access for the data Zenovay holds about you as a Zenovay user (profile, websites metadata, team memberships, your own audit trail, and more). It is free on every plan.

  1. Open your account settings

    Go to Settings → Account in the app (app.zenovay.com/settings/account).

  2. Request the export

    In the Data export section, click Download my data.

  3. Save the file

    Zenovay generates a structured JSON file with your personal data and downloads it to your browser. No waiting queue, no email step.

The export deliberately excludes credential material (password hashes, MFA secrets, API key hashes, OAuth tokens) and any data belonging to other people, while still including the fact of those items where relevant (for example, that you have MFA enabled or linked GitHub on a given date). It also excludes the analytics data of websites you track, which is the website operator's business data covered in the next section.

Info

To correct or delete your personal data instead of exporting it, contact [email protected] or use Settings → Account → Delete account.

Exporting Your Analytics Data (Pro and above)

The analytics export covers the visitor and event data you collect, separate from your personal account data. It is part of the Data Export feature, available on Pro, Scale, and Enterprise plans.

Via the API

Use the External API to retrieve analytics data programmatically. API access requires a paid plan (Pro and above), and keys begin with zv_:

# Retrieve visitor analytics data for a website
curl -X GET "https://api.zenovay.com/api/external/v1/analytics/{websiteId}/visitors" \
  -H "X-API-Key: zv_YOUR_API_KEY"

# Retrieve page analytics data
curl -X GET "https://api.zenovay.com/api/external/v1/analytics/{websiteId}/pages" \
  -H "X-API-Key: zv_YOUR_API_KEY"

You can also authenticate with Authorization: Bearer zv_YOUR_API_KEY. Create and manage keys under Settings → Security → API keys.

CSV and JSON exports by email

For a packaged export of a website's analytics, request a CSV or JSON job through the API. Zenovay generates the file and emails it to the team owner when it is ready:

# Request a CSV export for one website
curl -X POST "https://api.zenovay.com/api/team/{teamId}/export/{websiteId}/csv" \
  -H "Authorization: Bearer zv_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "date_from": "2024-01-01", "date_to": "2024-12-31", "aggregation_level": "daily" }'

# Request a JSON export instead
curl -X POST "https://api.zenovay.com/api/team/{teamId}/export/{websiteId}/json" \
  -H "Authorization: Bearer zv_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "date_from": "2024-01-01", "date_to": "2024-12-31", "aggregation_level": "daily" }'

aggregation_level can be raw, daily, or monthly. The export is delivered to the team owner's email address.

Export Data Formats

Analytics exports are available as JSON or CSV.

JSON Format

{
  "website_id": "wb_abc123",
  "date_from": "2024-01-01",
  "date_to": "2024-12-31",
  "pageviews": [
    {
      "timestamp": "2025-01-14T15:30:00Z",
      "url": "/products/widget",
      "title": "Widget Product Page",
      "referrer": "https://google.com",
      "device": "desktop",
      "browser": "Chrome",
      "country": "US"
    }
  ],
  "events": [
    {
      "timestamp": "2025-01-14T15:35:00Z",
      "name": "add_to_cart",
      "properties": {
        "product_id": "SKU-001",
        "price": 99.99
      }
    }
  ]
}

CSV Format

Separate files for each data type:

pageviews.csv:

timestamp,url,title,referrer,device,browser,country
2025-01-14T15:30:00Z,/products/widget,Widget Product Page,https://google.com,desktop,Chrome,US
2025-01-14T15:32:00Z,/checkout,Checkout,/products/widget,desktop,Chrome,US

events.csv:

timestamp,name,property_product_id,property_price,property_quantity
2025-01-14T15:35:00Z,add_to_cart,SKU-001,99.99,1
2025-01-14T15:40:00Z,purchase,SKU-001,99.99,1

Scheduled Exports

On Pro and above, you can schedule recurring analytics exports. A scheduled export runs on a daily, weekly, or monthly cadence and is delivered to the team owner's email when each run completes. Scheduled exports can only be created by the team owner.

