Vault supports the following G Suite services:
|Service||Manage retention||Hold||Search and export|
|Drive (supported file types)|
|Google Chat (with history on)|
|Classic Hangouts (with history on)||Covered by retention on Google Chat||Covered by holds on Google Chat||Use Gmail search and export|
holds on Drive
search and export
Note: G Suite Enterprise Essentials customers can perform eDiscovery tasks only on files in Drive. Learn more.
Gmail and Groups messages
Vault is fully integrated with Gmail and Google Groups. Thus when you’re searching for messages with Vault, you're actually searching your organization’s message archive. This means:
- Messages are available to Vault as soon as they're received by Gmail or posted to a Group.
- You can use the same familiar search operators you use with Gmail.
- Vault indexes approximately the first 250 pages of text in a message.
More about message indexing and search
Gmail messages with content from other Google products
When someone uses Gmail to share Google Docs, Sheets, Slides, or Forms, Gmail inserts a link rather than attaching a copy of the file to the message. Because the original file is stored in Drive, it isn't included when you retain, hold, search, or export messages.
Gmail users can share links to content stored in other Google products like YouTube and Google Photos. Vault doesn't support additional Google services, so you can't retain, hold, search, or export their content.
Additionally, users can send email messages with some core services for G Suite besides Gmail. For example:
- Calendar—outgoing invitations and messages sent with the Email guests option in desktop Calendar.
- Drive—message content sent when users share files in Drive.
- Google Docs, Sheets, Slides, and Drawings—messages sent by the app when users email files as attachments.
- Forms—email messages containing forms or links to forms.
- Keep—email messages sent when users share notes in Keep.
Note: Comprehensive mail storage applies only to core G Suite services. Additional Google services may be able to send email messages on behalf of users. Messages sent by those services might not be stored in users' sent folder and might be unavailable to Vault.
Gmail messages with AMP content
Dynamic email messages contain markup that displays AMP content within Gmail. Other Google products can send messages that include AMP content, and users in your organization might receive dynamic email messages from external senders.
With dynamic email, a Gmail user can, for example:
- View Google Docs comments as they exist the moment the user opens the notification message in Gmail.
- Quickly post replies and resolve comments without opening the doc.
- Perform additional web-based tasks within the message, like replying to invitations and responding to surveys.
If you look at the original source of a dynamic email message, you'll see 3 types of similar content:
- Plaintext (for email clients that display only plaintext).
- HTML (for email clients that don't display dynamic content).
- AMP markup. When a Gmail user opens the message, they see dynamic and interactive AMP content. The AMP markup can retrieve any updates at the time the message is opened and immediately display them to the user.
Because of the dynamic nature of these messages, the content displayed in Gmail may change as time passes. For example, a comment notification from an active Google Doc could be different each time the user reopens the same message over the course of several days.
Vault support for dynamic email messages
- When you preview a dynamic email message, Vault displays the HTML version of the message. Click Show Original to view all parts of the message, including the AMP markup.
- When you export dynamic email messages, all plaintext, HTML, and AMP markup is included in the export.
- Vault preserves all HTML, plaintext, and AMP markup included in a dynamic email message. Vault has no way to preserve the dynamic content that may be retrieved and displayed when the user opens a dynamic email message.
- Vault can search plaintext and HTML in a dynamic email message. However, AMP markup and AMP content aren't indexed and can't be searched.
Vault can't determine whether Gmail users actually viewed dynamic content when they opened a message that includes AMP markup. Gmail won't display dynamic content when:
- a G Suite admin disables dynamic email for your organization.
- users change their Gmail settings to disable dynamic email.
In either case, AMP content is not displayed by Gmail. However, AMP markup is still included in the message source and available in Vault.
Gmail indexes most text-based file types that are directly attached to a message. This includes files types with extensions like .pdf, .xslx, and .docx.These attachments are included when you search and export messages from Gmail, and they're covered by Gmail retention rules and holds.
Video, audio, image, and binary files included in or attached to messages aren't indexed.
No. Although approximately the first megabyte is indexed and searched, if there's a match, the entire message and any attachments display in Vault.
Vault can hold, retain, and search messages in groups that have archiving is turned on. However, group owners can turn archiving on or off for their groups. If a group owner turns archiving off, the messages from that group are still available in user mailboxes.
When you search and export messages from Gmail, your results may include draft messages. A user's Gmail data can include three types of draft messages:
- Unsent messages in the Drafts folder—These messages are subject to holds and retention rules.
- Discarded drafts—A message that a user deletes without sending is immediately removed from the user's view. It's expunged 30 days later regardless of any holds or retention rules.
