Data Egress is designed to protect customer data throughout the export, notification, and retrieval process. SysTrack uses a pull-based model with time-bound access to minimize exposure and maintain customer control.
Secure Export and Notification Model
Data Egress uses a two-step process to separate notification from data access:
Webhook notification: SysTrack sends a notification to a customer-provided webhook endpoint using the configured authentication method. The webhook payload includes an invocation ID and a list of successfully exported tables. The notification does not include a download link or exported data.
Authenticated data retrieval: Customers use their SysTrack Data Egress API key to request a signed, time-bound Shared Access Signature (SAS) URL. The SAS URL grants temporary, read-only access to the exported files.
Time-Bound Access and Retention
The default SAS URL expiration period is 1 hour. Customers can extend the expiration period up to 8 hours, depending on data size and retrieval requirements. For details, see Get export SAS URL.
Export files are retained for 7 days and are automatically deleted after the retention period expires.
Data Handling and Storage
Tables with more than 1,000,000 rows are split into multiple partition files.
All exported data is stored across Lakeside Azure hosting sites. For details, see Data Collection Through SysTrack Cloud.
No data is pushed to customer systems; customers explicitly retrieve data using authenticated API calls.
Customer Responsibilities
To maintain a secure environment, customers are responsible for the following:
Secure the webhook endpoint and store webhook secrets or passwords securely. These values are not retrievable after creation. For details, see Configure Export.
Securely store and regularly rotate the SysTrack Data Egress API key. For details, see Manage API Keys.
Retrieve exported data within the retention window and before SAS URLs expire. For details, see Retrieve Your Data.