--- title: "Data Egress Security" slug: "data-egress-security" updated: 2026-03-27T14:57:06Z published: 2026-03-27T14:57:06Z canonical: "documentation.lakesidesoftware.com/data-egress-security" --- > ## Documentation Index > Fetch the complete documentation index at: https://documentation.lakesidesoftware.com/llms.txt > Use this file to discover all available pages before exploring further. # Data Egress Security Data Egress is designed to protect customer data throughout the export, notification, and retrieval process. SysTrack uses a pull-based model with time-bound access to minimize exposure and maintain customer control. ## Secure Export and Notification Model Data Egress uses a two-step process to separate notification from data access: 1. Webhook notification: SysTrack sends a notification to a customer-provided webhook endpoint using the configured authentication method. The webhook payload includes an invocation ID and a list of successfully exported tables. The notification does not include a download link or exported data. 2. Authenticated data retrieval: Customers use their SysTrack Data Egress API key to request a signed, time-bound Shared Access Signature (SAS) URL. The SAS URL grants temporary, read-only access to the exported files. ## Time-Bound Access and Retention - The default SAS URL expiration period is 1 hour. Customers can extend the expiration period up to 8 hours, depending on data size and retrieval requirements. For details, see [Get export SAS URL](/api/apidocs/get-export-sas-url). - Export files are retained for 7 days and are automatically deleted after the retention period expires. ## Data Handling and Storage - Tables with more than 1,000,000 rows are split into multiple partition files. - All exported data is stored across Lakeside Azure hosting sites. For details, see [Data Collection Through SysTrack Cloud](/documentation/docs/faq-data-collection-through-systrack-cloud). - No data is pushed to customer systems; customers explicitly retrieve data using authenticated API calls. ## Customer Responsibilities To maintain a secure environment, customers are responsible for the following: - Secure the webhook endpoint and store webhook secrets or passwords securely. These values are not retrievable after creation. For details, see [Configure Export](/documentation/docs/configure-export). - Securely store and regularly rotate the SysTrack Data Egress API key. For details, see [Manage API Keys](/documentation/docs/manage-api-keys). - Retrieve exported data within the retention window and before SAS URLs expire. For details, see [Retrieve Your Data](/documentation/docs/retrieve-your-data).