Skip to main content

Overview

It is important to delete trace data containing sensitive or personally identifiable information (PII) to ensure the privacy and security of your data. This guide provides steps on how to:
  • Determine if traces with PII need to be deleted.
  • Use available tools or work with Arize support to delete sensitive traces.
  • Confirm deletion and maintain compliance records.
  • Prevent future ingestion of PII into the platform.

Check if trace data needs to be deleted

Arize AX automatically deletes data based on your configured retention policies. However, if sensitive data such as PII is ingested, immediate deletion may be necessary to mitigate security and compliance risks. To assess:
  1. Identify the project where the PII was ingested.
  2. Use dashboards, evaluation metrics, trace metadata, and filters in the Arize AX UI to locate the affected traces.
  3. Confirm the presence and scope of the sensitive data.

Delete traces with sensitive data

You can delete traces using the GraphQL API, Arize Toolkit (Python SDK) or the REST API.

A. Delete traces using the GraphQL API

Use the GraphQL API (specifically the deleteData mutation) to delete data within the specified period of time. This API takes a start date, which is inclusive and the end date, which is exclusive. Both dates should be strings, such as “2026-12-03”, compliant with the full-date format outlined in section 5.6 of the RFC 3339 profile of the ISO 8601 standard.
See GraphQL API reference for full documentation.

B. Delete traces using the Arize Python Toolkit (SDK)

Use the arize-toolkit to identify and delete traces via a Python script.
This method uses the GraphQL deleteData API under the hood.
See Arize Toolkit docs for more details.

C. Delete traces using the REST API

Use the REST API to delete spans by ID. This method allows to remove the spans based on any attributes like trace ID, metadata, etc.

Confirm deletion

After initiating a deletion, confirm that the trace data has been successfully removed by:
  • Searching in the Arize AX UI using trace IDs or known PII values.
  • Configuring a dashboard with a time series widget showing the data volume.

Audit and document the deletion

For internal compliance and audit purposes, document the deletion event:
  • When the data was deleted.
  • What trace IDs or timeframes were impacted.
  • Why the deletion was necessary (e.g., accidental ingestion of PII).
Store this documentation securely for audit trails and legal record keeping. You can also use Arize Audit Logs to track user actions such as trace deletions for security and compliance reviews.

Prevent future ingestion of PII

To reduce the risk of future PII ingestion into Arize AX:
  • Redact or hash PII in your upstream pipelines before logging.
  • Set up alerts or monitoring workflows to detect and flag suspicious or unexpected inputs.