Iris · Legal

Data Schema (for GDPR exports)

Last updated: June 2026

This page describes the JSON files inside a GDPR data export (Account → Privacy → Export my workspace data) and the meaning of each field. All timestamps are ISO-8601 in UTC.

tenant.json

One JSON object with: id, slug, name, plan, status, trial_ends_at, stripe_customer_id, stripe_subscription_id, created_at, updated_at.

users.json

Array of users in your workspace: id, email, full_name, role (admin/member), is_active, email_verified_at, last_login_at, created_at.

Note: password hashes are intentionally excluded — they are not personal data, and including them would reduce security if the export leaked.

devices.json

Registered firewalls: id, slug, label, vendor, model, is_enabled, last_seen_at, created_at. API keys are excluded (security).

events.json

Normalised firewall events: id, device_id, occurred_at, ingested_at, severity (0–15), category, action, src_ip, src_port, dst_ip, dst_port, protocol, message, raw (vendor-specific original fields).

alerts.json

Detection alerts: id, rule_id, device_id, priority (P1–P4), title, summary, status (open/acknowledged/resolved), fired_at, acknowledged_at, resolved_at, ai_triage (structured analysis from Claude), event_ids (links to events.json).

rules.json

Custom detection rules created in your workspace.

invitations.json

User invitations sent: email, role, created_at, accepted_at, expires_at. Token hashes are excluded.

audit_logs.json

Append-only record of admin actions in your workspace: created_at, actor_user_id, action, target, ip_address, user_agent, details.

Questions? Email iliadis@plan4.gr. See also Privacy · Terms · Cookies · Data schema