Data retention

This document describes data we retain while performing transfers for Storage Transfer Service and Transfer service for on-premises data. This data is necessary to complete transfers on your behalf, but isn't directly related to the data you're transferring.

User credentials

To complete a transfer job, you'll supply us with user credentials that we use to complete transfer jobs on your behalf. We encrypt and retain the user credentials for as long as a TransferJob exists. We delete the user credentials provided when the associated TransferJob is deleted.

The following account types are examples of user credentials we'll retain for the duration of a TransferJob to complete work on your behalf:

  • Amazon S3
  • Microsoft Azure Storage

When using federated identity to authenticate to Amazon S3, AWS provides temporary credentials to Storage Transfer Service. Temporary credentials expire after a set period of time, after which they can not be used to access your S3 resources. See Temporary security credentials in IAM for more details.