Set up Vault for your organization

Set up requirements and recommendations

  • You must be a Google Workspace super administrator for your organization to complete the steps in this guide.
  • Consider enabling comprehensive message storage. Other Google products might send email on a user's behalf. This setting ensures that a copy of those messages is stored in the user's Gmail mailbox and is available to Vault. Learn more
  • Consider turning on Chat history for your organization. Retention rules and holds always apply to Chat spaces. However, they apply to direct messages only when history is turned on.
  • Consider turning on message archiving in Google Groups for Business for groups of interest. Vault can hold, retain, and search messages only in groups that have archiving turned on. However, group owners can change this setting for their groups. If a group owner turns archiving off, the messages from that group are still available in user mailboxes.

Step 1. Control who can sign in to Vault

To allow others to sign in to Vault, turn on Vault for all or selected users. Learn how

Note:

  • This setting has no effect on which accounts can be retained, held, and searched by Vault. All user accounts with Google Workspace can be retained, held, and searched.
  • This setting has no effect on which accounts can change retention rules, search for data, or perform other Vault functions. Users must have appropriate Vault privileges to work with Vault.
  • If you turn on Vault for everyone in your organization, the Vault icon appears in everyone's list of apps. If your organization has set up organizational units, we recommend you restrict access to organizational units that have Vault privileges.

Step 2. Sign in to Vault

  1. Go to https://vault.google.com.
  2. Sign in with your Google Workspace username and password.

Step 3. Set your organization's default retention rules

Every company has different requirements for data retention. You can set Vault retention rules to meet your company's specific needs—whether to preserve data created by employees using Google Workspace, or to purge data after it's no longer needed, such as after exporting it when you return to your primary provider.

Before you begin, learn how retention works. The following steps describe how to set default retention rules, but you can set custom retention rules instead.

  1. In Vault, click Retention. If Retention isn't listed, ask a Google Workspace super administrator to give you Vault privileges ("Manage retention policies").

  2. On the Default rules tab, click a service, such as Drive

    or Gmail .

  3. Choose how long to keep messages or files:

    • To permanently retain data, select Indefinitely.
    • To retain data for a set time, select Retention period and enter the number of days, from 1 to 36,500. The retention period is calculated based on the following start times:
      • Gmail, Groups, and Chat messages—days from when the message was sent or received.
      • Drive—days from when the file was either created or last modified.
      • Voice—days from when the data was sent or received.

  4. If you set a retention period, choose what to do with data after the retention period expires:

    • To purge only the data that users have already deleted, choose the first option.

    • To purge all data, choose the second option. This rule can purge data that users expect to keep, such as messages in their Gmail inbox or files in Drive.

  5. Click Create. If you set a retention period, Vault asks you to confirm you understand the effects of this retention rule. Check the boxes and click Accept to create the rule.

  6. Repeat this process for all services you want to set default retention rules for.

Google Vault is now set up! Vault preserves your organization's data as specified in the retention rules you configured.

Important notes:

  • What happens after you set default retention rules: Unless a custom rule or hold applies, data is preserved according to the default retention rule.
  • What happens when a user deletes a message or file: The message or file is removed from that user's account. However, when the default retention rule or a custom rule applies, the message or file is still available in Vault for the remainder of the retention period. Deleted messages and files retained by Vault don't count against the user's storage quota.