Is Coveo a processor or a controller?
When providing the hosted service, Coveo acts as a data processor and the customer acts as the data controller.
What type of data is transferred to Coveo?
There are two types of data transferred to Coveo: Index and Analytics Data. Customers can configure precisely what data is sent to Coveo, by adjusting custom objects and fields to be indexed, or by disabling, obfuscating, or encrypting any usage metric visible in the dashboard.
Where does Coveo store customer data?
Coveo is hosted using AWS in data centers in the United States, Europe, and Australia, which use a combination of physical and logical controls to segment data, systems, and networks.
How do you protect customer data at rest?
Customer data is unified in a single Coveo index. These indexes are proprietary and stored on binary files, compressed using proprietary algorithms, and encrypted at rest using AES-256 or better.
Does Coveo provide documentation to demonstrate its compliance?
Yes, Coveo provides a number of documents under Non-Disclosure, including its SOC 2 Type II Examination Report, penetration tests, and pre-filled questionnaires. Contact us to make a request.