Warehouse Exports to Cloud Storage (Scale and above)

On Scale and Enterprise, you can route daily analytics aggregates into your own cloud storage. The current version supports Amazon S3 (and S3-compatible services such as Cloudflare R2, Backblaze B2, and Wasabi). BigQuery and Snowflake destinations are planned.

Configure a destination under your team's settings, or via the warehouse-export API:

# Create an S3 destination for a team
curl -X POST "https://api.zenovay.com/api/team/{teamId}/warehouse-exports" \
  -H "Authorization: Bearer zv_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "destination_type": "s3",
    "destination_config": { "bucket": "your-bucket", "region": "us-east-1", "path": "zenovay-exports/" },
    "credentials": { "access_key_id": "AKIA...", "secret_access_key": "..." }
  }'

Credentials you provide are encrypted at rest and are never returned by the API once stored.

Warning

The destination endpoint must be publicly reachable. Cloudflare Workers cannot reach localhost, so to test against a local S3-compatible service, expose it through a tunnel and use the public URL.

Handling Data Subject Requests

When one of your own users asks you for their data, the workflow is:

1. Receive Request
   └── Verify identity

2. Generate Export
   └── API: GET /api/external/v1/analytics/{websiteId}/visitors
   └── Or request a CSV/JSON job for the website

3. Prepare Data
   └── Filter to the requesting individual's records

4. Deliver Data
   └── Send to the requester through your own channel

5. Confirm Completion
   └── Log for your own compliance records

Zenovay is your processor here: you are the controller of your visitors' data, so identity verification and delivery to the data subject are your responsibility.

Security Considerations

Delivery

  • Personal-data exports download directly to your authenticated browser session.
  • Analytics CSV/JSON exports are delivered to the team owner's verified email.
  • Warehouse exports write to a destination you own and control.
  • All API traffic is HTTPS only and requires a valid API key.

Encryption at Rest

  • Warehouse-export credentials you provide (for example, S3 access keys) are encrypted at rest and never returned by the API after they are saved.
  • IP addresses associated with your account are stored as one-way, daily-salted SHA-256 hashes and cannot be reversed; the hashes themselves are not included in your personal-data export.

Best Practices

Verify Before Exporting

When fulfilling a request from one of your own users, always verify identity:

  • Send a verification email
  • Confirm via a known contact method
  • Document the verification

Document Everything

Keep records of:

  • Request received date
  • Verification performed
  • Export generated
  • Data delivered
  • User confirmed receipt

Timely Response

GDPR requires a response within 30 days:

  • Set up internal tracking
  • Escalate approaching deadlines
  • Extend if necessary (and notify the requester)

Troubleshooting

Personal export did not download

  • Confirm you are signed in and on Settings → Account.
  • Exports are throttled to a few requests per hour per user. Wait a few minutes and try again.

Analytics export email did not arrive

  • Scheduled and on-demand analytics exports are sent to the team owner's email. Confirm that address is correct and check spam.
  • Very large exports take longer to generate. Try a narrower date range.

Missing data

If an analytics export seems incomplete:

  • Check the date range
  • Verify the data was not already deleted
  • Check your plan's data-retention window

Next Steps

Related articles

  1. GDPR Article 20: how do I download my personal data?

    GDPR Article 20 (data portability) lets you export your personal data in a machine-readable format. Here's the self-service flow and what's in the file.

  2. Consent & privacy metrics: see how your cookie banner performs

    View your own cookie-banner accept/reject/dismiss rate over time, an identified-vs-anonymized split, and a data-provenance audit — fed by one line of code from your banner. Zenovay stays cookieless.

  3. Data Retention Policies

    Understand Zenovay's two-phase data retention lifecycle, plan-specific retention periods, and how to recover hidden data through upgrades.

Was this article helpful?