---
title: Data privacy features
slug: '2795'
canonical_url: https://docs.coveo.com/en/2795/
collection: compliance
source_format: adoc
---
# Data privacy features
We're aware that our customers may have to comply with multiple privacy laws and regulations around the world.
We have therefore implemented privacy features within our hosted services in order to help our customers navigate through the requirements outlined in those laws.

See below for an overview of some privacy features embedded into Coveo's platform that take into account the common privacy principles outlined in privacy laws (for example, data subject requests, removing of personal identifiers).

Sections in this article:

* [Usage Analytics and DSR](#usage-analytics-and-dsr)
 ** [User identification](#usage-data-related-to-a-user)
 ** [Data masking](#user-id-masking)
 ** [Data access and portability](#data-export)
 ** [Data deletion](#data-deletion)
 ** [Disabling Coveo UA](#disable-coveo-ua-in-a-search-interface)

## Usage analytics and DSR

Coveo customers that wish to fulfill a [Data Subject Request (DSR)](https://docs.coveo.com/en/3146/) within our platform can use APIs.
Only Coveo users using API keys with distinct privileges may communicate with Coveo UA to handle DSRs.
To enable full access to all Coveo UA features, the privileges to [administrate UA data](https://docs.coveo.com/en/1707#administrate-domain), [export UA data](https://docs.coveo.com/en/1707#data-exports-domain), and [delete user data](https://docs.coveo.com/en/1707#delete-user-data-domain) are required.
Coveo customers will then directly interact with the APIs, which fulfills the request without human intervention from Coveo.

### Usage data related to a user

Users that perform an action resulting in a usage analytics event are automatically attributed a usage analytics [user ID](https://docs.coveo.com/en/268/) such as `alice.smith@example.com-google`.
For an anonymous user, the user ID defaults to a [visitor ID](https://docs.coveo.com/en/273/) such as `29fb0d0a-b5eb-4c20-aff0-9d282df11569`.

The [Usage Analytics Read API](https://docs.coveo.com/en/17/), under User Statistics API - Version 15 and up, exposes the [`+GET /v15/users/{userId}/overview+`](https://platform.cloud.coveo.com/docs?urls.primaryName=Usage%20Analytics%20Read#/User%20Statistics%20API%20-%20Version%2015/get%5F%5Fv15_users_%7BuserId%7D_overview) endpoint.
This enables returning all [Coveo Analytics data](https://docs.coveo.com/en/259/) related to a given user identified by their `userId` for a given organization.

**Example**

[,http]
```
GET https://platform.cloud.coveo.com/rest/ua/v15/users/{userId}/overview?org={organizationId} HTTP/1.1
Accept application/json
Authorization Bearer {accessToken}
```

Where you replace:

* `+{userId}+` with a unique identifier corresponding to an end user whose personal data you want to consult.

* `+{organizationId}+` with the unique identifier of the target Coveo organization.

> **Note**
>
> The `org` parameter is only required when authenticating the call using an OAuth2 token.
* `accessToken` by an API key or OAuth2 token granting the **Administrate** privilege in the target Coveo organization, if not already done.

### User ID masking

Coveo UA allows its customers to mask the User ID.
Atomic, Headless, and the JavaScript Search Framework all expose `anonymous` properties you can use when initializing your search interface.
See:

* [Headless library](https://docs.coveo.com/en/headless/latest/usage/headless-usage-analytics/headless-ep#disable-and-enable-analytics)
* [Atomic library](https://docs.coveo.com/en/atomic/latest/usage/atomic-usage-analytics/atomic-ep#disable-and-enable-analytics)
* [JavaScript Search Framework](https://docs.coveo.com/en/365#anonymize-ua-data)

When using the Usage Analytics Write API directly, set the `anonymous` property to `true` whenever logging search, click, custom, or view events (see [Log Usage analytics events](https://docs.coveo.com/en/1373/)).

