Data Governance

This topic provides information regarding the collection, storage, and retention of logs by the Device Posture service. Any capitalized terms not defined in the Definitions sections carry the meaning specified in the Citrix End User Services Agreement.

Data residency

The Citrix Device Posture customer content data resides in the AWS and Azure Cloud Services. They are replicated to the following regions for availability and redundancy:

  • AWS
    • East US
    • West India
    • Europe (Frankfurt)
  • Azure
    • West US
    • West Europe
    • Asia (Singapore)
    • South Central US

The following are the different destinations for the service configuration, runtime logs and events.

Data collection

Citrix Device Posture service allows the customer administrators to configure the service through the Device Posture UI. The following customer content is collected based on the device posture policy configuration and the platform:

  • Operating system version
  • Citrix Workspace app version
  • MAC addresses
  • Running processes
  • Device certificate
  • Registry details
  • Windows installation update details
  • Last Windows update details
  • File system – file names, file hashes and modified time
  • Domain name

For runtime logs collected by the service components, the key information consists of the following:

  • Customer/tenant ID
  • Device ID (Citrix generated unique identifier)
  • Device posture scan output
  • Public IP address of the endpoint device

Data transmission

Citrix Device Posture service sends logs to destinations protected by transport layer security.

Data control

Citrix Device Posture service does not currently provide options for the customers to turn off sending logs or prevent customer content from being replicated globally.

Data retention

Based on the Citrix Cloud data retention policy, the customer configuration data are purged from the service 90 days after subscription has expired.

The log destinations maintain their service-specific data retention policy.

  • For details, see Data Governance for the retention policy for the Analytics logs.
  • The Splunk logs are archived and eventually removed after 90 days.

Data export

There are different data export options for different types of logs.

  • The admin audit logs are accessible from the Citrix Cloud System Log console.
  • The Device posture service diagnostics logs can be exported from the Citrix Analytics Service or Secure Private Access service dashboard as a CSV file.


  • Customer Content means any data uploaded to a customer account for storage or data in a customer environment to which Citrix is provided access to perform Services.
  • Log means a record of events related to the services, including records that measure performance, stability, usage, security, and support.
  • Services mean that the Citrix Cloud services outlined earlier for the purposes of Citrix Analytics.
Data Governance