Data Privacy with Vectors & Embedders - FAQ
Last updated: October 16, 2025
π Data sharing and privacy
Does enabling vectors send my data to third parties?
No. Enabling vectors does not send any of your content outside Meilisearch Cloud. Data only leaves your environment if you explicitly configure an external embedder (e.g. OpenAI, HuggingFace).
If I use a built-in integration (like OpenAI), what data is sent?
Only what you define in the documentTemplate field of your embedder settings.
You decide which fields are embedded. Meilisearch does not automatically hash or truncate data β you can preprocess or mask content on your end before sending it.
Can I bring my own embeddings to avoid sending data externally?
Yes. You can pre-compute embeddings offline and upload them using source: userProvided.
In that case, no raw text ever leaves your systems.
β‘ Docs: User-provided embeddings
β Controls and configuration
Can I choose which fields are embedded?
Yes. The documentTemplate in your embedder settings lets you include or exclude fields as needed.
Can I mask or redact sensitive data before embedding?
Not directly inside Meilisearch. You should handle masking or redaction in your embedding pipeline before sending data to an external provider.
Does Meilisearch log my embedding data?
No. Meilisearch never logs raw document or embedding payloads β only operational metadata (timestamps, endpoint usage) for monitoring and debugging.
π Storage, retention, and deletion
Where are vectors stored, and are they encrypted?
Vectors are stored in your chosen Cloud region (EU or US) and are fully encrypted at rest (AES-256) and in transit (TLS 1.2+).
Whatβs the retention policy for vectors and logs?
Vectors persist as long as their documents exist. They are deleted automatically when documents are removed or re-indexed.
Temporary embedder logs are not stored long-term.
𧩠Data usage by embedder providers
Are external providers (like OpenAI) using our data for model training?
No. OpenAI API requests are processed under their no-training policy, so your data is not used to improve models. Meilisearch never alters or stores this data.
Can I use my own API key with an embedder?
Yes. You can use your own keys. Calls happen server-to-server between Meilisearch and the provider, and billing is handled directly between you and the provider.
π Network and compliance
Are embedder calls made from my client or from Meilisearch servers?
Always server-to-server from Meilisearch Cloud β never from client browsers.
Do you support EU data residency and GDPR compliance?
Yes. EU and US region pinning are available. Meilisearch Cloud supports DPAs and SCCs for GDPR compliance and is SOC 2 Type II aligned, with ISO 27001 certification in progress.
β‘ Trust & Security
Can outbound traffic be restricted to specific endpoints?
Yes, allow-listing can be configured for enterprise or custom deployments. Contact our Cloud team for assistance.
π° Costs
Is there an extra cost to use vectors or embedders?
No additional Meilisearch charges vector and hybrid search are included in all Cloud plans. Youβll only pay storage and query usage as usual.
If you use an external embedder, youβll be billed directly by that provider (e.g., OpenAI, Cohere).