For your indices
To delete a user’s data from your indices, first identify the records that contain the user’s personal data.
If you know the records’ objectID values, delete them by object ID. For multiple records, use the delete records operation, which deletes records in batches by objectID.
If you don’t know the object IDs, browse your indices to retrieve the relevant records. Searching might not be enough because an index can be configured to search only selected attributes.
Use deleteBy only when you need to delete records that match a filter and you can’t get the object IDs. This operation is resource-intensive and subject to indexing rate limits.
Delete operations are asynchronous. A successful response means the task has been queued; check the task status to confirm completion.
For query metadata and logs
Algolia keeps logs for Search API and Insights API calls. Search API logs are retained for 90 days for processing and auditing. Insights API logs are retained for 90 days by default, with an option to extend retention to 365 days.
API-retrievable log entries are held for the last seven days and are limited to 1,000 API requests per server.
Search API logs can include metadata such as the application ID, index name, user token, search query, applied filters, analytics tags, HTTP headers, obfuscated API key, returned object IDs, and request IP information. Successful Search API calls include truncated request IPs; failed 4xx/5xx calls include full request IPs for investigation and auditability.
Resources
- Delete records - https://www.algolia.com/doc/libraries/sdk/methods/search/delete-objects
- Delete records matching a filter - https://www.algolia.com/doc/rest-api/search/delete-by
- Security best practices - https://www.algolia.com/doc/guides/security/security-best-practices