Data Retention Policy
This policy describes how the different types of data our services process are retained and for how long.
Prevent
Hosting location options (US, UK, EU, Australia)
Smart Data
|
Data Type |
Retention Period |
Justification |
|---|---|---|
|
Smart Data
Relevant to Prevent and functionality within the Egress Security Center
|
18 months rolling, and for up to 30 calendar days thereafter.
|
This data is required to enable the Prevent to improve their accuracy. It is also used to provide trend and risk analysis for reporting to Customers and their applicable Users through functionality within the Egress Security Center. This is retained for performance of the Group’s agreements with Customers, and for its own legitimate interests in providing secure Services to its Customers. It is also retained for preventing fraud and other security risks, and complying with its legal obligations. |
Audit logs
|
Data Type |
Retention Period |
Justification |
|---|---|---|
|
Prevent Audit Logs |
For the duration of the Customer’s agreement with the relevant Group company, and for 90 calendar days thereafter. |
These are retained in order to enable the Group to demonstrate why the system behaved in the way it did upon yielding advice to the Customer. This includes both Egress Server Infrastructure & Core Prevent logs. |
Logs
|
Data Type |
Retention Period |
Justification |
|---|---|---|
|
Logs (System) |
Deleted after 30 days |
These are retained for troubleshooting, identifying recurring trends, prevention of fraud and other security purposes. These are retained to enable performance of the Group’s agreements with Customers, and for its own legitimate interests in preventing fraud and other security risks within its Services and Software, and complying with its legal obligations. |
|
App Insight Logs (Core Application) |
Deleted after 60 days |
These are retained for troubleshooting and identifying recurring trends. These are retained to enable performance of the Group’s agreements with Customers, and for its own legitimate interests in preventing fraud and other security risks within its Services and Software, and complying with its legal obligations. |
|
Prevent Application Logs |
Deleted after 60 days |
These are retained for troubleshooting and identifying recurring trends. These are retained to enable performance of the Group’s agreements with Customers, and for its own legitimate interests in preventing fraud and other security risks within its Services and Software, and complying with its legal obligations. |
|
App Insight Logs (Egress Security Centre) |
Deleted after 30 days |
These are retained for troubleshooting and identifying recurring trends. These are retained to enable performance of the Group’s agreements with Customers, and for its own legitimate interests in preventing fraud and other security risks within its Services and Software, and complying with its legal obligations. |
Dedicated Egress Secure Infrastructure (ESI)
|
Location |
Retention Period |
Justification |
|---|---|---|
|
Dedicated hosted ESI |
For the duration of the Customer’s agreement with the relevant Group company, and for up to 30 calendar days thereafter.
|
This is maintained in this manner to coincide with decommissioning of Customer’s relationship with the Group. |
Defend
Hosting location options (US, UK, EU, Australia)
Threat Data
|
Data Type |
Retention Period |
Justification |
|
Threat Data
Relevant to Defend and functionality within the Egress Security Center
|
18 months rolling for access to in-depth reporting analysis, and for internal analysis by us of identified and potential threats. This may include data identified by the Services as malicious or a potential inbound threat (such as malware, ransomware or cyberattack).
|
This data is required to enable Defend to deliver risk alerts, and inform users why a risk has been scored. It is also used to provide trend and risk analysis and reporting for Customers and their applicable Users through functionality within the Egress Security Center.
