Sensitive Data Stored


This section outlines the types of sensitive information stored by dbWatch Control Center, how that data is protected at rest, and recommendations for secure configuration and handling.


Types of Stored Sensitive Data

dbWatch Control Center stores a limited set of sensitive information to support monitoring, authentication, and reporting functionality. This includes:

> These data types are required to support automation, access control, and long-term performance tracking.


Credential Storage and Protection

Database usernames and passwords are:

This credential storage is local and isolated, and cannot be accessed remotely or without local administrative permissions.


Storage Location and Access

Sensitive data is stored in the file system of the Control Center Server, typically under:

Components stored here include:

> It is strongly recommended to restrict access to these folders using OS-level permissions and secure the host system with disk encryption.


Data Stored in Monitored Database Instances

When dbWatch installs its engine into a target database, it creates a separate schema (e.g., `dbwatch_cc`) which stores:

This schema does not store business application data by default.


Exception: Application-Level Data in SQL Statistics

Some SQL statistics jobs (such as those in the SQL Performance package) may store captured SQL text as part of query profiling.

This text may include:

> While dbWatch does not intentionally extract or store business data, the presence of query literals in captured SQL text may expose application-level information indirectly. Organizations with strict data classification rules should consider enabling:


Recommendations

To reduce risk and enforce security best practices:


Related Topics


For security-sensitive environments or compliance-driven deployments, reach out to our team for configuration reviews or data handling consultations:
support@dbwatch.com