Data protection at Dynatrace
We're committed to protecting the security, privacy, and availability of the Dynatrace Software Intelligence Platform. The security of your data and digital experience is a key priority for us, and we strive to protect and process your data responsibly. Proper care for data is at the core of our business.
Dynatrace enables you to be in full control of your data. With appropriate defaults in place, you determine what data to share with Dynatrace. To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, Dynatrace has physical, technical, and organizational procedures in place to safeguard your data with multiple layers of protection.
Data minimization strategy
Dynatrace provides you with the opportunity to follow the principle of data minimization, with an aim to reduce the processing of data to a strict minimum. You control the data sent to Dynatrace with the built-in mechanisms including data masking rules, user action naming rules, Anonymization API, and more. We enable you to obtain the full value of Dynatrace products and services without the necessity of sharing personal data (aside from authentication purposes) with Dynatrace.
Privacy and security by design
Dynatrace values your privacy and trust, so we have implemented the concepts of privacy and security by design. These concepts transparently empower you to control your data and make specific privacy choices. Dynatrace assists you in making these choices and aims to ensure that privacy and security components are embedded in all parts of the product right from the beginning. This way, privacy becomes an integral part of the Dynatrace Software Intelligence Platform without diminishing the core functionality. Furthermore, our "privacy and security by design" approach allows for best-in-class privacy and security defaults out-of-the-box.
To ensure best-in-class privacy, Dynatrace relies on extensive automated testing for all new and existing product functionality. Ongoing automated testing ensures the efficiency of the privacy measures that are deployed at each stage of the Dynatrace product lifecycle.
Our automated tests are:
- Adjusted and performed for every new release (bi-weekly schedule)
- Regularly reviewed to ensure 100% test coverage (bi-monthly schedule)
- Checked as part of a yearly privacy framework review
At Dynatrace, we recognize that our high data privacy and security standards depend on the awareness and engagement of each Dynatrace employee. With a culture of privacy and security risk awareness, focused data privacy principles, and recurring individual cybersecurity and privacy training, we empower our employees to sustain our market leadership in privacy and security. Easily accessible help channels and data privacy partnerships throughout the company further reinforce the culture of data privacy and security at Dynatrace.
You control whether Dynatrace has access to your data. Only users who are members of the monitoring environment's administrative groups, which are tightly controlled by you, can grant or revoke access to the collected data. For information on what options you have for managing access control in Dynatrace, see Manage user groups and permissions.
When you need our support, authorized Dynatrace employees—–specifically, second- and third-level support representatives—–can be granted access to view your data. Such access is restricted by a strong "need to access" policy. Each access is logged, time-stamped, and made available to you in an automated way via our REST API. All authorized Dynatrace employees are bound by strict confidentiality agreements.
Monitoring and audit logging
All systems operated by Dynatrace are subject to health and security monitoring, audit logging, and automated system log analysis. When Dynatrace support is requested for remote installations, access to your systems is recorded in audit logs.
Data retention management
To perform monitoring services, Dynatrace retains only the data that you elect to share and stores it in your Dynatrace Cluster. Dynatrace automatically deletes data that is older than the configured retention periods. Dynatrace also provides Adaptive Data Retention as functionality to periodically increase or decrease the data retention time when your environment storage quota is exceeded or, in a Dynatrace Managed environment, when disk space is insufficient.
Alignment with data protection laws
Dynatrace provides flexible data privacy settings that enable you to fine-tune your environment and application configuration according to regional privacy laws.
Dynatrace also provides multi-layered security controls to keep your data safe.