Consumers
After scanning, consumers can see product identity, publisher, public data, update time, risk notes and review boundaries.
Scoped public data
Controlled access
Traceable scan records
Product records should be visible to customers, but not every piece of data should be public.
GEXYRAL separates public product pages, merchant data, evidence files, DPP structured fields, scan records and evidence exports. Consumers see necessary public information, merchants keep fuller records, and sensitive content is controlled by access scope.
Who this page is for
This is not a developer document. It explains what becomes public and what stays protected.
When products use PID QR codes, public lookup pages, DPP records or Evidence Pack exports, the platform must help customers review necessary information without exposing merchant, partner or internal data that should remain controlled.
Merchants
Merchants can maintain fuller product data, evidence files, DPP fields, evidence indexes and export records.
Partners
With authorization, partners may review data needed for business checks, channel audits or trade communication.
Data handled by the platform
Data around product identity, scan lookup and DPP readiness is stored and displayed by scope.
The following explains the general data scope. Actual fields depend on merchant input, plan capabilities, disclosure settings and product category.
Product identity and public lookup data
Includes product name, PID, QR entry, merchant identity, public images, basic description, status, update time and user-facing notes.
DPP structured fields
Includes fields such as material, model, batch, origin, sustainability data, declarations, repair and recycling information when maintained by the merchant.
Evidence files and evidence index
Includes test reports, certificates, authorization letters, manuals, invoice summaries, images, upload time, review status and field linkage.
Access records and security logs
Includes scan visits, public page views, resolver hits, JSON-LD requests, Evidence Pack downloads, authorized access and abnormal access signals.
Export packages and verifiable snapshots
Includes field snapshots, evidence index, timeline, Manifest, signature summary and export task records for data version review.
Merchant account and service settings
Includes login account, company information, plan rights, usage quota, notification email, permission settings and necessary service communication records.
How disclosure scope is separated
Public pages should only show public data. Sensitive data should require authorization or internal permission.
DPP 资料按 public、consumer、business、authority、private 分级。public 可进入公开页和 public JSON-LD;consumer、business、authority 需要授权;private 不进入公开页、public JSON-LD 或普通 Evidence Pack。
Publicly visible
Suitable for QR lookup results, PID public pages, DPP public pages and public JSON-LD.
Consumer authorized view
Used when consumers need limited additional data for after-sales, service or supplementary review.
Business partners
Used for channels, customers, platform checks, trade partners or service providers after authorization.
Audit or authority role
Used for higher-permission review with clear identity, authorization and access records.
Internal data
Not placed on public pages, ordinary public evidence packs or public JSON-LD. Used mainly for merchant management and platform security audits.
Scan and access records help review record status, detect abnormal visits and keep the service secure.
When users scan, look up a PID, visit a DPP public page, request JSON-LD, download an Evidence Pack or use an authorized link, the platform may record necessary information such as time, entry point, request path, device and network environment.
These records are mainly used for security audits, anomaly detection, merchant service statistics, authorized access review and system reliability analysis, not for making absolute judgments about a consumer.
Data is not disclosed without scope, and should not be locked away when merchants need migration.
平台按业务连续性、审计追溯和安全需要保留 DPP 结构化字段、证据索引、访问日志、导出记录、Manifest、签名与版本历史。具体保留期限可由平台在后台配置,并可按合同或适用法律要求调整。
商户退出时,可优先导出 Evidence Pack、公开字段快照、字段清单、证据索引、Manifest、签名记录和访问日志摘要。平台可协助迁移,但不对第三方系统导入结果作保证。
Evidence Pack
Evidence Packs are for data review, not for exposing every original file indiscriminately.
Evidence Pack 是可验证证据包,包含字段快照、证明材料索引、时间线、审计摘要、Manifest 和签名记录。它用于复核资料版本和证据索引,不等同于检测报告、认证证书或监管结论。
Before exporting or sharing an evidence pack, merchants should confirm that fields, evidence indexes, disclosure scope and recipient permission match the business scenario.
Field snapshot
Evidence index
Manifest summary
Signature record
Export timeline
Responsibility boundary
What users and merchants can review
Different roles care about different things, so the platform should make the scope clear.
Review whether public information is clear
Consumers can review product identity, publisher, update time, public data and platform notes. If something looks unusual, they may contact the merchant or platform.
Manage disclosure scope
Before publishing product records, DPP fields or evidence materials, merchants should confirm what is suitable for public display, authorized review or internal storage.
Review data within authorization
When partners access data through authorized links, business tokens or agreed methods, they should follow the allowed scope and not redistribute sensitive content.
Responsibility boundary
The platform provides record and access-control capabilities. Merchants remain responsible for data accuracy and disclosure.
平台作为技术服务提供者,负责提供记录、版本、访问控制、导出、签名和复验能力;技术可验证不等于法律定性,不替代检测、认证、监管注册或法律意见。
商户、制造商、进口商或其他发布主体仍是商品资料、证明材料、声明内容、产品合规性与对外披露准确性的责任经济运营商。
Does not replace test reports
Not an official certification
No “scan equals genuine” claim
No unbounded disclosure
Data Governance
Before publishing product records, clarify the disclosure scope first.
If you are a brand, cross-border seller or manufacturer, you can start with PID identity and gradually organize public data, evidence files, DPP fields and evidence packs to avoid repeated rework later.
Contact email:mike@gexyral.com