How can we help?

Go to Dashboard → Billing and click Change Plan. Upgrades take effect immediately and you are billed pro-rata. Downgrades apply at the start of the next billing period.

Yes. Cancel anytime from Dashboard → Billing. Your account remains active until the end of the current billing period. No refunds are issued for partial months.

Team management is available on Starter and above plans. Navigate to Dashboard → Settings → Team to invite members by email and assign roles.

A DPP is a structured, machine-readable data record that carries sustainability, traceability, and compliance information about a physical product throughout its lifecycle. PassportLab implements DPPs in accordance with the EU ESPR Regulation (2024/1781) and the UNTP v0.6.0 standard.

After creating a DPP, open the product detail view and click Download QR. The QR code encodes a GS1 Digital Link URL. You can also retrieve it programmatically via GET /api/v1/public/dpp/{code}/qr.png.

Yes. Connect your store under Dashboard → Integrations. Once authorised, use Dashboard → Imports to pull products directly into PassportLab as draft DPPs.

Deleting a product marks the DPP as inactive and removes the public endpoint. The audit log entries are retained indefinitely and are immutable — they cannot be deleted.

PassportLab currently enforces ESPR 2024/1781 (general DPP mandate), Battery Regulation 2023/1542 (Annex XIII schema), and outputs in UNTP v0.6.0 and EPCIS 2.0 formats. Additional product-category schemas are on the roadmap.

When a DPP's category is set to battery, PassportLab validates required Annex XIII fields (state of health, duty cycle, hazardous substances, recycled content, etc.) on every save. Violations are surfaced inline in the product editor and in the Compliance dashboard.

A W3C Verifiable Credential (VC) is a cryptographically signed representation of your DPP data. It allows third parties to verify data authenticity without contacting PassportLab. VCs are issued automatically for all products on paid plans. SD-JWTs for selective disclosure are also available.

No. The public read endpoint (GET /api/v1/public/dpp/{code}) and the GS1 Digital Link resolver are fully unauthenticated. See the Developer API page for the full reference.

The authenticated API uses JWT tokens stored in httpOnly cookies. To authenticate, POST credentials to /api/v1/auth/signin. TOTP two-factor authentication is supported and can be enabled under Dashboard → Settings → Security.

Go to Dashboard → Settings → Webhooks and add your endpoint URL. PassportLab signs all webhook payloads with HMAC-SHA256 using your webhook secret. Retries follow an exponential back-off over 24 hours.

First verify that your OAuth token is still valid under Dashboard → Integrations. If the token is expired, re-authorise the connection. If the issue persists, check the import log for error details and contact support with the job ID.