---
title: Relevance Generative Answering (RGA) data security
slug: nbpd4153
canonical_url: https://docs.coveo.com/en/nbpd4153/
collection: leverage-machine-learning
source_format: adoc
---
# Relevance Generative Answering (RGA) data security
Data is a valuable asset that drives growth and development in enterprises.
Protecting your enterprise data, therefore, has always been of vital importance.
Never more so than when dealing with [generative AI](https://docs.coveo.com/en/n9e90153/) technology.

A generative large language model (LLM) typically trains on a large corpus of data, and generates content based on that data.
Generating new content from existing data is a powerful capability.
However, it also raises new concerns about data privacy and security.
Concerns such as _"What data is the model using, and is it retaining that data?"_, _"Is my data being shared with others?"_, _"What data is the model using to generate the new content?"_, and _"Will the generated content leak sensitive information to unintended audiences?"_.

For any enterprise to use [generative AI](https://docs.coveo.com/en/n9e90153/) technology ethically and safely, these concerns must be addressed.
An enterprise must be able to control the content that's used by the model.
The content that's generated must be highly relevant but also take system permissions and access rights into account to prevent sensitive information from being leaked.

This article describes how [Relevance Generative Answering (RGA)](https://docs.coveo.com/en/n9de0370/) handles your enterprise content safely, and how RGA provides answers that are secure and always based solely on your most relevant and up-to-date content.

RGA data security can be broken down into these main features as shown in the following diagram:

* [Secure content retrieval](#secure-content-retrieval)

* [Grounded content](#grounded-content)

* [HTTPS and TLS endpoints](#https-and-tls-endpoints)

* [Zero retention](#zero-retention)

* [Logged analytics data](#logged-analytics-data)

![Relevance Generative Answering security](https://docs.coveo.com/en/assets/images/leverage-machine-learning/rga-security.png)

## Secure content retrieval

Secure content retrieval is a feature of the [Coveo Platform](https://docs.coveo.com/en/186/) that allows for more efficient and secure searching and generation of enterprise content with [Coveo security cache](https://docs.coveo.com/en/1527/) at its core.

> **Note**
>
> Existing [Coveo Security](https://docs.coveo.com/en/1778/) protocols and data protection measures remain applicable throughout the RGA process and ensure that your enterprise documents and [data](https://docs.coveo.com/en/259/) remain secure.

Your enterprise data is stored in a secure Coveo unified [index](https://docs.coveo.com/en/204/) that's only accessible to you and the people you authorize within your Coveo [organization](https://docs.coveo.com/en/185/).
Secure handling of your enterprise data applies not only at ingestion (indexing) but also at query time.

* At ingestion, the Coveo [source](https://docs.coveo.com/en/246/) crawlers retrieve the content from your enterprise data sources.
The content is indexed with the [item](https://docs.coveo.com/en/210/) and user permissions from your repository's permission system.

* At query time, the [Coveo security cache](https://docs.coveo.com/en/1527/) is used to handle the permissions for each authenticated user in your Coveo-powered [search interface](https://docs.coveo.com/en/2741/).

By indexing your enterprise restricted documents with item and user permissions, and then applying those user permissions at query time, Coveo ensures that sensitive information isn't inadvertently exposed through search results or generated answers.
Through a Coveo-powered search interface, authenticated users only see the items that they're allowed to access within the indexed repository.

## Grounded content

In the context of [generative AI](https://docs.coveo.com/en/n9e90153/), grounding refers to the process of providing a generative LLM with specific and relevant information that's not available to the model based on its own training.

While generative LLMs come with a vast amount of knowledge, this knowledge isn't use-case or industry specific.
To obtain a relevant output to a query, the generative LLM must be provided with relevant content specific to your enterprise.
In other words, the LLM must be "grounded" in the context of your enterprise content.
Grounding is an important aspect of generative answering, as it helps to ensure that the generated output isn't only relevant but secure.
Grounding holds the model to factual data and relevant user context when generating an answer.

Coveo's secure content retrieval makes grounding possible.
The [Relevance Generative Answering (RGA)](https://docs.coveo.com/en/nbtb6010/) [model](https://docs.coveo.com/en/1012/) uses content retrieved from your Coveo index to ground the generative LLM.
RGA's [two-stage content retrieval](https://docs.coveo.com/en/n9de0370#relevant-content-retrieval) ensures that Coveo controls the data used to generate the answer.
The [RGA](https://docs.coveo.com/en/nbtb6010/) model uses grounding and prompt engineering to construct a prompt for the generative LLM that includes a detailed instruction, the query, and the most relevant segments of text from the retrieved content.
Confining the generative LLM to just the most relevant text from your secured content ensures that the generated answer is relevant and respects your enterprise content permissions.

Secure content retrieval and grounded content is an essential part of [retrieval-augmented generation (RAG)](https://docs.coveo.com/en/p8ie0159/), which enhances the security, relevance, and reliability of content generated by an LLM.

## HTTPS and TLS endpoints

To [generate the answer](https://docs.coveo.com/en/n9de0370#answer-generation), [RGA](https://docs.coveo.com/en/nbtb6010/) uses a [third-party generative LLM](https://docs.coveo.com/en/pb7d0331/) that's hosted on an external foundation model service server.
The RGA model sends the prompt to the foundation model service, the LLM generates the answer, and the answer is then sent back to Coveo.

HTTPS endpoints ensure that communication between Coveo and the foundation model service server is encrypted and secure, preventing attacks such as eavesdropping, tampering, or data theft.

TLS endpoints use cryptographic protocols to provide authentication, confidentiality, integrity, and non-repudiation services, enabling secure web communication between Coveo and the foundation model service.

## Zero retention

To maintain data privacy, enterprises must retain complete ownership of their data.
With Coveo and RGA, you remain the sole owner of your data.

* You control the content that's indexed from your enterprise.
This means that you control what content to index, when to update the content in the index, and how long your data is kept in the Coveo index.
The index is only accessible to you and the people you authorize within your Coveo organization.
Coveo doesn't retain any of your enterprise content after it's indexed.

* The [Coveo Machine Learning (Coveo ML)](https://docs.coveo.com/en/188/) models, including the [RGA](https://docs.coveo.com/en/nb6a0085/) and [Semantic Encoder (SE)](https://docs.coveo.com/en/nb6a0483/) models that are used in the [RGA answer-generation flow](https://docs.coveo.com/en/n9de0370#rga-overview), are only available within your Coveo [organization](https://docs.coveo.com/en/185/).
The RGA and SE models use only the indexed content that you specify, and Coveo won't fine-tune any other LLMs or share your data with other clients.

* To generate the answer, Coveo uses a third-party generative LLM that's hosted on an external foundation model service server.
The content that's used to generate the answer is controlled and provided by the RGA model (see [Grounded content](#grounded-content)).
The generative LLM is a stateless model that's shared by all Coveo customers.
The LLM is used solely for the purpose of generating answers.
The model isn't trained on your enterprise data, and it doesn't retain any of your data for future learning.

> **Note**
>
> While the foundation model service hosts the generative LLM and processes your data for the purpose of generating answers, your data is never stored by the foundation model service.

## Logged analytics data

Coveo logs [data](https://docs.coveo.com/en/259/) related to RGA, and retains the data for a period of time as specified in [Data retention](https://docs.coveo.com/en/1682/).

You can create [reports](https://docs.coveo.com/en/nb6a0210#create-an-rga-report) on the RGA custom UA events.
To access data that's not available through the RGA UA events, such as the user query and generated answer, contact your Coveo Customer Success Manager (CSM).