- Automatically saved versions of draft messages—As a user composes a message, Gmail automatically saves a version whenever the user pauses for a few seconds. Only the most recent version of a draft message is visible to the user. However, earlier versions are available for Vault to search and export. Versions aren't subject to holds and retention rules.
Auto-saved versions remain available to Vault until they are expunged, even after the user sends the message. Versions of draft messages generated by most Google Gmail clients (such as the Gmail web, Gmail for iPad and iPhone, and Gmail Android) are expunged 1 day after Gmail saved them. In some cases, such as with third-party IMAP clients, versions of draft messages are expunged after 30 days.
You can check the Exclude drafts box on new or existing retention rules to remove unsent messages in users' draft folders from retention coverage.
You can also remove draft messages from search results and exports:
- Check the Exclude drafts box before you search.
- Previews will include automatically saved versions of draft messages. However, other types of drafts are excluded.
- All types of draft messages are excluded when you export.
-(label:^deleted AND label:drafts)to your search terms:
- Previews will include unsent messages in your Drafts folder and automatically saved versions of draft messages. However, discarded drafts are excluded.
- All automatically saved draft messages and discarded draft messages are excluded when you export. Unsent messages in the Drafts folder are included with the export.
Gmail confidential mode lets users restrict recipients' access to sensitive email content. This feature is available to all personal Gmail accounts and to G Suite domains that have enabled the feature.
When a user sends a confidential message, Gmail replaces the message body and attachments with a link. Only the subject and body containing the link are sent via SMTP. Learn more about how to send messages with Gmail confidential mode.
Confidential mode messages sent by users in your domain
If your organization enables Gmail confidential mode, Vault can hold, retain, search, and export all confidential mode messages sent by users in your organization.
Confidential messages sent after November 30, 2018 are visible to Vault in the mailboxes of all internal senders and recipients. Messages are always available to Vault, even when the sender sets an expiration date or revokes recipients' access to confidential mode messages.
Confidential mode messages received from outside your domain
Even if your organization doesn't enable Gmail confidential mode, your users might receive confidential mode messages from other G Suite customers and from personal Gmail accounts.
You can hold, retain, search, and export message headers and subjects of external confidential messages. However, you can't search or export message content or attachments from external confidential messages
Working with confidential mode messages
Vault supports confidential mode messages as follows:
- Vault returns internal confidential messages that match your search query. You have the option to hide confidential message content when you preview and to exclude confidential message content when you print or export messages.
- You can use
label:confidentialmodeto search for confidential messages. You can also use this label to apply holds and custom retention rules specifically to confidential messages.
Vault fully supports chats that occur within classic Hangouts and Google Talk. You can retain, search for, and place holds on:
- Classic Hangouts with history turned on. G Suite administrators can control whether history is on or off, or they can allow users to decide. For details, see Chat history. Vault archives all chats that occur in Gmail and mobile classic Hangouts apps when history is on.
- Google Talk chats that are on the record. G Suite administrators cannot force chats to be on the record. They can, however, disable chat history for a domain.
Classic Hangouts information available to Vault includes:
- All users who participated in the chat.
- All messages that were exchanged during the chat, plus links to any attachments.
- Names of group classic Hangouts. (Participants have the option of naming a group Hangout.) Chats between two users cannot be named.
- The time the chat started and ended.
The following aren't available to Vault:
- Unaccepted invitations to chat. If a user does not participate in a chat, messages sent to that user are not preserved.
- Video calls.
- Chats that occur within Google Docs.
- Images sent through classic Hangouts.
How classic Hangouts are archived
Vault groups all classic Hangouts messages into a single thread. Messages are continuously added to the thread until:
- three hours have elapsed since the last chat message was sent.
- the thread exceeds 1,000 messages.
When you export a classic Hangouts message, the entire thread is included when you download the export file.
Enable support for classic Hangouts
For full support of history-on classic Hangouts:
- Turn on classic Hangouts for your domain.
- Verify Gmail is enabled for all classic Hangouts users. Classic Hangouts messages are stored in the same system that stores email messages for Gmail. Vault can't hold or retain classic Hangouts messages sent or received by accounts that have Gmail disabled. Classic Hangouts messages sent before Gmail is enabled can't be recovered.
You can use Vault to retain, hold, and search for files in your organization's Drives and shared drives. Vault supports Google file types and non-Google file types such, as PDF, DOCX, and JPG.
Important information about Drive and retention
- Google Docs, Sheets, Slides, Forms, and Drawings
- Google Meet recordings
- Jamboard files that have been saved to users' Drives
- Non-Google files that users have uploaded to Drive
Vault ignores folders and Drive shortcuts.
Retention coverage varies depending on the type of rule
Retention rules apply to files owned by and directly shared with users in the organizational unit to which the policy applies. This includes files in a shared drive that are directly shared with a user, regardless of whether that user is a member of that shared drive.
