Privacy Center
Welcome to Coveo Privacy
At Coveo, we care about your personal data. We are committed to keeping it safe, secure and helping you meet data privacy requirements.
Our Privacy Principles
We are dedicated to adhering to privacy principles that mirror our core values
-
When we innovate, we ask ourselves what is right from a privacy standpoint. We design our product to uphold user privacy and ensure data protection.We innovate responsibly
When we innovate, we ask ourselves what is right from a privacy standpoint. We design our product to uphold user privacy and ensure data protection.We innovate responsibly -
We have designed in-product tools that help you control and manage the personal data that you send to us, to help you respond to your compliance and business needs.You control your dataWe have designed in-product tools that help you control and manage the personal data that you send to us, to help you respond to your compliance and business needs.You control your data
-
We have implemented a comprehensive security program to protect your personal data in accordance with industry practices.Your data is protectedWe have implemented a comprehensive security program to protect your personal data in accordance with industry practices.Your data is protected
Explore our Privacy Resources
We recognize that privacy is a fundamental human right. It is a core part of who we are as individuals. At Coveo, we ensure the implementation of safeguards throughout the entire lifecycle of personal data under our protection. We’ve highlighted below a few safeguards that we implement.
-
Coveo has a Data Processing Addendum (“DPA”) which is designed to comply with the requirements of applicable privacy laws, including the General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act (“CCPA”) or the Personal Information Protection Act (“PIPEDA”). Our DPA outlines our privacy and security obligations with respect to our customers’ personal data.
-
While a free flow of personal data is usually permitted within a jurisdiction or an international organization (European Union), additional controls may be applicable when there is a transfer to a third-country. Coveo ensures that its transfers of personal data across jurisdictions maintains the protection of personal data. For instance: - Coveo complies with the EU- US Data Privacy Framework;
- Coveo has performed a transfer impact assessment for its hosted services; and
- Coveo has implemented the EU Standard Contractual Clauses and the UK Addendum within its DPA. -
Coveo carefully chooses its sub-processors to maintain a consistent protection of personal data across our platform. Our sub-processors contractually commit to implement appropriate technical and organizational safeguards for the protection of personal data.
-
Our privacy whitepaper addresses the main topics raised by our customers when they are considering privacy requirements relevant to their use of Coveo’s cloud-based services. It contains a description of key privacy laws to which our customers might be subject and can be used as a guide by our customers to assess the compatibility of our model and operation with their own compliance requirements.
Frequently asked questions
Coveo runs its hosted services in multiple jurisdictions to be able to provide fast and reliable services to its customers. Our customers have the choice to either store their data in data centers located in one of our supported regions (the U.S., the European Union, Australia or Canada) or to opt for a multi-region deployment
Coveo’s platform is designed to facilitate its customers’ compliance with requests from data subjects exercising their rights (DSR). Please refer to our Data privacy features page for more information on how to comply with a data access request, a data deletion request or how to disable the Coveo usage analytics for a specific user.
Yes. Coveo has implemented a DPIA and shall reasonably assist its customers to carry out their own DPIAs.
Customer data will be automatically deleted within 30 days upon termination of your subscription. This process is audited yearly as part of our SOC 2 Type 2 certification.
If our customers have questions regarding our data protection practices, they can contact their subscription manager.
