Data privacy features

This is for:

System Administrator
In this article

We’re aware that our customers may have to comply with multiple privacy laws and regulations around the world. We have therefore implemented privacy features within our hosted services in order to help our customers navigate through the requirements outlined in those laws.

See below for an overview of some privacy features embedded into Coveo’s platform that take into account the common privacy principles outlined in privacy laws (for example, data subject requests, removing of personal identifiers).

Sections in this article:

Usage analytics and DSR

Coveo customers that wish to fulfill a Data Subject Request (DSR) within our platform can use APIs. Only Coveo users using API keys with distinct privileges may communicate with Coveo UA to handle DSRs. To enable full access to all Coveo UA features, the privileges to administrate UA data, export UA data, and delete user data are required. Coveo customers will then directly interact with the APIs, which fulfills the request without human intervention from Coveo.

Users that perform an action resulting in a usage analytics event are automatically attributed a usage analytics user ID such as alice.smith@example.com-google. For an anonymous user, the user ID defaults to a visitor ID such as 29fb0d0a-b5eb-4c20-aff0-9d282df11569.

The Usage Analytics Read API, under User Statistics API - Version 15 and up, exposes the GET /v15/users/{userId}/overview endpoint. This enables returning all usage analytics data related to a given user identified by their userId for a given organization.

Example
GET https://platform.cloud.coveo.com/rest/ua/v15/users/{userId}/overview?org={organizationId} HTTP/1.1
Accept application/json
Authorization Bearer {accessToken}

Where you replace:

  • {userId} with a unique identifier corresponding to an end user whose personal data you want to consult.

  • {organizationId} with the unique identifier of the target Coveo organization.

Note

The org parameter is only required when authenticating the call using an OAuth2 token.

  • accessToken by an API key or OAuth2 token granting the Administrate privilege in the target Coveo organization, if not already done.

User ID masking

Coveo UA allows its customers to mask the User ID. Atomic, Headless, and the JavaScript Search Framework all expose anonymous properties you can use when initializing your search interface. See:

When using the Usage Analytics Write API directly, set the anonymous property to true whenever logging search, click, custom, or view events (see Log Usage analytics events).

Data export

When your Coveo account or an API key grants the Data Exports privilege, you may interact with Coveo UA to export user data. The Coveo Administration Console then permits full data export of user data if filters are used to tailor the export to a given userId in a given organization (see Export Filters).

When an end user requests an export from their Coveo organization, the export may contain different types of information (for example, case number, upcoming product names, etc.). The export function allows Coveo customers to review those exports and remove any information before communicating the export with an end user. If you want to provide additional information regarding the nature of the values mentioned in the export, refer to the reference documentation.

Data deletion

When your Coveo account or an API key grants the Delete user data privilege, you may interact with Coveo UA to delete user data. The Usage Analytics Read API, under User Statistics API - Version 15 and up, exposes the DELETE /v15/users/{userId}/alldata endpoint. This enables deleting usage analytics data related to a given user identified by their userId for a given organization.

Example
DELETE https://platform.cloud.coveo.com/rest/ua/v15/users/{userId}/alldata?org={organizationId} HTTP/1.1
Accept application/json
Authorization Bearer {accessToken}

Where you replace:

  • {userId} with a unique identifier corresponding to an end user whose personal data you want to delete.

  • {organizationId} with the unique identifier of the target Coveo organization.

Note

The org parameter is only required when authenticating the call using an OAuth2 token.

  • accessToken by an API key or OAuth2 token granting the Delete user data privilege in the target Coveo organization, if not already done.

Important

  • Usage of the DELETE /v15/users/{userId}/alldata endpoint results in irreversible data loss which may affect some dashboards and reports generated in the Coveo Administration Console. Be mindful of the implications of such an operation, even if its completion is imperative.

  • Usage statistics such as the queries per month (QPM) won’t be recalculated or modified after deletion of user data.

Disable Coveo UA in a search interface

A successful call to any of the following API endpoints (for example, POST https://analytics.cloud.coveo.com/rest/ua/v15/analytics/searches) will record a usage analytics event:

  • */rest/organizations/{organizationId}/events/v1

  • */rest/ua/v15/analytics/click

  • */rest/ua/v15/analytics/custom

  • */rest/ua/v15/analytics/search

  • */rest/ua/v15/analytics/searches

  • */rest/v15/analytics/view

  • */rest/v15/analytics/collect

If you want to opt out of analytics in a search interface, you’ll need to inspect your implementation and ensure that the search interface isn’t sending calls to any of the above endpoints. Depending on your implementation, see the following documentation to enable or disable usage analytics tracking: