Customer Data Retention Policy
The policy for how long Alert Logic maintains customer data in its systems before deletion varies according to data type. The schedule also depends on whether a customer still has an active account with Alert Logic or has ceased to have an active account. The policy is subject to individually contracted arrangements governing retention of a customer's data that has been negotiated with Alert Logic.
| Data Type | Description | Active Account Retention Policy | Inactive Account Retention Policy |
|---|---|---|---|
| Asset knowledge | Represents the documentation by Alert Logic of the customer deployments and environments such as hosts and networks | Retained indefinitely |
|
| IDS events | Input from the Alert Logic Threat Manager appliances/agents and used as a basis to create incidents | Retained for 6 months |
|
| Log messages | Input from the Alert Logic Log Manager appliances/agents and used to correlate with IDS events data to create incidents and analyze incidents | Retained for 13 months |
|
| Scan and compliance | Scan history and the resulting compliance results (if applicable) that are used to determine exposure/risk to a customer’s deployments and to consider against compliance initiatives such as payment card industry (PCI) |
Retained for the later of:
|
Automatically deleted by the later of:
|