|
|
Threat Data
Relevant to Defend and functionality within the Egress Security Center |
10 years retention of email addresses and messages confirmed as malicious. |
This is retained for performance of the Group’s agreements with Customers, and for its own legitimate interests in providing secure Services to its Customers and ensuring that new threats are identified and responded to accordingly by the Defend Service. It is also retained for preventing fraud and other security risks, and complying with its legal obligations |
|
Threat Data
Relevant to Defend and functionality within the Egress Security Center |
The interaction between two email addresses is retained for the duration of the Customer’s agreement with the relevant Group company, and for up to 30 calendar days thereafter. |
This is retained for performance of the Group’s agreements with Customers and for its own legitimate interests in providing secure Services to its Customers and ensuring that new threats and malicious emails are identified and responded to accordingly by the Defend Service. The interaction between two email addresses is also used to provide trend and risk analysis and reporting for Customers and their applicable Users through functionality within the Egress Security Center. |
Audit logs
|
Data Type |
Retention Period |
Justification |
|
Defend Audit Logs |
For the duration of the Customer’s agreement with the relevant Group company, and for 90 calendar days thereafter. |
These are retained in order to enable the Group to correlate user activity and support any security events. |
Logs
|
Data Type |
Retention Period |
Justification |
|
Logs (System) |
Up to 1 year |
These are retained for troubleshooting, identifying recurring trends, prevention of fraud and other security purposes. These are retained to enable performance of the Group’s agreements with Customers, and for its own legitimate interests in preventing fraud and other security risks within its Services and Software, and complying with its legal obligations. |
|
App Insight Logs (Application) |
Deleted after 30 days |
These are retained for troubleshooting and identifying recurring trends. These are retained to enable performance of the Group’s agreements with Customers, and for its own legitimate interests in preventing fraud and other security risks within its Services and Software, and complying with its legal obligations. |
|
Defend Application Logs |
Deleted after 90 days |
These are retained for troubleshooting and identifying issues such as failures/restarts, data connection events and other service operational events. |
Dedicated Egress Secure Infrastructure (ESI)
|
Location |
Retention Period |
Justification |
|
Dedicated hosted ESI |
For the duration of the Customer’s agreement with the relevant Group company, and for up to 30 calendar days thereafter. |
This is maintained in this manner to coincide with decommissioning of Customer’s relationship with the Group. |
Protect
Hosting location options (US, UK, EU, Australia)
Content
|
Data Type |
Retention Period |
Justification |
|
Protect
|
90 calendar days from the date that the data is received by or last accessed on the Egress Web Access servers. Note: this applies each time that the data is received (e.g. each time an email is forwarded or replied to this creates a new Secure Email package that is processed and retained for 90 days). |
This ensures that recipients accessing Content on the reader services have a copy of the data for the Service to decrypt for it to be viewed. This data is retained in this way to enable the Group to perform its agreement with the Customer, User or recipient (as applicable). |
|
Protect Large File Transfer |
Default period of 90 calendar days from initial transfer or last package access (unless a shorter/longer period is requested and justified by a Customer). NOTE: If a Protect package retention is reached this data is removed. |
This ensures that recipients accessing Content on the transfer services have a copy of the data for the Service to decrypt. The length can be increased or decreased at Customer request as the neither sender nor recipient have a copy of the data. This data is retained in this way to enable the Group to perform its agreement with the Customer, User or recipient (as applicable). |
Audit logs
|
Data Type |
Retention Period |
Justification |
|
Protect Audit Logs |
For the duration of the Customer’s agreement with the relevant Group company, and for 30 calendar days thereafter. For hosted ESIs these are retained until the Customer’s instance is decommissioned following expiry or termination of its agreement with the relevant Group company. |
These are retained to enable Customers to review audit logs and ensure access to the Services that they have purchased is set correctly. They are also retained for performance of the Group’s agreements with Customers, and for its own legitimate interests in providing secure Services to its Customers. |
|
Large File Transfer Audit Logs |
For the duration of the Customer’s agreement with the relevant Group company, and for 30 calendar days thereafter. For hosted ESIs these are retained until the Customer’s instance is decommissioned following expiry or termination of their agreement with the relevant Group company. |
These are retained to enable Customers to review audit logs and ensure access to the Services that they have purchased is set correctly. They are also retained for performance of the Group’s agreements with Customers, and for its own legitimate interests in providing secure Services to its Customers. |
Where the Group stores Content, any remaining Content and Audit Data is deleted 30 calendar days after termination or expiry of the Customer's agreement with the relevant Group company unless: (i) a Customer has required that the Group continues to store one or more of them (and has both paid applicable fees and provided the relevant Group company with a written statement outlining the lawful basis for it to do so on the Customer’s behalf signed by an authorised signatory of the Customer); or (ii) the Group, or a Group company, is required to retain copies of one or more of them for legal or regulatory reasons. Content may also continue to be stored and processed by the Group where it forms part of another User’s or Customer’s Content.
