Security
Bring search and personalization securely to the cloud
Relevance backed by enterprise-grade security and privacy every step of the way.
Keep your interactions secure and your business protected
Compliance
-
AICPA SOC 2 Type II Coveo completes the industry-standard AICPA SOC 2 Type II audit annually. Not only is our data center compliant, but so are our internal protocols.
-
HIPAA We keep sensitive patient data secure for our healthcare customers by offering HIPAA-compliant hosting environment. We undergo biennial HIPAA-compliance audits and make our Business Associate Agreement (BAA) available for execution.
-
EU GDPR, CCPA We help customers address their obligations under the California Consumer Privacy Act and the EU General Data Protection Regulation. Coveo allows you to implement consent management mechanisms and answer Data Subject Requests.
-
Cloud Security Alliance We document our security controls in the Cloud Security Alliance (CSA) STAR registry in accordance with their cybersecurity framework for cloud computing and standards for cloud security assurance and compliance.
-
Cookie and Privacy Policy We provide detailed information about the data we collect and how we use it in our Privacy Policy, including the use of cookies on our website.
Data security
Data ownership
You own your data and what is sent to Coveo. You control what content is indexed and which interactions will be tracked.
Data encryption
Data is encrypted in transit using TLS 1.2 and at rest with minimum cipher parameters of AES-256.
Access management
You decide which type of user has access to your data. Secure filters restrict access to sources or content. We exclusively use Single Sign-On (SSO), and will never manage or store your user passwords.
Data residency
Know where your data is processed and governed by choosing the region in which it is replicated and hosted.
Security controls
Coveo Information Security Program
We maintain state-of-the-art security policies and controls. This covers internal processes such as application changes and personnel security, and external ones including vendor and sub-processor management.
Coveo security architecture
We use the latest security technologies to ensure enterprise-grade access controls, event monitoring, and intrusion prevention. Our security controls are documented in the Cloud Security Alliance (CSA) STAR registry.
Third-party audits
Every year, Coveo undergoes third-party audits, such as the industry-standard AICPA SOC 2 Type II in addition to rigorous self-assessments and testing.
Vulnerability management
Strict code review and testing processes are part of our vulnerability management practices. These include manual and automated security testing and third-party verification.
Bug bounty program
We maintain an active bug bounty program through HackerOne and generate an annual report of the vulnerabilities discovered by third-party experts. Users and members of the broader security community are also encouraged to report suspected vulnerabilities.
When providing the hosted service, Coveo acts as a data processor and the customer acts as the data controller.
There are two types of data transferred to Coveo: Index and Analytics Data. Customers can configure precisely what data is sent to Coveo, by adjusting custom objects and fields to be indexed, or by disabling, obfuscating, or encrypting any usage metric visible in the dashboard.
Coveo is hosted using AWS in data centers in the United States, Europe, and Australia, which use a combination of physical and logical controls to segment data, systems, and networks.
Customer data is unified in a single Coveo index. These indexes are proprietary and stored on binary files, compressed using proprietary algorithms, and encrypted at rest using AES-256 or better.
Yes, Coveo provides a number of documents under Non-Disclosure, including its SOC 2 Type II Examination Report, penetration tests, and pre-filled questionnaires. Contact us to make a request.
Coveo Cloud Security
How to index on Premises Content with Crawling Module
The Forrester Wave™: Cognitive Search, Q3 2021
Gartner Magic Quadrant for Insight Engines
