The table below outlines KnowBe4's retention policy for our applicable products and services. KnowBe4’s retention policies are immutable, and we cannot deviate from the retention periods outlined below.
The table below describes the journey an account takes from start to finish. Please note that these retention periods are KnowBe4’s automatic retention periods. Customers are able to submit a request to their Customer Success Manager and request their data be deleted manually. *Defend and Prevent deletion is only possible through the set retention policy. In those cases, accounts will be deleted permanently within the period specified in our contracts.
| Service | Data Type | Retention Period | Justification |
| KSAT Console (including PhishRIP, PhishER, PhishML, Security Coach etc.) | Active Production Data | Permanently deleted after termination and 18 months of inactivity | Retaining active production data for up to 18 months of inactivity helps ensure that customers can reactivate accounts if needed. Customers may request their data be deleted sooner than 18 months upon submitting a request to our support team or their customer account manager. |
| KSAT Console (including PhishRIP, PhishER, PhishML, Security Coach etc.) and KCM GRC | Backup Data and Audit Trails | Backups stored for 1 year; Audit trails stored for 3 years | Storing backups for one year ensures business continuity, disaster recovery, and quick restoration in case of service issues. Retaining audit trails for three years supports our compliance posture, enables long-term trend analysis, and facilitates security investigations. |
| KCM GRC | Active Production Data | Deleted upon request | This is the policy set forth by the KnowBe4 engineering team. This ensures that no compliance data is pre-maturely deleted, and is only removed upon request of the customer. |
Defend Data Retention Overview
| Data Type | Retention Period | Justification |
| Threat Data (General) | 18 months rolling | Required for risk alerts, explaining risk scores, internal threat analysis, trend/risk analysis, and reporting. Supports performance of agreements, secure services, fraud/security risk prevention, and legal compliance. |
| Threat Data (Malicious: email addresses/messages) | 10 years | Retained to perform agreements, ensure secure services, identify/respond to new threats, prevent fraud/security risks, and comply with legal obligations. |
| Threat Data (Interaction between two email addresses) | Duration of Customer’s agreement + 30 days | Retained to perform agreements, ensure secure services, identify/respond to threats, and provide trend/risk analysis and reporting. |
| Defend Audit Trails | Audit Trails are stored for three years | Retaining audit trails for three years supports our compliance posture, enables long-term trend analysis, and facilitates security investigations. Allows customers to evaluate a history of admin decisions taken with malicious emails. |
Protect Data Retention Overview
| Data Type | Retention Period | Justification |
| Content | 90 days from receipt/last access | Ensures recipients can access/decrypt data. Retained to perform agreements, ensure secure services, and allow viewing. |
| Protect Large File Transfer | Default 90 days (adjustable) | Ensures recipients can access/decrypt transferred data. Retained to meet Customer requirements. |
| Protect Audit Logs | Duration of Customer’s agreement + 30 days (or until hosted ESI decommission) | Enables Customers to review audit logs, ensure correct service access, perform agreements, and provide secure services. |
| Large File Transfer Audit Logs | Duration of Customer’s agreement + 30 days (or until hosted ESI decommission) | Enables Customers to review audit logs, ensure correct service access, perform agreements, and provide secure services. |
| Logs (System) | Up to 1 year | Retained for troubleshooting, identifying trends, preventing fraud/security risks, performing agreements, and complying with legal obligations. |
| App Insight Logs (Application) | Deleted after 30 days | Retained for troubleshooting, identifying trends, preventing fraud/security risks, performing agreements, and complying with legal obligations. |
| Dedicated ESI | Duration of Customer’s agreement + 30 days | Maintained so once deleted, no previously encrypted emails are accessible. Allows time for content decryption/download before deletion. |
| Dedicated ESI Audit Logs | Indefinitely | Required for Commercial Product Assurance accreditation. |
| Dedicated on-premise ESI | Not applicable | Federation certificate revoked promptly after agreement expiry to prevent continued service use. |
| Encryption Keys (On-Premise Deployment) | Defined by Customer | Set according to Customer requirements. |
| Encryption Keys (Fully hosted by KnowBe4) | Indefinitely (unless deleted by Customer) | Retained to allow access to historic packages for recipients. |
Prevent Data Retention Overview
| Data Type | Retention Period | Justification |
| Threat Data (General) | 18 months rolling + up to 30 days | Required to improve Prevent’s accuracy, provide trend/risk analysis and reporting, perform agreements, and ensure secure services. |
| Prevent Audit Logs | Duration of Customer’s agreement + 90 days | Enables demonstration of system behavior when yielding advice to Customer. Includes KnowBe4 Server Infrastructure & Core Prevent logs. |
| Logs (System) | Deleted after 30 days | Retained for troubleshooting, identifying trends, preventing fraud/security risks, performing agreements, and complying with legal obligations. |
| App Insight Logs (Core Application) | Deleted after 60 days | Retained for troubleshooting, identifying trends, preventing fraud/security risks, performing agreements, and complying with legal obligations. |
| Prevent Application Logs | Deleted after 60 days | Retained for troubleshooting, identifying trends, preventing fraud/security risks, performing agreements, and complying with legal obligations. |
| App Insight Logs (KnowBe4 Security Center) | Deleted after 30 days | Retained for troubleshooting, identifying trends, preventing fraud/security risks, performing agreements, and complying with legal obligations. |
| Dedicated ESI (if applicable) | Duration of Customer’s agreement + up to 30 days | Maintained to coincide with decommissioning of Customer’s relationship. |
Note: Where applicable, data may continue to be stored and processed if required by law, regulation, or at Customer request (with appropriate justification and payment of fees). This table reflects all stated retention periods and justifications as accurately and succinctly as possible, without additional commentary.