Data Governance

This section provides information regarding the collection, storage, and retention of logs by Citrix Analytics service. Any capitalized terms not defined in the Definitions section carry the meaning specified in the Citrix End User Services Agreement.

Citrix Analytics is designed to provide customers with insight into activities in their Citrix computing environment. Citrix Analytics enables security administrators to choose what logs they want to monitor and take directed action based on logged activity. These insights help security administrators manage access to their computing environments and protect Customer Content in the customer’s computing environment.

Data residency

Citrix Analytics logs are maintained separately from the data sources and are aggregated in multiple Microsoft Azure Cloud environments, which are located in the United States and the European Union. The storage of the logs depends on the home region selected by the Citrix Cloud administrators when onboarding their organizations to Citrix Cloud. For example, if you have chosen the European region when onboarding your organization to Citrix Cloud, Citrix Analytics logs will be stored in Microsoft Azure environments located in the European Union. For more information, see Geographical Considerations.

Data collection

Citrix Cloud services are instrumented to transmit logs to Citrix Analytics. Logs are collected from the following data sources:

  • Citrix Access Control

  • Citrix ADC (on-premises) along with subscription for Citrix Application Delivery Management

  • Citrix Content Collaboration

  • Citrix Endpoint Management

  • Citrix Virtual Apps and Desktops (service and perpetual offerings)

Data transmission

Citrix Cloud logs are transmitted securely to Citrix Analytics. When the customer’s administrator explicitly enables Citrix Analytics, these logs are analyzed and stored on a customer’s database. The same is applicable to Citrix Virtual Apps and Desktops on-premises data sources with Citrix Workspace configured.

For Citrix ADC data sources, log transmission is initiated only when the administrator explicitly enables Citrix Analytics for that specific data source.

Data control

Logs sent to Citrix Analytics can be turned on or off at any time by the administrator.

When turned off for Citrix ADC on-premises data sources, all communications between the particular ADC data source and Citrix Analytics stop.

When turned off all for other data sources, the logs for the particular data source are no longer analyzed and stored in Citrix Analytics.

Data retention

Citrix Analytics logs are retained in identifiable form for a maximum of 13 months or 396 days. All logs and associated analytics data (such as user risk profiles, user risk score details, user risk event details, user watch list, user actions, and user profile) are retained for this period.

For example, if you have enabled Analytics on a data source on January 1, 2018, then by default, data collected on January 1, 2018, will be retained in Citrix Analytics until January 31, 2019, the data collected on January 15, 2018, will be retained until February 15, 2019, and so on.

This data is stored for the default data retention period even after you have turned off data processing for the data source or after you have removed the data source from Citrix Analytics.

Citrix Analytics deletes the entire customer database 90 days after the subscription or trial period ends.

Citrix Services Security Exhibit

Detailed information concerning the security controls applied to Citrix Analytics, including access and authentication, security program management, business continuity, and incident management, is included in the Citrix Services Security Exhibit.


Customer Content means any data uploaded to Customer’s account for storage or data in Customer’s computing environment to which Citrix is provided access to perform Services.

Log means a record of events related to the Services, including records that measure performance, stability, usage, security, and support.

Services means the Citrix Cloud Services outlined above for purposes of Citrix Analytics.

Data collection agreement

By uploading your data to Citrix Analytics and by using the features of Citrix Analytics, you agree and consent that Citrix may collect, store, transmit, maintain, process and use technical, user, or related information about your Citrix products and services.

At all times, information received by Citrix will be treated in accordance with Citrix’s Privacy Policy, which can be found at:

Appendix: logs collected

General logs

In general, Citrix Analytics logs contain the following header identification data points:

  • Header Keys

  • Device Identification

  • Identification

  • IP Address

  • Organization

  • Product

  • Product Version

  • System Time

  • Tenant Identification

  • Type

  • User: Email, Id, SAM Account Name, Domain, UPN

  • Version

Citrix Content Collaboration logs

The Citrix Content Collaboration logs contains the following data points:

