Algolia uses and maintains a list of its subcontractors having access to PII, who qualify as Sub-processors Infrastructure & Sub-Processors | Algolia. Algolia relies on infrastructure and cloud service providers to be able to serve customers globally in 16 Regions (Servers and clusters | Algolia). We also use partners for specific services such as data analytics, security and server monitoring. Changes to the list of Sub-processors are flagged by email to our Subscribers with a 30-day’s prior notice.
Yes, Algolia services need personal data (or PII) to operate. Algolia Services use three types of PII:
- PII that you may send as part of your Records (e.g. items of your Index like your catalog of product). Records usually do not contain PII but to the extent your catalog of product contains PII, we will store them on cloud servers in the region selected in your service order. By default, Algolia has no visibility or control over PII in your Records. You remain free to abstain from sending any PII as part of your Records.
- Dashboard administrator PII used to identify your admins and send Service notifications. The minimum data required is an email address. Your admins may choose to add other PII such as their phone number, address, or role in the company.
- User (or “End-User”) PII: IP address, identifier and Events of the visitors of your website or platform who interact with Algolia Services:
- Search: For search and analytics, Algolia identifies End-Users based on either (i) the userToken that you send us, or, failing that (ii) on their obfuscated IP address used as an identifier. Algolia recommends the use of Subscriber generated userTokens. Otherwise, Algolia will generate random userTokens on every page load.
- Insights (or “Events”): Most advanced or AI Algolia products (e.g. Recommend, Dynamic Re-Ranking, Neuralsearch, Query Categorization, A/B Testing) require the sending of End-User insights or “Events'' informing about user’s actions on the website. Events enhance search relevance and help Subscribers get the best value out of Algolia. More details about Events available in our Documentation Event types | Algolia.
- Personalisation: Where Subscriber has activated Algolia Personalisation feature, Algolia creates and stores profiles of your End-Users to deliver a personalized search experience. Personalisation may not be activated without the Subscriber’s express agreement. Profiles are accessible to Subscribers at any time via the Personalisation API Personalization API reference | Algolia.
In our DPA we refer to “Network Connection data”: it includes fundamental data about HTTP requests to operate a service on the internet, such as IP of source (shortened as described before), IP of destination (Algolia’s server), port of source, port of destination, HTTP headers, browser type, time and number of requests.
- IP address: Algolia processes a truncated version of End-User’s IP address to perform successful search queries (e.g "banana" as b + a + n, etc.). Unsuccessful search queries trigger the collection of the entire IP address for bug resolution. More information in our docs page about IP address as a search API log and more information here about query aggregation. For IP Address format, Algolia follows industry standards for the truncated IP address (cf. Adobe here):
- For IPv4, we mask the last 8 bits (1 byte) of the IP address
- (for IPv6 (not yet available), masking the last 72 bits (9 bytes) of the IP address)
- UserToken: With the latest version of Algolia Search Insights, Algolia generates anonymous userTokens but doesn't store them, they are immediately removed when the page is closed. Algolia will only store the userToken in a cookie where the Subscriber implements the Search Insights library for storage or a persistent userToken (e.g. for Personalisation).
Under GDPR and equivalent privacy regulations, a userToken or truncated IP addresses qualify as pseudonymised data (as opposed to anonymised data), because these identifiers allow to single out a user and their associated data, thus increasing chances to re-identify End-Users, with, the ability to re-identify End-Users being assessed from the point of view of the processor and third parties taken altogether. For more information on this topic you may explore WP29 Opinion 05/2014 and the IAPP Guidance (2023).
The use of cookies is not mandatory. Cookie use will depend on Subscriber’s use and implementation of our Services via the Instant Search libraries.
- Most Algolia products and features are API-first and rely on End-User identifiers sent via Algolia Insights API (i.e. the API used to send End-User information). Most Algolia products and Services do not require the use of any cookie. By default, our Search Insights library does not use any cookie.
- Algolia products requiring End-User identification across sessions (i.e. allowing to recognise a user coming back to the website after leaving) will only perform if Subscribers send a persistent user identifier userToken. This is the case for the Algolia Personalisation feature that provides results based on the history of each End-User. A persistent userToken may be obtained either:
- indirectly through Subscriber’s existing analytics solution (e.g. Google Analytics or Segment); in this case Algolia does not use cookies, Subscriber sends the user identifier via the API; or
- directly through the use of the Algolia first party cookie, as further detailed in our Documentation User token | Algolia. Subscriber has control over cookie placement and cookie expiration time.
Depends on the nature of the data:
- Records are stored in the region elected by Subscriber in the service order (“Infrastructure Location” section). More information about Algolia cluster regions in our Documentation Servers and clusters | Algolia.
- Subscriber’s administrator data stored in the dashboard (including their email address) is stored in the US (on AWS).
- End-User analytics and Events are stored by default (i) in the EU for Subscribers located in the EMEA region and (ii) in the US for Subscribers located in the rest of the world. Subscribers may change their analytics settings via their implementation of the Insights API (Send click and conversion events with InstantSearch iOS | Algolia). Personal data (or PII) of EU and UK End-Users are however kept in the EU by default, unless Subscriber moves their Records outside of the EU or in case of security intervention. More information in Attachment 3 of Algolia Data Processing Addendum.
- Search API and Security Logs are stored in the same region as End-User analytics and Events.
- Records are stored for the duration of the agreement, and removed from our servers shortly after termination of your account.
- End-User analytics, Events and userTokens are stored by default for 90 days on Algolia servers, and periodically purged on a 90 days rolling basis. End-User data is permanently removed from our servers within 90 days after account termination. Purchasing the Extended Analytics add-on extends the retention time for both search aggregates and events data to 365 days.
- Subscriber’s administrator data is stored for the duration of the agreement, and immediately removed from our servers after termination of the Subscriber account. By way of exception, name and email addresses of business contacts are kept for a duration of 3 to 5 years for the purposes of CRM and marketing, as further detailed in Algolia privacy policy.
- To remove Records, Subscriber shall remove their application via the dashboard and stop indexing Records to our API. This will trigger immediate deletion of Subscriber’s Records from our servers after a 7-days grace period.
- For End-User userToken and Events, Subscribers can directly action deletion via the Algolia Events deletion API Insights API reference | Algolia. Event data will be removed within 2-3 business days from our database.
For Personalization, Subscribers can directly delete End-User profiles via our dedicated personalization API endpoint Personalization API reference | Algolia. Personalisation profiles will be removed within 2-3 business days from our database.