Logs
|
Data Type |
Retention Period |
Justification |
|
Logs (System) |
Up to 1 year |
These are retained for troubleshooting, identifying recurring trends, prevention of fraud and other security purposes. These are retained to enable performance of the Group’s agreements with Customers, and for its own legitimate interests in preventing fraud and other security risks within its Services and Software, and complying with its legal obligations. |
|
App Insight Logs (Application) |
Deleted after 30 days |
These are retained for troubleshooting and identifying recurring trends. These are retained to enable performance of the Group’s agreements with Customers, and for its own legitimate interests in preventing fraud and other security risks within its Services and Software, and complying with its legal obligations. |
Dedicated Egress Secure Infrastructure (ESI)
|
Location |
Retention Period |
Justification |
|
Dedicated hosted ESI |
For the duration of the Customer’s agreement with the relevant Group company, and for up to 30 calendar days thereafter. |
This is maintained in this manner as once deleted, no previously encrypted emails will be accessible either for the Customer or for any of their 3rd party recipients. This provides time for Content to be decrypted and downloaded prior to deletion. |
|
Dedicated hosted ESI Audit logs |
Indefinitely. |
This is a requirement of the Commercial Product Assurance accreditation (please see more information here: https://www.egress.com/security/certifications#cpa |
|
Dedicated on-premise ESI hosted by the customer |
Not applicable as the Group is not in control of hosting this Service. The Group will revoke the Customer’s federation certificate promptly following expiring or termination of the Customer’s agreement with the relevant Group company which will disable use of the ESI Service. |
The Group revokes the federation certificate in order to prevent continued use of the Service after the relevant Customer’s Subscription Period has expired or been terminated by either party. |
Encryption Keys
Encryption keys for partially hosted Customer solutions will follow either one of the following retention policies dependant on the specific key location. Encryption keys are kept for an indefinite amount of time (unless requested otherwise by the Customer) to allow access to historic packages to/from other recipients of the relevant Service.
|
Deployment Type |
Retention Period |
Justification |
|
On-Premise Customer deployment |
Defined by the Customer |
This is set-up in accordance to Customer requirements. |
|
Fully hosted by the Group |
Indefinitely (unless the Customer expressly requests deletion of encryption keys) |
This is set-up in accordance to Customer requirements. Encryption keys are kept for an indefinite amount of time (unless requested otherwise by the Customer) to allow access to historic packages to/from other recipients of the relevant Service. |
Secure Workspace
Hosting location options (US, UK, EU, Australia)
Content
|
Data Type |
Retention Period |
Justification |
|
Secure Workspace |
For the duration of the Customer’s agreement with the relevant Group company, and for up to 30 calendar days thereafter. Customer may use configuration options to adjust retention periods. |
Acting as a long-term file store, Customers should set their own retention policy as to how long their organisation should store their Content in this Service. This data is retained in this way to enable the Group to perform its agreement with the Customer. |
Audit logs
|
Data Type |
Retention Period |
Justification |
|
Secure Workspace Audit Logs |
For the duration of the Customer’s agreement with the relevant Group company, and for 30 calendar days thereafter. |
These are retained to enable Customers to review audit logs and ensure access to the Services that they have purchased is set correctly. These are retained for performance of the Group’s agreements with Customers, and for its own legitimate interests in providing secure services to its Customers. |
Where the Group stores Content, any remaining Content and Audit Data is deleted 30 calendar days after termination or expiry of the Customer's agreement with the relevant Group company unless: (i) a Customer has required that the Group continues to store one or more of them (and has both paid applicable fees and provided the relevant Group company with a written statement outlining the lawful basis for it to do so on the Customer’s behalf signed by an authorised signatory of the Customer); or (ii) the Group, or a Group company, is required to retain copies of one or more of them for legal or regulatory reasons. Content may also continue to be stored and processed by the Group where it forms part of another User’s or Customer’s Content.
