> ## Documentation Index
> Fetch the complete documentation index at: https://docs.inboxmate.psquared.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Data export & audit log

> Download a full DSGVO data archive of your account and see who changed what, when.

Two related tools live in workspace settings: a full **DSGVO/GDPR data export** on **Settings → Konto**, and a **who-did-what audit trail** on **Settings → Audit-Log**. Both are gated by role — see [Team management → Roles](/user-guide/workspace/team-management#roles) for the full role table, including the read-only **Viewer**.

## DSGVO data export

Under **Settings → Konto**, admins and the Owner see a **Datenexport (DSGVO)** section:

> Lade ein vollständiges, maschinenlesbares Archiv (JSON) der Daten dieses Kontos herunter: Einstellungen, Benutzer, Agenten, Wissen, Kategorisierer, Kontakte, Tickets, Chats und gelernte Beispiele. Geheimnisse (API-Schlüssel, Postfach-Passwörter, OAuth-Tokens) sind niemals enthalten.

Clicking **Export anfordern** builds the archive server-side and downloads it straight to the browser as `dsgvo-export-<accountId>-<date>.json` — nothing is written to a file store first.

<Note>
  This is owner/admin only, same gate as user management and audit log access. Members and Viewers don't see this section at all.
</Note>

### What's in the archive

The export covers everything the account owns:

* Account record and settings
* Users / memberships
* Agents
* Knowledge buckets, items, and knowledge entries
* Categorizers, categories, category branches, and category actions
* Categorizations and the categorization action log
* Email connection metadata
* Contacts and companies
* Tickets and ticket comments
* Chats and messages
* Learned writing-style exemplars

Each section is capped at 5,000 rows. If an account has more than that, the section reports its true total count and a `truncated` flag so you know the archive was clipped rather than silently incomplete.

<Warning>
  Secrets never leave the server. Custom model-endpoint API keys are masked, mailbox passwords and OAuth tokens are redacted, and any column that merely *looks* like a credential (by name pattern) is scrubbed too, as defense in depth. Embedding vectors are dropped — they're bulky and not human-meaningful.
</Warning>

Requesting an export is itself logged as an event in the audit trail below — visible only to other admins/the Owner, like all account-level privacy events.

## Audit log

**Settings → Audit-Log** shows a chronological trail of permission-sensitive changes on the account: role changes, invitations sent/accepted/cancelled, users removed, mailbox-sharing changes, temporary access grants created or revoked, and account data exports. Each entry shows who did it and when.

What you see depends on your role:

| Who                 | What they see                                                                                                                               |
| ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- |
| **Owner / Admin**   | Änderungen an Rollen, Einladungen, Freigaben und temporären Zugriffen — every permission event on the whole account.                        |
| **Member / Viewer** | Zugriffe und Freigaben deiner Postfächer — only events about mailboxes they own, or grants that involve them (granted to them, or by them). |

<Tip>
  This is a separate, more tightly scoped reader than the generic activity log used elsewhere in the product — permission-sensitive entity types (roles, invitations, sharing, grants, account exports) are only ever surfaced through this role-gated view, never through a generic log a non-admin could otherwise read.
</Tip>

## Roles that gate this page

Both features above use the same two-tier gate already used for user management:

* **Owner / Admin** — full access: can trigger a DSGVO export and see the complete audit log.
* **Member / Viewer** — no export button; audit log narrowed to their own mailboxes. **Viewer** in particular is read-only everywhere in the product — it can see shared mailboxes and conversations but cannot send, approve, reroute, or change any configuration.

See [Team management](/user-guide/workspace/team-management) for how roles are assigned and the full capabilities table.
