Datto EDR and Datto AV data collection and storage policies
This article describes the information collected and storage regions used by Datto EDR and Datto AV.
NOTE To learn about our data retention policies, refer to Datto EDR and Datto AV data retention policies. For more details about how our agent surveys your environment, review our Datto EDR and Datto AV FAQs. To review information about access control within Datto EDR and Datto AV, refer to Datto EDR and Datto AV access control.
Overview
We often receive questions about the nature of the information that our agent collects during a survey or real-time security task sequence to detect and analyze threats in your environment. While certain information is proprietary, we can provide a general understanding of the information that our platform uses to analyze a machine's health and identify potential threats.
What is collected
We collect the following information from each of your endpoints during a scan.
- Active processes running on the machine, similar to what you see in the Windows Task Manager
- Modules loaded by any processes or applications running on the machine
- Memory injects and fileless objects running in volatile memory
- Applications and objects which ran in the past or are scheduled to run in the future
- Usernames associated with detected actions on the endpoint
- Active host connections and listeners
- All applications running on a machine, including their versions
- Census information (host names, IP addresses, OS versions, etc.)
- Monitored behavioral activity
Where applicable, the data captured includes timestamps, file hashes, and any correlated data that you might need to make an informed decision about an object's threat level.
If our machine learning platform has not seen an object before, it will attempt to collect the code that generated the object for static and dynamic analysis. We do not share captured code with third parties.
On average, completed analysis data packages exported from an endpoint are less than 1 MB in size.
Where it is stored
Datto EDR and Datto AV use uses the following data storage locations for customers in the United States, European Union, and Asia-Pacific (APAC) regions.
Region | AWS server and location |
United States |
us-east-1 (Virginia) |
European Union |
eu-west-1 (Ireland) |
APAC |
ap-southeast-2 (Sydney) |
What is not collected
We do not collect the following information:
-
Personally identifiable information
-
Passwords
-
Account numbers
-
Normal data stored on the hard drive of an endpoint such as files, photographs, etc.
IMPORTANT If, in the process of analyzing objects for malicious activity, our agent unintentionally collects normally-excluded data, it is our policy to remove the information from all of our infrastructure and notify you of the incident. Doing so enables you to secure your environment against the exposure of future data.