Google Vault FAQ

For many Google Workspace editions, Vault licenses are included for all users in your organization. If Vault isn't included in yours, you might be able to buy add-on licenses.

Learn more about how to buy Vault licenses for your organization.

Yes. If you delete a user, all the data associated with the user's account is removed from Google.

When you delete a user:

• You can't search for or export any of their data from Vault.
• Any retention rules or holds placed on the user's data no longer apply. Data can be expunged right away.
• You can recover data for 20 days after you delete the user. However, any data that is already expunged can't be recovered. Learn how to restore a recently deleted user.

As a best practice, we recommend you use an Archived User (AU) license to preserve the user’s data. For more information, see Manage former employees and their data. If you use Google Cloud Directory Sync, ensure that the tool is configured to suspend accounts instead of deleting them.

Do not delete the account. If you delete a user, you also delete any data retained by Vault.

To keep a user's data available to Vault after they leave your organization, assign them an Archived User (AU) license. For more information, see Manage former employees and their data. Alternatively, you can suspend their account to preserve data and disable services, but a suspended account is billed the same as an active account.

Yes. When a group is deleted, messages in the group are also deleted. Messages in Groups are deleted even when the deleted group was subject to a hold or retention rule. However, messages in Gmail that accounts receive through a subscription to a group aren't deleted and are subject to Gmail retention rules and holds.

There is no impact to Vault when this happens. However, a user who has exceeded the storage limit can no longer send or receive new email messages and may experience general account degradation.

To access data, sign in to https://vault.google.com, create a matter, and search your organization's data. Your Vault admin might restrict the data that you can access and search. Learn how to search for data and about Vault privileges.

No. For security reasons, Vault can only be accessed through https://vault.google.com.

You can allow third parties to sign in to Vault. Learn how to allow an external user to access Vault.

Learn how to export Vault data.

No. Vault isn’t designed to be a backup or archive tool.

Why shouldn’t I use Vault for backups or data pulls?

• Vault exports aren’t designed for large-scale or high-volume data backups. You can export data for a limited number of accounts and only for one Google service at a time. Vault also doesn’t allow many parallel exports or scheduling automatic exports.
• Vault exports are prepared for legal discovery purposes, not efficient data processing. Vault can’t create differential backups or deduplicate data. For example, a Drive export includes all items the searched account has access to. When many accounts have access to the same items, they’re exported for each account, resulting in lots of duplicated data.
• Vault doesn't support all Google services. Vault can export data only from supported Google services. Vault doesn't support services such as Calendar, Contacts, Keep, and Currents.
• Restoring data from Vault export files is hard. Vault doesn't have any automated recovery tools.
  • For Gmail, Chat, and groups, you can use Google Workspace Migration for Microsoft Exchange (GWMME) to import PST files. Google doesn't have a tool to bulk import mbox files.
  • For Drive exports, the files aren't separated by account and Google files, such as docs, spreadsheets, and presentations, are in a different format.
  • Voice data can't be restored from Vault export files.

Still need to back up or extract data?

You might want a backup to protect your data against human error or ransomware attacks. Google has some options:

• To export your entire organization’s data, use Data Export.
• A user can also export their own data. For example, if you're a small business with few employees, you can each export and back up your own data.

Google also has many tools that you can use to work with and extract your organization's Google Workspace data, such as APIs and BigQuery or partner solutions, such as Afi and SpinOne. For additional third-party and partner options, you can also check out Google Cloud.

For data that was deleted fewer than 25 days ago, we recommend that you use the Google Admin console to restore a user’s Google Drive or Gmail data.

You can set retention periods to meet your needs, including indefinite retention. Learn more about Vault retention.

Users can delete messages and items in Google services, but any data that's subject to a retention rule or hold remains available to Vault users in Vault. Deleted messages retained by Vault don't count against users' storage. Learn more about using Vault for retention.

All Vault user actions are monitored and tracked in an audit trail. If a user with privileges to change the retention period attempts to do so, that action is tracked in the audit log. The action can't be removed from the audit log. Learn more about Vault’s audit capabilities.

Google replicates your organization's data between multiple geographically dispersed data centers. Learn more about Google’s enterprise reliability commitments.

Google complies with the law when responding to third-party requests for user information. Learn about Google’s enterprise privacy commitments.

Learn about Google's enterprise compliance commitments.