Data purge rules-Security Center(Security Center)-阿里云帮助中心

Security Center purges your service data if your service expires because of an overdue payment, you unsubscribe from the service, or you close your Alibaba Cloud account. This topic describes the data purge rules.

Use cases

Service termination (account retained):
- Pay-as-you-go (postpaid) service
  - Overdue payment: Pay-as-you-go bills are generated daily. An overdue payment occurs if your account balance is insufficient to cover the bill.
  - Manual service shutdown: If your account has no overdue payments, you can shut down the pay-as-you-go service.
  - Forced service shutdown: If events such as a breach of contract, fraud, infringement, or customer bankruptcy occur, Alibaba Cloud will forcibly shut down the pay-as-you-go service in accordance with the service agreement.
- Subscription (prepaid) service
  - Expiration: The subscription service expires and is not renewed on time.
  - Manual unsubscription: You manually unsubscribe from the service before it expires without closing your account.
  - Forced unsubscription: If events such as a breach of contract, fraud, infringement, or customer bankruptcy occur, Alibaba Cloud will forcibly unsubscribe the subscription service in accordance with the service agreement.
Membership termination (account closure):
- You manually close your Alibaba Cloud account.
- Alibaba Cloud forcibly closes your Alibaba Cloud account in accordance with the service agreement because of events such as a breach of contract, fraud, infringement, or customer bankruptcy.

Service termination (account retained)

Pay-as-you-go (postpaid) service

Overdue payment: If a payment is overdue, your data is retained for 15 days.
Important
Alibaba Cloud offers a service suspension extension that can extend the data retention period for cloud products. For more information, see Overdue payment and service suspension. For example, if you are granted a 10-day service suspension extension, the data retention period for Security Center is extended to 25 days (10 + 15).
Manual service shutdown/Forced service shutdown: Data is purged according to the following rules.

Scenario	Data purge description
Overdue payment - Within the data retention period	During the retention period, all service authorization information, configuration policies, and pay-as-you-go service data are retained.
Overdue payment - After the data retention period	The following authorization information is immediately purged: Container Protection - Image security scan. Container Protection - CI/CD integration settings. The following Agentic SOC data is immediately purged: Important If the data retention period for an overdue payment is longer than 15 days, Agentic SOC does not wait for the retention period to end. Instead, it starts the data purge immediately after the 15th day of the overdue payment. Security alerts: All alert information except for alerts under CWPP. Security event handling: Event information generated by Agentic SOC predefined rules and custom rules (Agentic SOC security events). Note Security events generated from alerts under CWPP (CWPP security events) are retained. Response orchestration: Custom playbooks and custom response rules. Log Management: Standardized integration logs and Security Center logs. Rule management: Custom rules. Integration Center: Custom items such as standardized integration rules, data sources, watchlists, and integration policies. Agentic SOC - Response Center: Response policy and response task data is automatically purged by the system 90 days after it expires. This is not affected by overdue payments or service shutdowns. CSPM: Cloud product configuration check: After the cloud product configuration check is disabled, the check result data is not deleted. Periodic scan policies, allowlist policies, and custom check items are not deleted. System baseline check: Baseline check results cannot be viewed in the frontend. Backend data is retained for 30 days and then automatically deleted after the retention period expires. Note If your subscription service (Advanced, Enterprise, or Ultimate) has not expired and has not been unsubscribed, the check results for the corresponding edition are continuously retained. After the service expires or you unsubscribe, the data is retained in the backend for 30 days and then automatically deleted. Scan policies are immediately deleted. Allowlist policies are not deleted.
Manual service shutdown
Forced service shutdown

Subscription (prepaid) service

Expiration: A 7-day grace period is provided after your service expires. After the 7-day grace period, the service instance is immediately released. This means your paid or trial edition is downgraded to the Free Edition, and the corresponding data is purged.

Manual/Forced unsubscription: The service instance is immediately released. This means your paid or trial edition is downgraded to the Free Edition, and the corresponding data is purged.

Scenario	Data purge description
Expiration - Within 7 days	The service authorization information, configuration policies, and service data for all features are retained.
Expiration - After 7 days	The following authorization information is immediately purged: Container Protection - Image security scan. Container Protection - CI/CD integration settings. Log analysis: The data in the `sas-log` Logstore is immediately purged. This Logstore belongs to the Project that Security Center creates in Simple Log Service (SLS). The Project is named `sas-log-<Alibaba Cloud account ID>-<region ID>`. Host Protection - Anti-ransomware: All backup policies and backup data are immediately purged. Cloud Security Posture Management (CSPM): Cloud product configuration check: Only the check results of free edition items are retained. The check results of paid edition items are immediately purged. Periodic scan policies, allowlist policies, and custom check items are not deleted. System baseline check: Baseline check results cannot be viewed in the frontend. Backend data is retained for 30 days and then automatically deleted after the retention period expires. Scan policies are immediately deleted. Allowlist policies are not deleted.
Manual unsubscription
Forced unsubscription
Unsubscription/Expiration - After 15 days	The following Agentic SOC data is immediately purged: Security alerts: All alert information except for alerts under CWPP. Security event handling: Event information generated by Agentic SOC predefined rules and custom rules (Agentic SOC security events). Note Security events generated from alerts under CWPP (CWPP security events) are retained. Response orchestration: Custom playbooks and custom response rules. Log Management: Standardized integration logs and Security Center logs. Rule management: Custom rules. Integration Center: Custom items such as standardized integration rules, data sources, watchlists, and integration policies. Agentic SOC - Response Center: Response policies and response tasks are automatically purged by the system 90 days after they expire. This is not affected by unsubscription.

Membership termination (account closure)

If your Alibaba Cloud account is closed, all Security Center data associated with the account is immediately and permanently deleted.

Warning

This operation is irreversible. Deleted data cannot be recovered.