Logs
|
Data Type |
Retention Period |
Justification |
|
Logs (System) |
Up to 1 year Note: Customers can request that these are kept for longer e.g. for meeting regulatory requirements. This will be agreed on a case-by-case basis with the requesting Customer. If you purchase SIEM, then these logs will be retained for a year. |
These are retained for troubleshooting, identifying recurring trends, prevention of fraud and other security purposes. These are retained to enable performance of the Group’s agreements with Customers, and for its own legitimate interests in preventing fraud and other security risks within its Services and Software, and complying with its legal obligations. |
|
App Insight Logs (Application) |
Deleted after 30 days |
These are retained for troubleshooting and identifying recurring trends. These are retained to enable performance of the Group’s agreements with Customers, and for its own legitimate interests in preventing fraud and other security risks within its Services and Software, and complying with its legal obligations. |
Dedicated Egress Secure Infrastructure (ESI)
|
Location |
Retention Period |
Justification |
|
Dedicated hosted ESI |
For the duration of the Customer’s agreement with the relevant Group company, and for up to 30 calendar days thereafter. |
This is maintained in this manner to coincide with decommissioning of Customer’s relationship with the Group. |
Encryption Keys
|
Deployment Type |
Retention Period |
Justification |
|
Fully hosted by the Group |
Duration of a folder or zone existing |
Once items delete (or delete from the recycle bin) permanently, the associated encryption keys for that content are also deleted. |
Secure Webform
Hosting location options (US, UK)
Content
|
Data Type |
Retention Period |
Justification |
|
Webforms |
This is dependent on the Customer’s requirements and how it wishes to receive the submissions. This can be via Secure Email and/or Large File Transfer and/or Secure Workspace – see below for more details. |
These are determined by the destination. No data is stored by the Webform Service after it has been successfully processed and delivered to the receiving system. |
Audit logs
|
Data Type |
Retention Period |
Justification |
|
Secure Webform Audit Logs |
For the duration of the Customer’s agreement with the relevant Group company, and for 30 calendar days thereafter. For hosted ESIs these are retained until the Customer’s instance is decommissioned following expiry or termination of its agreement with the relevant Group company. |
These are retained to enable Customers to review audit logs and ensure access to the Services that they have purchased is set correctly. They are also retained for performance of the Group’s agreements with Customers, and for its own legitimate interests in providing secure Services to its Customers. |
Where the Group stores Content, any remaining Content and Audit Data is deleted 30 calendar days after termination or expiry of the Customer's agreement with the relevant Group company unless: (i) a Customer has required that the Group continues to store one or more of them (and has both paid applicable fees and provided the relevant Group company with a written statement outlining the lawful basis for it to do so on the Customer’s behalf signed by an authorised signatory of the Customer); or (ii) the Group, or a Group company, is required to retain copies of one or more of them for legal or regulatory reasons. Content may also continue to be stored and processed by the Group where it forms part of another User’s or Customer’s Content.
