# Data retention policy

This policy outlines retention periods for different datasets collected by Wallarm and stored in the Wallarm Cloud.

| Dataset                                                                                                                                                                                                                                | Paid subscription | Free tier |
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------|------------------|
| Data on attacks, hits, and incidents detected by the filtering nodes                                                                                                                                                                         | 6 months        | 3 months |
| Detailed [data on bot attacks](https://docs.wallarm.com/api-abuse-prevention/exploring-bots.md#attacks) | 31 days        | 31 days |
| Data on [user sessions](https://docs.wallarm.com/api-sessions/overview.md) the legitimate and malicious requests belong to  | 1 week | 1 week |
| [Security issues](https://docs.wallarm.com/user-guides/vulnerabilities.md) (vulnerabilities) detected by [any method](https://docs.wallarm.com/about-wallarm/detecting-vulnerabilities.md#detection-methods) | ∞<sup>*</sup> | ∞ |
| Statistics on processed and blocked requests displayed on the [Threat Prevention dashboard](https://docs.wallarm.com/user-guides/dashboards/threat-prevention.md)                                                                                                                          | 6 months        | 3 months |
| History of [allowlisted, denylisted, and graylisted IP addresses](https://docs.wallarm.com/user-guides/ip-lists/overview.md)                                                                                                                                                                     | 3 months         | 3 months |
| Automatically generated or manually created [rules](https://docs.wallarm.com/user-guides/rules/rules.md) for proccessing traffic by Wallarm nodes                                                                                                              | ∞                | ∞ |
| Wallarm account configuration: [users](https://docs.wallarm.com/user-guides/settings/users.md), [applications](https://docs.wallarm.com/user-guides/settings/applications.md), [integrations](https://docs.wallarm.com/user-guides/settings/integrations/integrations-intro.md), [triggers](https://docs.wallarm.com/user-guides/triggers/triggers.md) | ∞                | ∞ |
| [Audit log](https://docs.wallarm.com/user-guides/settings/audit-log.md) records                                                                                                                                                                           | 6 months         | 3 months         |
| [API Discovery](https://docs.wallarm.com/api-discovery/overview.md) endpoint data (host, path, parameters, parameter types, application, discovered timestamp) | 30 days since last seen | 30 days since last seen |
| [API Discovery](https://docs.wallarm.com/api-discovery/overview.md) dynamic endpoint data (sensitive data, authentication flows, change status, requests counter) | 7 days | 7 days |

<small><sup>*</sup> Storing of security issues found by [AASM](https://docs.wallarm.com/api-attack-surface/overview.md) can be limited by the AASM's [host retention policy](https://docs.wallarm.com/api-attack-surface/setup.md#host-retention-policy).</small>