Data privacy features

Coveo Relevance Cloud System Administrator Security Documentation

In this article

Usage analytics and DSR

We’re aware that our customers may have to comply with multiple privacy laws and regulations around the world. We have therefore implemented privacy features within our hosted services in order to help our customers navigate through the requirements outlined in those laws.

See below for an overview of some privacy features embedded into Coveo’s platform that take into account the common privacy principles outlined in privacy laws (e.g., data subject requests, removing of personal identifiers).

Sections in this article:

Usage Analytics and DSR

Usage analytics and DSR

Coveo customers that wish to fulfill a Data Subject Request (DSR) within our platform can use APIs. Only Coveo users using API keys with distinct privileges may communicate with Coveo UA to handle DSRs. To enable full access to all Coveo UA features, the privileges to administrate UA data, export UA data, and delete user data are required. Coveo customers will then directly interact with Coveo, which fulfills the request without human intervention from Coveo.

Users that perform an action resulting in a usage analytics event are automatically attributed a usage analytics user ID such as alice.smith@example.com-google. For an anonymous user, the user ID defaults to a visitor ID such as 29fb0d0a-b5eb-4c20-aff0-9d282df11569.

The Usage Analytics Read API, under User Statistics API - Version 15 and up, exposes the GET /v15/users/{userId}/overview endpoint. This enables returning all usage analytics data related to a given user identified by their userId for a given organization.

Example

GET https://analytics.cloud.coveo.com/rest/ua/v15/users/{userId}/overview?org={organizationId} HTTP/1.1
Accept application/json
Authorization Bearer {accessToken}

Where you replace:

{userId} with a unique identifier corresponding to an end user whose personal data you want to consult.
{organizationId} with the unique identifier of the target Coveo organization.

Note

The org parameter is only required when authenticating the call using an OAuth2 token.

accessToken by an API key or OAuth2 token granting the Administrate privilege in the target Coveo organization, if not already done.

User ID masking

Coveo UA allows its customers to mask the User ID. Atomic, Headless, and the JavaScript Search Framework all expose anonymous properties you can use when initializing your search interface. See:

When using the Usage Analytics Write API directly, set the anonymous property to true whenever logging search, click, custom, or view events (see Log Usage Analytics Events).

Data export

When your Coveo account or an API key grants the Data Exports privilege, you may interact with Coveo UA to export user data. The Coveo Administration Console then permits full data export of user data if filters are used to tailor the export to a given userId in a given organization (see Usage Analytics Export Filters).

When an end user requests an export from their Coveo organization, the export may contain different types of information (e.g., case number, upcoming product names, etc.). The export function allows Coveo customers to review those exports and remove any information before communicating the export with an end user. If you want to provide additional information regarding the nature of the values mentioned in the export, refer to the reference documentation.

Data deletion

When your Coveo account or an API key grants the Delete user data privilege, you may interact with Coveo UA to delete user data. The Usage Analytics Read API, under User Statistics API - Version 15 and up, exposes the DELETE /v15/users/{userId}/alldata endpoint. This enables deleting usage analytics data related to a given user identified by their userId for a given organization.

Example

DELETE https://analytics.cloud.coveo.com/rest/ua/v15/users/{userId}/alldata?org={organizationId} HTTP/1.1
Accept application/json
Authorization Bearer {accessToken}

Where you replace:

{userId} with a unique identifier corresponding to an end user whose personal data you want to delete.
{organizationId} with the unique identifier of the target Coveo organization.

Note

The org parameter is only required when authenticating the call using an OAuth2 token.

accessToken by an API key or OAuth2 token granting the Delete user data privilege in the target Coveo organization, if not already done.

Usage of the DELETE /v15/users/{userId}/alldata endpoint results in irreversible data loss which may affect some dashboards and reports generated in the Coveo Administration Console. Be mindful of the implications of such an operation, even if its completion is imperative.
Usage statistics such as the queries per month (QPM) won’t be recalculated or modified after deletion of user data.

Disable Coveo UA in a search interface

A successful call to any of the following API endpoints (e.g., POST https://analytics.cloud.coveo.com/rest/ua/v15/analytics/searches) will record a usage analytics event:

Method	Scheme	Host	Base path		Path
`GET`	`https://`	`platform.cloud.coveo.com`	`/rest/ua`	`/v15/analytics`	`/click`
		`platform.cloud.coveo.com`			`/custom`
		`platformhipaa.cloud.coveo.com`			`/search`
`POST`		`platformhipaa.cloud.coveo.com`			`/searches`
`POST`		`usageanalytics.coveo.com`	`/rest`		`/view`

If you want to stop recording usage analytics in a search interface, you must ensure that no such calls are being made from that location.

Depending on your search interface implementation, see the following documentation to enable or disable usage analytics tracking, or to clear session information stored for usage analytics purposes: