Skip Navigation

How Cylance Endpoint Security products collect and use data

How
CylanceGATEWAY
collects and uses data

For complete information about this product, see the Cylance Endpoint Security docs.

Item	Data collection and use
Administrator account information	BlackBerry collects the following information about administrator accounts to authenticate authorized administrators and deliver application alerts: First name Last name Email address Username
User account information	BlackBerry collects the following information about user accounts to provide customers with the ability to configure and deploy service: First name Last name Email address Username
Endpoint data	BlackBerry collects the following device data to give your organization’s administrators visibility into users’ network activity: Hostname OS Last connected date and time The data is accessible to authorized BlackBerry support and service management staff.
Collection of endpoint network activity	BlackBerry collects the following network activity data from endpoint devices to give your organization’s administrators visibility into users’ network activity: DNS activity Destination IP address Destination port TLS certificates Categories of network resources accessed Data transferred Date and time Administrators can take this data into account when they configure risk mitigation policies. The data is accessible to authorized BlackBerry support and service management staff.
Identifying alerts and events	BlackBerry collects the following information about alerts and events to give your organization’s administrators visibility into users’ network activity and potential threats: Risk calculation Risk type Status Username Device name Network destination Action taken Data transferred Detection time Response actions The data is accessible to authorized BlackBerry support and service management staff.
Diagnostic information	BlackBerry collects the following diagnostic information to support problem reporting and issue resolution: Information about specific problems User provided email address for follow-up Device details User unique identifier Device unique identifier Status Account name
Customer administrative logins	BlackBerry collects login activity from administrators or operator of customer tenants (includes date and time, user unique identifier, status, and account name) to audit authentication activity and perform risk management.
Data storage	BlackBerry uses the data described above to facilitate the performance of the EULA under which BlackBerry ’s services and products are offered. The data is shared only with necessary third-party services that are needed to fulfill the intended purpose of the services. BlackBerry will not sell, lease, or otherwise distribute this information. The endpoint data that is collected is stored in one of the following subprocessors: Amazon Web Services ; Asia Pacific (Australia), Europe (Germany), North America (United States), South America (Brazil). Databricks: Asia Pacific (Australia), Europe (Germany), North America (United States). MessageBird (email only): United States

Data retention

Personal data processed	Data retention period
Administrator and user account information	Data is stored for the duration of the contract. A customer administrator can remove an individual user’s personal data or initiate a service removal request in the administrative console. Data that is backed up is retained for 90 days after the conclusion of a service agreement.
Endpoint data	Data is retained for as long as registered device is active.
Endpoint network activity	Data is stored for 30 days.
Alerts and events	Data is stored for 30 days.
Diagnostic information	Data is stored for 5 years.
Customer administrative login activity	Data is stored for 1 year.

How Cylance Endpoint Security products collect and use data