If Include Shared Drives is checked, retention rules also apply to shared drives that include members of the covered organizational unit.
Retention rules retain all applicable files in a user’s Drive (including shared drive files, if the rule was set up to include them). This includes files owned by or shared with users in the applicable organizational unit. However, when the retention coverage period expires, Vault expunges only the files owned by users of that organizational unit. Files shared from outside the organizational unit are never expunged.
When you apply a custom retention rule to shared drives:
- A custom rule that covers All Shared Drives affects retention coverage for all shared drives in your domain.
- A custom rule that covers specific shared drives affects retention coverage only in the selected shared drives.
Shared drive files can only be expunged by shared drive-specific retention rules:
- Retention rules retain all applicable files in a user’s Drive (including shared drive files, if the rule was setup to include them). However, as shared drive files are owned by the team and not by any specific user, only retention rules specific to shared drives can expunge files in a shared drive.
- Rules that apply to users and have include Shared Drives checked can only extend the lifecycle of shared drive files.
- When you create or update a retention rule, it can take up to three hours for the rule to propagate. Files deleted by users during this propagation period are not retained and cannot be retrieved.
- When a retention coverage period expires, it can take up to 15 days for affected files to be removed from Drive.
Files created outside your domain and shared with your users are not subject to your organization’s holds or retention policies.
Each custom retention rule you create for files in Drive must:
- Have a unique last-modified or created date.
- Apply to a unique set of users.
As an example, a conflict could occur if you have a rule that applies to an organizational unit, then you try to add a rule that applies to a shared drive that all members of the organizational unit have access to. Vault rejects the new rule if it has the same created/last-modified date.
Additionally, you can use the Include Shared Drives setting to make a retention rule unique. There’s no conflict for two rules with identical retention criteria if one rule includes shared drives, and the other does not.
Files subject to multiple retention rules are always preserved according to the rule with the longest retention period.
Some Google Apps store their data in Drive. Because these apps can be adversely affected by unexpected data deletion, they may be excluded from Drive retention rules. Vault supports the following apps:
|Jamboard||Covered by Drive rules||
Vault only retains jams that have been saved to users' Drives. Unsaved jams are discarded when the Jamboard session ends and are unavailable to Vault.
|Google Meet||Excluded by default||You can enable retention for Google Meet.|
You can set custom retention rules that expunge files a set number of days after users move them to trash. Only files moved to trash on or after August 1, 2016 are subject to moved-to-trash rules:
- A moved-to-trash rule applies to both files that are in a user's trash and to files that were deleted when the user emptied trash.
- A moved-to-trash rule only expunges files owned by the user or shared drive to which it applies.
- If a file in trash is subject to multiple retention rules, a moved-to-trash rule supersedes all other retention rules. If multiple moved-to-trash rules apply to a file, the file is retained according to the rule with the latest expiration date. Holds still take precedence over all retention rules.
- Shared drive files that aren't subject to a hold or retention rule are permanently deleted from all Google systems approximately 30 days after they're moved to trash.
Users can link a Google file to another Google file. For example, someone writing in a Google Doc can create a chart that's linked to data contained in a Google Sheet. Whenever the spreadsheet is updated, the chart in the document is also updated.
In the example above, if a retention rule preserves the document, and no retention rules or holds preserve the spreadsheet, the spreadsheet could be expunged even though the document is retained.
Important information about Drive and holds
- A hold on Drive applies to items owned by and directly shared with the users or organizations covered by the hold. This includes items in a shared drive that are directly shared with a user, regardless of whether the user is a member of that shared drive. This doesn't include folders or Drive shortcuts.
- You can't place a shared drive on hold. Instead you must place its members on hold and check the Include Shared Drives box.
- a shared drive member:
- moves a file out of a shared drive, and that member isn't on hold.
- removes a member that's currently on hold from the shared drive, and there are no other shared drive members on hold.
- no shared drive member is on hold.
When a shared drive is deleted, files in the deleted shared drive are subject to the following holds scenarios:
If a user is a member of the deleted shared drive as an individual (not a member through a group) and is subject to a hold, then all files in the shared drive are preserved until the hold is removed. After the hold on the user is removed, and if the files aren't subject to another hold or retention rule, they are deleted.
If a user isn't a member of the deleted shared drive but has access to a file in the shared drive as an individual (not as a member of a group) and that user is subject to a hold, then only that file is preserved until the hold on the user is removed. Files that don't match a retention rule or hold are deleted.
Important information about Drive and search
Vault searches Drive for all items owned by and directly shared with the users specified in your search entry. Vault search can include items in a shared drive that are directly shared with a user, regardless of whether the user is a member of that shared drive. Vault search doesn't include folders or Drive shortcuts.