Logs
|
Data Type |
Retention Period |
Justification |
|
Logs (System) |
Up to 1 year |
These are retained for troubleshooting, identifying recurring trends, prevention of fraud and other security purposes. These are retained to enable performance of the Group’s agreements with Customers, and for its own legitimate interests in preventing fraud and other security risks within its Services and Software, and complying with its legal obligations. |
|
App Insight Logs (Application) |
Deleted after 30 days |
These are retained for troubleshooting and identifying recurring trends. These are retained to enable performance of the Group’s agreements with Customers, and for its own legitimate interests in preventing fraud and other security risks within its Services and Software, and complying with its legal obligations. |
Respond (end of life)
Content
|
Data Type |
Retention Period |
Justification |
|
Respond (formerly Investigate, e-Discovery & Analytics, and Vault) |
For the duration of the Customer’s agreement with the relevant Group company, and for up to 30 calendar days thereafter. |
Acting as a long-term archive, Customers should set their own retention policy as to how long their organisation should store their Content in this Service. This data is retained in this way to enable the Group to perform its agreement with the Customer. |
Audit Logs
|
Data Type |
Retention Period |
Justification |
|
Respond Audit Logs (formerly e-Discovery & Analytics, and Vault) |
For the duration of the Customer’s agreement with the relevant Group company, and for 30 calendar days thereafter. For hosted ESIs these are retained until the Customer’s instance is decommissioned following expiry or termination of its agreement with the relevant Group company. |
These are retained to enable Customers to review audit logs and searches. They are also retained for performance of the Group’s agreements with Customers, and for its own legitimate interests in providing secure Services to its Customers. |
Where the Group stores Content, any remaining Content and Audit Data is deleted 30 calendar days after termination or expiry of the Customer's agreement with the relevant Group company unless: (i) a Customer has required that the Group continues to store one or more of them (and has both paid applicable fees and provided the relevant Group company with a written statement outlining the lawful basis for it to do so on the Customer’s behalf signed by an authorised signatory of the Customer); or (ii) the Group, or a Group company, is required to retain copies of one or more of them for legal or regulatory reasons. Content may also continue to be stored and processed by the Group where it forms part of another User’s or Customer’s Content.
Dedicated Egress Secure Infrastructure (ESI)
|
Location |
Retention Period |
Justification |
|
Dedicated hosted ESI |
For the duration of the Customer’s agreement with the relevant Group company, and for up to 30 calendar days thereafter.
|
This is maintained in this manner as once deleted, no previously encrypted emails will be accessible either for the Customer or for any of their 3rd party recipients. This provides time for Content to be decrypted and downloaded prior to deletion. |
|
Dedicated on-premise ESI hosted by the customer |
Not applicable as the Group is not in control of hosting this Service. The Group will revoke the Customer’s federation certificate promptly following expiring or termination of the Customer’s agreement with the relevant Group company which will disable use of the ESI Service. |
The Group revokes the federation certificate in order to prevent continued use of the Service after the relevant Customer’s Subscription Period has expired or been terminated by either party. |
Encryption Keys
Encryption keys for partially hosted Customer solutions will follow either one of the following retention policies dependant on the specific key location. Encryption keys are kept for an indefinite amount of time (unless requested otherwise by the Customer) to allow access to historic packages to/from other recipients of the relevant Service.
|
Deployment Type |
Retention Period |
Justification |
|
On-Premise Customer deployment |
Defined by the Customer |
This is set-up in accordance to Customer requirements. |
|
Fully hosted by the Group |
Indefinitely (unless the Customer expressly requests deletion of encryption keys) |
This is set-up in accordance to Customer requirements. Encryption keys are kept for an indefinite amount of time (unless requested otherwise by the Customer) to allow access to historic packages to/from other recipients of the relevant Service. |
System Data for All products
Logs
|
Data Type |
Retention Period |
Justification |
|
Salesforce Support Tickets and Chat history |
6 years from last update of support case. |
This information is retained to enable the Group to learn from previous activity, and to enable continuity of service if a Customer or user quotes a support ticket reference in future correspondence. This data is retained in this way for the Group’s legitimate interests of providing support on its Services, and enabling good and consistent Customer service. |
|
Infrastructure security logs sent to SIEM |
Up to 1 year |
This is required to help in the assistance of an investigation and performance review. |
Mobile App Logs
|
Data Type |
Retention Period |
Justification |
|
Logs (System) |
Up to 90 days Note: these logs are created by the Egress app based on information provided by the Group’s Egress Secure Infrastructure (ESI) system. They are generated and returned based on user actions within the Egress app. |
These are retained for troubleshooting, identifying recurring trends, prevention of fraud and other security purposes. These enable the Group’s performance of its agreements with Customers and Users, and for its own legitimate interests in preventing fraud and other security risks within its Services and Software, and complying with its own legal obligations. |