Data Retention

When you interact with the Umbrella dashboard or services, Umbrella generates and stores data. Depending on the type of data created, Umbrella retains this information for different periods of time. The following table describes the data retention limits across Umbrella.

FeatureType of DataLimit
Account/Contact Information Administrator email address
Administrator first and last name, company account information (company name, street, city, state/region, country, phone number, unique account ID)
* Billing contact name
Data deleted upon request.
DNS Usage and Event Data DNS query data contained in DNS logs (domain, DNS record type, DNS response, IP address, potential user email ID)
Device ID
Applications associated with user or device
If using DNS block page: HTTP traffic and HTTP header info (for example: URL), but excluding HTTP body content contained in proxy logs.
Automatically deleted after two years.
Proxy Usage and Event Data HTTP traffic and HTTP header info (for example: URL), but excluding HTTP body content contained in proxy logs
Applications associated with users or devices
* Timestamps
Automatically deleted after two years.
* Data contained in customer files sent to Cisco Umbrella for analysisFiles inspected by Umbrella are only held transiently and purged after they are scanned by Umbrella.
* Summarized DNS and proxy log dataAutomatically deleted two years after log creation date.
Cloud Malware User ID and/or email address
User first and last name
IP Addresses for end users
Any other personal data that may be inspected for malware because it is stored on the applicable cloud environment
Data deleted upon request except for usernames, email addresses, and IDs. Umbrella retains the content from inspected files to calculate the hash. After generating the hash, Umbrella deletes the data.
* Cloud Malware OAuth KeysData deleted upon request.
* Session IDDeleted after 24 hours.
* User configurationData deleted upon request.
Configuration Information Audit logs (administrator name)
Policy settings (administrator name, IP address)
Unique account ID
If using Active Directory add-on: Active Directory identity (first name, last name, username, device ID)
Data deleted upon request.
Dashboard Activity Information Administrators’ first and last name, email address, IP address, user ID, country, region, city.
Device information: device name, device serial number, device type, device owner name, device owner email
Data deleted upon request.
Support Information First and last name
Email address
Phone number of the employees appointed to open the service request
Customer account information: company name, street, city, state/region, country, unique
account ID
Data deleted upon request.
Business and Product Analytics Product usage, contact and user information, which may include the following types of personal data:
Administrators’ first and last name, title
Company name
Physical address (street, city, state/region, country)
Email address
Username and/or ID
IP address
Phone number
Device ID/serial number, operating system type and version of the user
Unique account ID
* Timestamp for login
Data deleted upon request.

Limitations and Range Limits < Data Retention > Monthly DNS Query Average