  • Account Id

  • Account Info: API Control Plane, App Control Plane, Subdomain

  • Add On Name

  • Additional Bandwidth

  • Additional Bandwidth Rate

  • Additional Disk Space

  • Additional Disk Space Rate

  • Additional User Rate

  • Additional Users

  • Address1

  • Address2

  • Advanced Custom Branding Folder Name

  • Alias Id

  • App Code

  • Associated Folder Template Id

  • Bandwidth Max

  • Base Bandwidth

  • Base Billing Rate

  • Base Disk Space

  • Base Users

  • Billing Contact Id

  • Billing Cycle

  • Billing Rate

  • Billing Type

  • Branding Styles

  • Bytes Downloaded

  • Bytes Total

  • Cc Sender

  • City

  • Client Information: City, Client IP, Control Plane, Country, OAuth Client Id, Operating System, Tool Display Name, Tool Name, Tool Version

  • Client Name

  • Company

  • Company Name

  • Component Name

  • Connector Type

  • Contacts: Op Name, Values, Contact Id, Email

  • Context: Resource Id, Resource Type

  • Copied File Id

  • Country

  • Created By

  • Creation Date

  • Creator Id

  • Default Zone Id

  • Deleted Permanently

  • Description

  • Destination: File Path, Parent Id, Path, Zone Id

  • Disk Space Limit

  • Disk Space Max

  • DLP Status

  • Download By Service

  • Download Id

  • Email Addresses: Op Name, Values

  • Encryption Rate

  • End Time

  • Entity Id

  • Event Id

  • Event Time

  • Event User Email

  • Event User Id

  • Events: Operation Name, Resource Type

  • Expiration Date

  • Fields: Account Id, Account Information Type, API Control Plane, App Control Plane, Subdomain, Approval Context Type, Approval Id, Approval Step Id, Approval Step Status, Is Linked to Approval Step, Bytes Downloaded, Client Information Type, City, Client IP, Control Plane, Country, OAuth Client ID, Operating System, Tool Display Name, Tool Name, Tool Version, Completed Step Id, Connector Type, Created By Type, Created By Email Address, Created By First Name, Created By Id, Created By Last Name, Due, End Time Event User Id, File Extension, File Id, File Name, File Path, File Size, Form Id, Last Ping Back, Name, Next Step Id, Participant Type, Participant Role, Participant Status, Participant User Id, Recipient Type, Recipient Op Name, Recipient Email Address, Recipient First Name, Recipient Id, Recipient Last Name, Role Type, Role Initiators Type, Role Initiators Op Name, Role Initiators Email Address, Role Initiators First Name, Role Initiators Id, Role Initiators Last Name, Role Instance Manager Type, Role Instance Manager Op Name, Role Instance Manager Email Address, Role Instance Manager First Name, Role Instance Manager Id, Role Instance Manager Last Name, Role Template Manager Type, Role Template Manager Op Name, Role Template Manager Email Address, Role Template Manager First Name, Role Template Manager Id, Role Template Manager Last Name, Role View Report Type, Role View Report Op Name, Role View Report Email Address, Role View Report First Name, Role View Report Id, Role View Report Last Name, Routing Key Type, Routing Key Account Id, Routing Key Component Name, Routing Key File Extension, Routing Key File Id, Routing Key File Name, Routing Key Form Id, Routing Key Operation Name, Routing Key Product Name, Routing Key Resource Type, Routing Key Storage Center Id, Routing Key Submission Id, Routing Key Template Id, Routing Key Workflow Id, Routing Key Zone Id, Routing Key Zone Version, Server Name, Start Time, State, Step Data Type, Step Data File Id, Step Data Status, Step Data Step Type, Steps Completed, Steps Remaining, Steps Type, Steps Approvers Type, Steps Approvers Email Address, Steps Approvers First Name, Steps Approvers Id, Steps Approvers Last Name, Steps Days To Complete, Steps Sequential, Steps Step Id, Steps To Type, Steps To Email Address, Steps To First Name, Steps To Id, Steps To Last Name, Steps Viewers Type, Steps Viewers Email Address, Steps Viewers First Name, Steps Viewers Id, Steps Viewers Last Name, Steps Viewers Name, Storage Center Id, Stream Id, Submission Id, Templated Id,Trigger Type, Trigger Folder Ids, Trigger Form Id, User Id, Workflow Type, Workflow Id, Workflow Initiator Type, Workflow Initiator User Id, Workflow Name, Workflow Template Id, Workflow Trigger Resource Id, Workflow Trigger Type, Workflow Initiator Info User Id, Workflow Status, Workflow Type, Zone Id, Zone Services, Zone Version