Yes, you can search selected shared drives directly or, when you search by specific accounts or organizational units, you can choose to include results from shared drives.
For all items, you can search the title, owner, date last modified, and other metadata.
For supported file types, you can search for words and phrases in the contents of files. Vault indexes the first 100 pages of text files and the first 10 pages of text in image PDFs.
You can search text within the following file types:
- Microsoft Word, Excel, and Powerpoint
- OpenOffice™ XML
- Wireless Application Protocol (.wap)
- Wireless Markup Language (.wml)
- Google Earth (.kml)
Vault doesn't index the content of video, audio, image, or binary files.
You can preview the following file types:
- Files created with Google Docs, Google Sheets, Google Slides, and Google Drawings
- Uploaded files such as .docx, .pdf, and .xlsx
In some Google Docs editors, users can link a file to another file. For example, in a Google Docs document you can insert a chart that's linked to data in a Google Sheets spreadsheet. Whenever the spreadsheet is updated, the chart in the document is also updated.
When you search files in Drive, Vault returns only the files that match your search criteria. If those files are linked to files that don't match your query, the linked files aren't included in your results.
No. You can search only the most recent version of a file. However, you can enter a version date as part of your search. When you enter a version date, Vault searches the current version of the file, but you preview and export the contents of the last version saved before 12:00 AM UTC on the date. Versioning is supported only in Google Drive for Google Docs, Sheets, Slides, and Drawings.
Some properties are reported for the current version, no matter what version date you specify. These properties include the title, who it was shared with, when it was last modified, and other data in Vault’s metadata.xml file.
Version snapshots include comments, subject to the following criteria:
- Open comments are included only if your organization has comment or edit access to the document. Comments aren’t included if you only have view access.
- An open individual comment (one with no replies) is included if: 1) the comment was created as of the version date, and 2) the commented text existed in that version (even if the commented text is now deleted). A comment isn’t included in versions from before the comment was created.
- An open comment thread (one with replies) is included in its entirety if: 1) the first comment was created as of the version date, and 2) the commented text existed in that version (even if the commented text is now deleted). For example, if a comment thread has two messages that were created on October 1 and October 5, a search with the version date of October 2 contains both comments even though the October 5 comment didn’t exist at the time.
- Edited comments are included as they currently exist, not how they were at the version time.
- Resolved or deleted comments aren’t included in a version, even if the comment was open at the version time.
No. You can't search the top organizational unit. Select a child organizational unit or individual accounts. You can search Drive for up to 5,000 accounts total (as individual accounts or members of organizational units).
You can use Vault to retain, hold, and search messages sent using Google Chat.
Important information about Google Chat and retention
Retention rules and holds always apply to rooms. However, they apply to DMs only when history is turned on. A G Suite admin can control whether history is on or off, or they can allow users to decide.
- The default retention rule applies to all DMs and all rooms.
- A custom retention rule applied to an organizational unit only covers DMs. Rooms aren't covered.
- A custom retention rule applied to all rooms only covers rooms. DMs aren't covered.
When a retention period expires, Vault expunges all covered Chat messages
Important information about Google Chat and holds
Retention rules and holds always apply to rooms. However, they apply to DMs only when history is turned on. A G Suite admin can control whether history is on or off, or they can allow users to decide.
A hold on a user account includes message threads in rooms in which that user sent at least one message. Conversations in a room where the user wasn't an active participant aren't included in the hold, even though that user might have viewed messages.
Direct messages (DMs) sent to a user on hold are included in the hold even if the user doesn't reply.
You can't place an entire room on hold
When a message that's on hold is deleted by a user or a retention rule, the user can't see the message anymore. However, a Vault user with appropriate privileges can search for and view the message in Vault. The Vault user can also export the message using Vault.
Important information about Google Chat and search
When someone uses Google Chat to share Google Docs, Sheets, Slides, or Forms, Chat inserts a link rather than attaching a copy of the file to the message. Because the original file is stored in Drive, it isn't included when you retain, hold, search, or export chat messages.
For non-Google files that are directly attached to a chat message, Vault indexes most text-based file types (for example, files with .pdf, .xslx, and .docx extensions). These attachments are included when you search and export chat messages, and they are covered by chat retention rules and holds.
While Vault can export as many messages as your search will yield, previews are limited to 1000 messages. If you want to preview a large number of messages, use search terms and other criteria to reduce the results to smaller groups of messages.
Conversations in rooms are always searchable in Vault. However, Vault can search only DMs that were sent with history tuned on. A G Suite admin can control whether history is on or off, or they can allow users to decide.