Guides
ProductDeveloper
Guides

Data Retention

When you interact with the Umbrella dashboard or services, Umbrella generates and stores data. Depending on the type of data created, Umbrella retains this information for different periods of time. The following table describes the data retention limits across Umbrella.

Feature

Type of Data

Limit

Account/Contact Information

  • Administrator email address
  • Administrator first and last name, company account information (company name, street, city, state/region, country, phone number, unique account ID)
  • Billing contact name

Data deleted upon request.

DNS Usage and Event Data

  • DNS query data contained in DNS logs (domain, DNS record type, DNS response, IP address, potential user email ID)
  • Device ID
  • Applications associated with user or device
  • If using DNS block page: HTTP traffic and HTTP header info (for example: URL), but excluding HTTP body content contained in proxy logs.

Automatically deleted after two years.

  • When using the roaming client with IP layer enforcement enabled, for suspicious destinations: all ports and protocol meta information including source IP and port, destination IP and port, application, date, timestamp, but excluding the packet content

Data deleted upon request.

Proxy Usage and Event Data

  • HTTP traffic and HTTP header info (for example: URL), but excluding HTTP body content contained in proxy logs
  • Applications associated with users or devices
  • Timestamps

Automatically deleted after two years.

  • Data contained in customer files sent to Cisco Umbrella for analysis

Files inspected by Umbrella are only held transiently and purged after they are scanned by Umbrella.

  • Summarized DNS and proxy log data

Automatically deleted two years after log creation date.

Cloud-Delivered Firewall

All ports and protocol meta information including:

  • source IP and port
  • destination IP and port
  • application
  • date
  • timestamp

Information excludes the packet content.

Automatically deleted after two years.

Cloud Malware

  • User ID and/or email address
  • User first and last name
  • IP Addresses for end users
  • Any other personal data that may be inspected for malware because it is stored on the applicable cloud environment

Data deleted upon request except for usernames, email addresses, and IDs. Umbrella retains the content from inspected files to calculate the hash. After generating the hash, Umbrella deletes the data.

  • Cloud Malware OAuth Keys

Data deleted upon request.

Data Loss Prevention (DLP)

DLP record metadata including:

  • File name
  • Active Directory information for applicable users
  • Redacted snippet of text (for example: the last 4 digits of a credit card number) that triggers a customer Data Loss Prevention policy violation (“DLP Metadata”)

Data deleted upon request.

Remote Browser Isolation (RBI)

  • Browser configuration
  • User input in the isolation platform
  • Any other personal data contained in user requests or user input in the isolation platform
  • Any other personal data present on pages that are isolated by the platform

Transient

  • Session ID

Deleted after 24 hours.

  • User configuration

Data deleted upon request.

Configuration Information

  • Audit logs (administrator name)
  • Policy settings (administrator name, IP address)
  • Unique account ID
  • If using Active Directory add-on: Active Directory identity (first name, last name, username, device ID)

Data deleted upon request.

Dashboard Activity Information

  • Administrators’ first and last name, email address, IP address, user ID, country, region, city.
  • Device information: device name, device serial number, device type, device owner name, device owner email

Data deleted upon request.

Support Information

  • First and last name
  • Email address
  • Phone number of the employees appointed to open the service request
  • Customer account information: company name, street, city, state/region, country, unique
    account ID

Data deleted upon request.

Business and Product Analytics

  • Product usage, contact and user information, which may include the following types of personal data:
    • Administrators’ first and last name, title
    • Company name
    • Physical address (street, city, state/region, country)
    • Email address
    • Username and/or ID
    • IP address
    • Phone number
    • Device ID/serial number, operating system type and version of the user
    • Unique account ID
    • Timestamp for login
Data deleted upon request.

Limitations and Range Limits < Data Retention > Average Bandwidth