  • File Extension

  • File Id

  • File Name

  • File Path

  • File Size

  • File Size Bytes

  • First Name

  • Folder Id

  • Folder Name

  • Grant Types

  • Group Id

  • Has Encryption

  • Has Multiple Versions

  • Has Power Tools

  • Hash

  • Integration OAuth Client Id

  • Integration Provider Type

  • IRM Classification Id

  • Is Confirmed

  • Is Disabled

  • Is Employee

  • Is Free Trial

  • Is Shared

  • Is Template Owned

  • Is View Only

  • Item Extension

  • Item Extensions

  • Last Any Login

  • Last Name

  • Lock Id

  • Lock Type

  • Logo URL

  • Max Downloads

  • Method

  • Name

  • New Stream Id

  • Number Of Licenses

  • Number Of Paid Licenses

  • OAuth Client Id

  • Old Stream Id

  • Operation Name

  • Owner Id

  • Parent Id

  • Path

  • Phone

  • Plan Name

  • Plan Track

  • Power Tools Rate

  • Price Per License

  • Primary Email

  • Primary Subdomain

  • Product Code

  • Product Name

  • Recipient Id

  • Recipient Ids

  • Redirect URIs

  • Required Login

  • Required User Info

  • Resource Type

  • Root Item Id

  • Routing Key: Account Id, Add On Name, App Code, Component Name, Connector Type, Entity Id, File Id, Folder Id, Group Id, Integration Provider Type, OAuth Client Id, Operation Name, Parent Id, Product Name, Resource Type, Share Id, Stream Id, User Id, Version, Zone Id

  • Scope

  • Semantic Path

  • Server Name

  • Share Id

  • Share Info: Alias Id, Creator Id, Share Id, Share Sub Type Id

  • Share Sub Type Id

  • Share Type

  • Single Version

  • Start Time

  • State

  • Storage Center Name

  • Stream Id

  • Subdomains: Op Name, Values

  • Subscribed Resource Id

  • Subscribed Resource Type

  • Tax Area Code

  • Title

  • Update Date

  • Upload Id

  • URL Path

  • Use Advanced Custom Branding

  • User Email

  • User Id

  • User Max

  • User Roles: Op Name, Values

  • Version

  • Webhook Subscription Id

  • Webhook URL

  • Zip

  • Zone Id

Citrix Endpoint Management service logs

The Citrix Endpoint Management service logs contain the following data points:

  • Compliance

  • Corporate Owned

  • Device Id

  • Device Model

  • Device Type

  • Geo Latitude

  • Geo Longitude

  • Host Name

  • IMEI

  • IP Address

  • Jail Broken

  • Last Activity

  • Management Mode

  • Operating System

  • Operating System Version

  • Platform Information

  • Reason

  • Serial Number

  • Supervised

Citrix Virtual Apps and Desktops logs

The Citrix Virtual Apps and Desktops logs contains the following data points:

  • App Name

  • Browser

  • Details: Format Size, Format Type, Initiator, Result

  • Device Id

  • Device Type

  • File Name

  • File Path

  • File Size

  • Jail Broken

  • Job Details: File Name, Format, Size

  • Location: Estimated, Latitude, Longitude

  • Long CMD Line

  • Module File Path

  • Operation

  • Operating System

  • Platform Extra Information

  • Printer Name

  • SaaS App Name

  • Session Domain

  • Session Server Name

  • Session User Name

  • Session GUID

  • Timestamp

  • Time Zone: Bias, DST, Name

  • Type

  • URL

  • User Agent

Citrix ADC logs

The Citrix ADC logs contain the following data points:

  • Container

  • Files

  • Format

  • Type

Citrix Managed Desktops logs

The Citrix Managed Desktops logs contain the following data points:

  • App Name

  • Browser

  • Details: Format Size, Format Type, Initiator, Result

  • Device Id

  • Device Type

  • File Name

  • File Path

  • File Size

  • Jail Broken

  • Job Details: File Name, Format, Size

  • Location: Estimated, Latitude, Longitude

  • Long CMD Line

  • Module File Path

  • Operation

  • Operating System

  • Platform Extra Information

  • Printer Name

  • SaaS App Name

  • Session Domain

  • Session Server Name

  • Session User Name

  • Session GUID

  • Timestamp

  • Time Zone: Bias, DST, Name

  • Type

  • URL

  • User Agent