Data Retention
When you interact with the Umbrella dashboard or services, Umbrella generates and stores data. Depending on the type of data created, Umbrella retains this information for different periods of time. The following table describes the data retention limits across Umbrella.
| Feature | Type of Data | Limit |
|---|---|---|
| Account/Contact Information | Administrator email address Administrator first and last name, company account information (company name, street, city, state/region, country, phone number, unique account ID) * Billing contact name | Data deleted upon request. |
| DNS Usage and Event Data | DNS query data contained in DNS logs (domain, DNS record type, DNS response, IP address, potential user email ID) Device ID Applications associated with user or device If using DNS block page: HTTP traffic and HTTP header info (for example: URL), but excluding HTTP body content contained in proxy logs. | Automatically deleted after two years. |
| Proxy Usage and Event Data | HTTP traffic and HTTP header info (for example: URL), but excluding HTTP body content contained in proxy logs Applications associated with users or devices * Timestamps | Automatically deleted after two years. |
| * Data contained in customer files sent to Cisco Umbrella for analysis | Files inspected by Umbrella are only held transiently and purged after they are scanned by Umbrella. | |
| * Summarized DNS and proxy log data | Automatically deleted two years after log creation date. | |
| Cloud Malware | User ID and/or email address User first and last name IP Addresses for end users Any other personal data that may be inspected for malware because it is stored on the applicable cloud environment | Data deleted upon request except for usernames, email addresses, and IDs. Umbrella retains the content from inspected files to calculate the hash. After generating the hash, Umbrella deletes the data. |
| * Cloud Malware OAuth Keys | Data deleted upon request. | |
| * Session ID | Deleted after 24 hours. | |
| * User configuration | Data deleted upon request. | |
| Configuration Information | Audit logs (administrator name) Policy settings (administrator name, IP address) Unique account ID If using Active Directory add-on: Active Directory identity (first name, last name, username, device ID) | Data deleted upon request. |
| Dashboard Activity Information | Administrators’ first and last name, email address, IP address, user ID, country, region, city. Device information: device name, device serial number, device type, device owner name, device owner email | Data deleted upon request. |
| Support Information | First and last name Email address Phone number of the employees appointed to open the service request Customer account information: company name, street, city, state/region, country, unique account ID | Data deleted upon request. |
| Business and Product Analytics | Product usage, contact and user information, which may include the following types of personal data: Administrators’ first and last name, title Company name Physical address (street, city, state/region, country) Email address Username and/or ID IP address Phone number Device ID/serial number, operating system type and version of the user Unique account ID * Timestamp for login | Data deleted upon request. |
Limitations and Range Limits < Data Retention > Monthly DNS Query Average
Updated 5 months ago