Skip to main content
Skip to content
Foregrade

Export your data

Download a copy of all your data in JSON or CSV format.

Last updated: 2026-04-25

You own your data. You can download a full copy at any time in two formats. This satisfies your GDPR / UK GDPR Article 20 right to data portability.

JSON export (everything)

Settings → Data & Privacy → Export as JSON downloads a single JSON file containing every table where we hold data about you:

  • User account data
  • All products
  • All orders (up to 50,000 most recent)
  • All returns
  • All expenses
  • All creators / affiliates
  • Cancellation records
  • Buyer watchlist
  • Return automation rules
  • Notification preferences
  • Team members
  • Audit log (last 1,000 events)
  • Sync status
  • Notification subscriptions (push, webhook, email opt-ins)
  • Email events (deliverability log)
  • VAT / tax records
  • Subscription + billing history
  • Payment methods (last-4 only — never full card)
  • Discount codes redeemed
  • Stripe events received
  • Outbound webhook deliveries
  • Return rule audit trail
  • Return action history
  • Sync run history (full + incremental)
  • API request log

That's the full set of 24 tables we read from. Anything not listed here is either derived (cached aggregates, fast-recomputable) or system-internal (encryption keys, session secrets) — see "What's excluded" below.

CSV export (specific datasets)

Individual pages have CSV export buttons:

  • Returns CSV — all returns with buyer, reason, deadline, cost
  • Orders CSV — all orders with fees, COGS, profit per line
  • Products CSV — all products with COGS and margin

CSV exports include a timestamp in the filename and open cleanly in Excel / Google Sheets.

Rate limits

  • JSON export: 3 per day (it's a heavy query — the per-day limit lets you re-export within a day if you mis-saved the first file)
  • CSV exports: 10 per hour

Audit logging

Every export is logged to your account's audit log with a timestamp. This satisfies our GDPR Art. 30 record-of-processing obligation and helps us track any unauthorised data access.

What's excluded from export

  • Encrypted OAuth tokens (useless outside our system, and exporting decrypted tokens would be a security risk)
  • Password hash (never exportable)
  • Other users' data (obviously)
  • Server-internal tables (rate-limit counters, cache rows, idempotency keys — none of which contain your business data)

Was this article helpful?

More about account & data