Datadog retains personal data for as long as necessary to fulfill its stated purposes, meet legal requirements, or defend legal claims, with no specific fixed retention period disclosed.
This analysis describes what Datadog's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy does not specify fixed retention periods for individual data categories, instead relying on purpose-based retention criteria; this approach is consistent with GDPR storage limitation principles but may limit users' ability to predict when their data will be deleted.
Interpretive note: The absence of specific retention timelines per data category creates uncertainty about whether this policy satisfies GDPR transparency requirements; applicability depends on jurisdiction-specific guidance.
Personal data Datadog holds about users does not expire on a fixed schedule; it is retained as long as Datadog determines it is necessary for service delivery, legal compliance, or dispute resolution, without specific timelines disclosed in this policy.
How other platforms handle this
We retain personal information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. The specific retention periods depend on the type of information and the purposes for which it is processed.
We keep information for as long as we need it to provide our products, comply with legal obligations, or for other legitimate purposes, such as to maintain safety, security, and integrity.
After your account is deleted, we keep data about interactions you've had on our service to prevent abuse, ban evaders and others in an effort to protect and ensure the safety and security of our service and our members.
Monitoring
Datadog has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.— Excerpt from Datadog's Datadog Privacy Policy
REGULATORY LANDSCAPE: Data retention practices engage GDPR Article 5(1)(e) storage limitation principle, which requires that personal data not be kept longer than necessary for its stated purpose. CCPA does not impose specific retention limits but requires accurate disclosure of retention practices. The absence of specific retention periods may face scrutiny from EU data protection authorities, particularly for post-termination retention. GOVERNANCE EXPOSURE: Medium. The policy's purpose-based retention approach, without specified timelines per data category, may not satisfy the GDPR transparency principle (Article 5(1)(a)) to the extent that users cannot determine how long their data will be held. Data protection authorities in some EU member states have issued guidance requiring more specific retention period disclosures in privacy policies. JURISDICTION FLAGS: EU and UK organizations should assess whether the absence of specific retention periods per category is compliant with local guidance from their national data protection authority. For enterprise customers, the DPA should specify retention and deletion timelines for service data, particularly for purposes of responding to data subject erasure requests. CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers should confirm that the DPA includes specific retention and deletion timelines for monitoring data and that Datadog provides a deletion confirmation mechanism upon contract termination. The policy's reference to retention for legal claims defense creates an open-ended retention basis that should be scoped in the DPA. COMPLIANCE CONSIDERATIONS: Legal teams should request Datadog's data retention schedule for specific data categories and compare it against the policy's general language. Where personal data is held beyond service termination for legal defense purposes, the basis for retention should be documented and time-limited.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy does not specify fixed retention periods for individual data categories, instead relying on purpose-based retention criteria; this approach is consistent with GDPR storage limitation principles but may limit users' ability to predict when their data will be deleted.
Personal data Datadog holds about users does not expire on a fixed schedule; it is retained as long as Datadog determines it is necessary for service delivery, legal compliance, or dispute resolution, without specific timelines disclosed in this policy.
ConductAtlas has identified this type of provision across 135 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Datadog.