Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Skyhigh Security Cloud Data Retention

This is the data retention policy for the Skyhigh Security Cloud Platform, including all products and components. 

The data retention policy for web access log data is set by Skyhigh Security. Collected data is kept in the databases for 100 days by default for all customers. Customers can purchase the SSE Data Retention Add-on option to retain the data for 365 days.  It is deleted immediately after this retention period or, prior to this, upon receiving written instruction from a customer.

The data in the Skyhigh CASB for Shadow IT cloud infrastructure is aggregated on a daily, weekly, and monthly basis. Aggregation keeps daily data for 45 days, weekly data for 13 weeks, and monthly data for 14 months. Daily data is rolled up to weekly, and weekly is rolled up to monthly. Any data older than 14 months is deleted by default. Sanctioned data is set at 100 days unless the Skyhigh SSE Data Retention option is purchased which extends the data retention for a full year.

Skyhigh CASB's data retention policy applies to Sanctioned and Shadow data differently. 

Sanctioned Data Shadow Data
Threats Anomalies Activities Incidents Audit Logs Reports Monthly Weekly Daily
100 days 100 days 100 days 100 days 100 days 100 days 13 months 13 weeks 45 days

The Sanctioned Data is governed by the total count of incident number per incident type. By default, the maximum number of incidents is 2M. If you have purchased the Extended Sanctioned Data Plan, your data retention period for Sanctioned Data is 12 months instead of 100 days, and the maximum number of incidents is 7M.

If you would like to extend your data retention, contact Skyhigh Security Sales. 

For details about Data Retention for GDPR, see About the GDPR

Web policy data retention time is not determined by Skyhigh Security. This retention time is under the control of the customers.

Infrastructure/operational logs and telemetry data retention times depend on operational needs and legal requirements.


Skyhigh Security’s Data Privacy Page is posted on our Legal Homepage. In addition to the Privacy Notice, Skyhigh’s standard Customer Data Processing Agreement and Cloud Services Agreement are also posted on the homepage. 

Termination of Contract and Return of Stored Data

Musarubra (Skyhigh Security) agrees to negotiate terms upon your decision to pursue the Musarubra (Skyhigh Security and Trellix) solution. Musarubra (Skyhigh Security and Trellix) will meet the options defined in the termination of a service contract. Musarubra (Skyhigh Security and Trellix) acknowledges that returning/erasing customer data upon termination of an agreement is a requirement as per the GDPR.

  • Was this article helpful?