Data export

What you can export

Two types of export:

1. Workspace export. Everything in your workspace: companies, audits, content, integrations metadata, audit logs, team membership, billing history.
2. Personal data export (Article 15). Everything we hold ABOUT YOU specifically — your account profile, your authentication events, your activity across workspaces you're a member of.

Both are self-serve.

Requesting a workspace export

Only workspace owners and admins can request.

Settings → Workspace → Export workspace data.

The export packages into a ZIP archive containing:

• workspace.json — high-level workspace metadata.
• companies/ — one JSON file per company, plus per-company subdirectories with audit history, content, mentions.
• audit-log.csv — full audit log within your retention window.
• integrations.json — connection metadata (encrypted credentials are NOT included — see redactions below).
• team.json — current and historical team membership.
• billing.json — invoices and subscription history.

Exports run asynchronously. We email you a download link when ready, typically within 5–30 minutes depending on workspace size. The download link is valid for 7 days.

Requesting a personal export

Available to every user, regardless of role.

Settings → My account → Export my data.

You receive:

• profile.json — account fields, OAuth providers, MFA enrollment state (not secrets).
• memberships.json — every workspace you're in, your role, when you joined.
• auth-events.json — sign-ins, sign-outs, MFA challenges, password resets.
• activity.json — your share of audit-log entries across all workspaces, where you were the actor.

What's redacted

Both export types redact:

• API key plaintexts. We store hashes; the plaintext doesn't exist on our side.
• Integration credentials. OAuth tokens, application passwords, etc. are stored encrypted; we export the encrypted ciphertext is omitted — exporting it would give the holder access without decryption keys we hold separately.
• Other users' personal data. Your workspace export lists teammate names and roles; it does NOT include their authentication events, password hashes, or personal MFA seeds.
• Payment method full PAN. We never have these (Stripe holds them); the export shows only Stripe references and last-four digits.

Format

JSON throughout (with CSV for the audit log). UTF-8 encoding. Timestamps are ISO 8601. IDs match the values you see in the UI and the API.

Frequency

You can request a fresh export at any time. We don't rate-limit, but each export consumes some compute — please don't script frequent exports for monitoring (use the audit-log API for that).

GDPR articles satisfied

• Article 15 (Right of access). The personal export covers this.
• Article 20 (Right to data portability). Both exports are machine-readable and structured.
• Article 17 (Right to erasure). Separate flow — see Account deletion or Settings → My account → Delete account.

CCPA articles satisfied

The same exports satisfy CCPA's right-to-know and right-to-portability requirements. The CCPA opt-out flow is documented at CCPA.

Differences across regions

Exports look identical regardless of where you sign up. Backups of your data live in the region you signed up in (EU users → EU; US users → US; etc.). The export is generated from the live database in your region.

What you can do with the export

It's yours. Take it to a competitor, archive it, audit it for content moderation. The export is the canonical record of what we hold about your workspace.

Programmatic export

The export is not yet available via API. The dashboard self-serve is the only path. This is a deliberate tradeoff — programmatic export of bulk personal data is high-risk and we want the human-in-loop ceremony for now.