> ## Documentation Index
> Fetch the complete documentation index at: https://arize-ax.mintlify.site/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Delete Traces with Sensitive Data

## Overview

It is important to delete trace data containing sensitive or personally identifiable information (PII) to ensure the privacy and security of your data. This guide provides steps on how to:

* Determine if traces with PII need to be deleted.
* Use available tools or work with Arize support to delete sensitive traces.
* Confirm deletion and maintain compliance records.
* Prevent future ingestion of PII into the platform.

***

## Check if trace data needs to be deleted

Arize AX automatically deletes data based on your configured retention policies. However, if sensitive data such as PII is ingested, immediate deletion may be necessary to mitigate security and compliance risks.

To assess:

1. Identify the project where the PII was ingested.
2. Use dashboards, evaluation metrics, trace metadata, and filters in the Arize AX UI to locate the affected traces.
3. Confirm the presence and scope of the sensitive data.

***

## Delete traces with sensitive data

You can delete traces using the GraphQL API, Arize Toolkit (Python SDK) or the REST API.

### A. Delete traces using the GraphQL API

Use the GraphQL API (specifically the [deleteData](/ax/graphql-reference/overview/how-to-use-graphql/mutations) mutation) to delete data within the specified period of time. This API takes a **start date, which is inclusive** and the **end date, which is exclusive**. Both dates should be strings, such as "2026-12-03", compliant with the `full-date` format outlined in section 5.6 of the RFC 3339 profile of the ISO 8601 standard.\
See [GraphQL API reference](/ax/graphql-reference) for full documentation.

***

### B. Delete traces using the Arize Python Toolkit (SDK)

Use the `arize-toolkit` to identify and delete traces via a Python script.\
This method uses the GraphQL deleteData API under the hood.\
See [Arize Toolkit docs](https://duncankmckinnon.github.io/arize_toolkit/model_tools/#data-deletion) for more details.

***

### C. Delete traces using the REST API

Use the [REST API](https://arize.com/docs/api-reference/spans/delete-spans) to delete spans by ID. This method allows to remove the spans based on any attributes like trace ID, metadata, etc.

***

## Confirm deletion

After initiating a deletion, confirm that the trace data has been successfully removed by:

* Searching in the Arize AX UI using trace IDs or known PII values.
* Configuring a dashboard with a time series widget showing the data volume.

***

## Audit and document the deletion

For internal compliance and audit purposes, document the deletion event:

* **When** the data was deleted.
* **What** trace IDs or timeframes were impacted.
* **Why** the deletion was necessary (e.g., accidental ingestion of PII).

Store this documentation securely for audit trails and legal record keeping.

You can also use [Arize Audit Logs](/ax/security-and-settings/compliance/arize-audit-log) to track user actions such as trace deletions for security and compliance reviews.

***

## Prevent future ingestion of PII

To reduce the risk of future PII ingestion into Arize AX:

* [Redact](/ax/observe/tracing/configure/redact-sensitive-data-from-traces) or hash PII in your upstream pipelines before logging.
* Set up alerts or monitoring workflows to detect and flag suspicious or unexpected inputs.