### Data export

When your Coveo account or an API key grants the [**Data Exports** privilege](https://docs.coveo.com/en/1707#data-exports-domain), you may interact with Coveo UA to export user data.
The Coveo Administration Console then permits full [data export](https://docs.coveo.com/en/257/) of user data if filters are used to tailor the export to a given `userId` in a given organization (see [Export Filters](https://docs.coveo.com/en/2042/)).

When an end user requests an export from their Coveo organization, the export may contain different types of information (for example, case number, upcoming product names, etc.).
The export function allows Coveo customers to review those exports and remove any information before communicating the export with an end user.
For information regarding the nature of the values mentioned in the export, see [Data export tables](https://docs.coveo.com/en/l9fb0345#data-export-tables).

### Data deletion

When your Coveo account or an API key grants the [**Delete user data**](https://docs.coveo.com/en/1707#delete-user-data-domain) privilege, you may interact with Coveo UA to delete user data.
The [Usage Analytics Read API](https://docs.coveo.com/en/17/), under User Statistics API - Version 15 and up, exposes the [`+DELETE /v15/users/{userId}/alldata+`](https://platform.cloud.coveo.com/docs?urls.primaryName=Usage%20Analytics%20Read#/User%20Statistics%20API%20-%20Version%2015/delete%5F%5Fv15_users_%7BuserId%7D_alldata) endpoint.
This enables deleting data related to a given user identified by their `userId` for a given organization.

**Example**

[,http]
```
DELETE https://platform.cloud.coveo.com/rest/ua/v15/users/{userId}/alldata?org={organizationId} HTTP/1.1
Accept application/json
Authorization Bearer {accessToken}
```

Where you replace:

* `+{userId}+` with a unique identifier corresponding to an end user whose personal data you want to delete.

* `+{organizationId}+` with the unique identifier of the target Coveo organization.

> **Note**
>
> The `org` parameter is only required when authenticating the call using an OAuth2 token.

* `accessToken` by an API key or OAuth2 token granting the **Delete user data** privilege in the target Coveo organization, if not already done.

> **Important**
>
> * Usage of the `+DELETE /v15/users/{userId}/alldata+` endpoint results in irreversible data loss which may affect some [dashboards](https://docs.coveo.com/en/256/) and [reports](https://docs.coveo.com/en/266/) generated in the Coveo Administration Console.
> Be mindful of the implications of such an operation, even if its completion is imperative.
> * Usage statistics such as the [queries per month (QPM)](https://docs.coveo.com/en/1391/) won't be recalculated or modified after deletion of user data.

### Disable Coveo UA in a search interface

A successful call to any of the following API endpoints (for example, `+POST https://analytics.cloud.coveo.com/rest/ua/v15/analytics/searches+`) will record a usage analytics event:

- `*/rest/organizations/{organizationId}/events/v1`
- `*/rest/ua/v15/analytics/click`
- `*/rest/ua/v15/analytics/custom`
- `*/rest/ua/v15/analytics/search`
- `*/rest/ua/v15/analytics/searches`
- `*/rest/v15/analytics/view`
- `*/rest/v15/analytics/collect`

To opt out of analytics in a search interface, inspect your implementation and ensure that the search interface isn't sending calls to any of the above endpoints.
Depending on your implementation, see the following documentation to enable or disable usage analytics tracking:

* [Event Protocol: Opting-in or out of tracking](https://docs.coveo.com/en/o3r90189#opting-in-or-out-of-tracking) and [Relay: Opting-in or out of tracking](https://docs.coveo.com/en/relay/latest/usage#opting-in-or-out-of-tracking)

* [Headless library](https://docs.coveo.com/en/headless/latest/usage/headless-usage-analytics/headless-ep#disable-and-enable-analytics)

* [Atomic library](https://docs.coveo.com/en/atomic/latest/usage/atomic-usage-analytics/atomic-ep#disable-and-enable-analytics)

* [JavaScript Search Framework](https://docs.coveo.com/en/365#disable-and-enable-analytics)