Protect your data

Balance personalization and privacy with a partner you can trust.

Security & Compliance

Relationships are going digital, and data is the new currency.

There’s rising awareness of the power of data and the importance of privacy. As you bring in more data from more interactions, trust becomes increasingly critical. A failure to retain this trust could make or break your business.

Secure every interaction.

As security events become more pervasive, more organizations are amping up the safeguards they have in place. Coveo adopts best-in-class, industry-standard security measures at every stage of development, across every point of delivery, to protect your data, your customers, and your business.
Security for users

Your data belongs to you and you alone.

You own your data and what is sent to Coveo. Control what content is indexed, what interactions are sent, and which users have access. We ensure your data is secured for you at all times, wherever it lives, through various features:
  • Data is encrypted in transit and at rest, and the index is completely segregated from other customer data.
  • Early binding mode allows security to be applied at the time of index and filters to be securely enforced at query time to hide a source or filter out content.
  • Connectors are designed to use a complex combination of security providers, cache and processors to ensure proper security mapping.
  • Permission filters govern data access in Usage Analytics and support the segregation of duties to any organization member or group.

Our processes are documented, audited and verified.

Coveo undergoes rigorous third-party audits and meticulous self-assessments to verify our internal controls.

Coveo completes the industry-standard AICPA SOC 2 Type II audit annually, and we're not only compliant for our data center, but also for our own internal protocols.

We’ve also documented and published our security controls in the Cloud Security Alliance (CSA) STAR registry.

Request a security report


Looking for more information about Coveo security principles and practices?

View security documentation

We respect everyone’s right to privacy.

Privacy is a fundamental human right. We help customers address their obligations under the California Consumer Privacy Act, the EU General Data Protection Regulation (GDPR) and are certified compliant with the U.S. – EU and Swiss – U.S. Privacy Shield frameworks.

We’ll even give you the ability to choose the regions in which your data is replicated and hosted to ensure you know how your data will be governed.

Learn more about privacy at Coveo


Certified compliant for the most sensitive data and the most regulated businesses.

Coveo is committed to securing the data of our healthcare and life sciences customers. We help you meet your obligations under HIPAA by offering the necessary configuration options, a HIPAA-compliant hosting environment and by making our Business Associate Agreement (BAA) available for execution. Plus, we’re certified for distribution on the Salesforce AppExchange for those on the Healthcare and Life Sciences Cloud and Financial Services Cloud.

Learn about our healthcare solutions

Learn about our financial services solutions


Security is everyone’s responsibility.

We’re committed to security. It touches virtually every part of the company. All employees undergo a background check, integrate security into their onboarding, and attend annual awareness and compliance training.

With Coveo, you’re supported by a dedicated operations team that is always on call to respond to security events. This team includes security and privacy certified professionals that use the most advanced monitoring tools to detect, prevent, and eliminate vulnerabilities. It’s our commitment to you.

Have a technology question?

Visit the community Contact us