Python SDKSlack

Delete Traces with Sensitive Data

Overview

It is important to delete trace data containing sensitive or personally identifiable information (PII) to ensure the privacy and security of your data. This guide provides steps on how to:

  • Determine if traces with PII need to be deleted.

  • Use available tools or work with Arize support to delete sensitive traces.

  • Confirm deletion and maintain compliance records.

  • Prevent future ingestion of PII into the platform.

Check if trace data needs to be deleted

Arize automatically deletes data based on your configured retention policies. However, if sensitive data such as PII is ingested, immediate deletion may be necessary to mitigate security and compliance risks.

To assess:

  1. Identify the project where the PII was ingested.

  2. Use dashboards, evaluation metrics, trace metadata, and filters in the Arize UI to locate the affected traces.

  3. Confirm the presence and scope of the sensitive data.

Delete traces with sensitive data

You can delete traces using the GraphQL API, Arize Toolkit (Python SDK), or by working directly with your Arize post-sales implementation engineer. Choose the method that best suits your access level and urgency.

A. Delete traces using the GraphQL API

Use the GraphQL API (specifically the deleteData mutation) to delete specific traces programmatically. See GraphQL API reference for full documentation.

B. Delete traces using the Arize Python Toolkit (SDK)

Use the arize-toolkit to identify and delete traces via a Python script. This is recommended for users already working in Python and wanting to implement deletion logic. See Arize Toolkit docs for more details.

C. Request deletion via Arize Post-Sales Implementation Engineer (Recommended)

If you need to delete a large volume of trace data or require guided support:

  • Contact your Arize post-sales implementation engineer.

  • They will facilitate backend deletion in bulk and ensure all compliance and safety steps are followed.

  • This is the recommended method for enterprise-grade security and support.

Confirm deletion

After initiating a deletion, confirm that the trace data has been successfully removed by:

  • Searching in the Arize UI using trace IDs or known PII values.

  • Reviewing logs or output from your GraphQL or Toolkit scripts.

  • Confirmation from your Arize support or post-sales engineer.

Audit and document the deletion

For internal compliance and audit purposes, document the deletion event:

  • When the data was deleted.

  • What trace IDs or timeframes were impacted.

  • Why the deletion was necessary (e.g., accidental ingestion of PII).

Store this documentation securely for audit trails and legal record keeping.

You can also use Arize Audit Logs to track user actions such as trace deletions for security and compliance reviews.

Prevent future ingestion of PII

To reduce the risk of future PII ingestion into Arize:

  • Redact or hash PII in your upstream pipelines before logging.

  • Set up alerts or monitoring workflows to detect and flag suspicious or unexpected inputs.

Last updated

Was this helpful?