Datto EDR and Datto AV data collection and storage policies

This article describes the information collected and storage regions used by Datto EDR and Datto AV.

NOTE To learn about our data retention policies, refer to Datto EDR and Datto AV data retention policies. For more details about how our agent surveys your environment, review our Datto EDR and Datto AV FAQs. To review information about access control within Datto EDR and Datto AV, refer to Datto EDR and Datto AV access control.

Overview

We often receive questions about the nature of the information that our agent collects during a survey or real-time security task sequence to detect and analyze threats in your environment. While certain information is proprietary, we can provide a general understanding of the information that our platform uses to analyze a machine's health and identify potential threats.

What is collected

We collect the following information from each of your endpoints during a scan.

Active processes running on the machine, similar to what you see in the Windows Task Manager
Modules loaded by any processes or applications running on the machine
Memory injects and fileless objects running in volatile memory
Applications and objects which ran in the past or are scheduled to run in the future
Usernames associated with detected actions on the endpoint
Active host connections and listeners
All applications running on a machine, including their versions
Census information (host names, IP addresses, OS versions, etc.)
Monitored behavioral activity

Where applicable, the data captured includes timestamps, file hashes, and any correlated data that you might need to make an informed decision about an object's threat level.

If our machine learning platform has not seen an object before, it will attempt to collect the code that generated the object for static and dynamic analysis. We do not share captured code with third parties.

On average, completed analysis data packages exported from an endpoint are less than 1 MB in size.

Where it is stored

Datto EDR and Datto AV use uses the following data storage locations for customers in the United States, European Union, and Asia-Pacific (APAC) regions.

Region	AWS server and location
United States	us-east-1 (Virginia)
European Union	eu-west-1 (Ireland)
APAC	ap-southeast-2 (Sydney)

What is not collected

We do not collect the following information:

Personally identifiable information
Passwords
Account numbers
Normal data stored on the hard drive of an endpoint such as files, photographs, etc.

IMPORTANT If, in the process of analyzing objects for malicious activity, our agent unintentionally collects normally-excluded data, it is our policy to remove the information from all of our infrastructure and notify you of the incident. Doing so enables you to secure your environment against the exposure of future data.

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.

Datto EDR and Datto AV data collection and storage policies

Overview

What is collected

Where it is stored

What is not collected

Why wasn't this article helpful? (check all that apply)

Great!