Under GDPR Article 20, you have the right to data portability. All exports include only data belonging to your account. Downloads are timestamped and suitable for submission to a new service or as a personal record. We do not share your export with third parties.
Activity log
All recorded sign-ins, cert events, profile changes, and peck actions for your account.
Certificate bundle
Your birth certificate, cert ID, trust tier, issuance timestamp, and identity fields.
Full profile
All profile data: email, phone, display name, address, notification preferences, connected agents, and session metadata.
Session & device history
Recent session records derived from the audit log — device labels, IPs, and sign-in timestamps.
Export everything
Download a single JSON bundle containing all of the above — activity, certificate, profile, and session history — in one portable file.
Data retention policy
| Data type | Retention period | Notes |
|---|---|---|
| Profile (email, phone, legal name) | Until deletion | Deleted on account deletion request |
| Birth certificate | Until deletion | Marked REVOKED on account deletion |
| Activity log / audit events | 90 days | Automatically purged after 90 days |
| Session tokens | 30 days inactive | Revoked on signout or inactivity |
| SSO tokens | 30 seconds | One-time use, TTL enforced by DynamoDB |
| Backup codes | Until regeneration | Replaced on new code generation |
| IP geolocation (birth cert) | Until cert deletion | Captured at signup; part of cert record |
Questions about your data? Email our privacy team → · Privacy Policy →