Privacy Policy
Short version: we do not require accounts, cookies, payment data, analytics SDKs or advertising identifiers. Search calls are cached briefly and also written to an operational audit log for debugging, abuse prevention and service analysis. We do not use your queries to train models. We do not sell data.
Search queries, IP addresses, hashed IP addresses and search-result snippets can be personal data under GDPR and similar laws. Treat this as a public best-effort API: do not send secrets, credentials, private personal data, medical/legal/financial details, or anything you would not want processed by a public web search service.
Effective date: the date this page was last updated (see below).
1. What we do not require or knowingly collect
- No accounts, no sign-up, no login.
- No cookies. No tracking pixels. No analytics SDKs. No advertising.
- No name, email, phone, address, payment information.
- No fingerprinting, no device identifiers, no third-party tracking scripts.
- No model training, fine-tuning or evaluation on user queries.
2. What we receive and store
2.1 Request data
When you call GET /api/search, the application receives the search query, lang,
page, source IP address, request path, headers needed by the web server, and timing/status data.
2.2 Search cache
The normalized query (trimmed, lowercased), lang, page and normalized response are stored
in a short-lived server-side cache.
Purpose: speed up repeated searches and keep the service responsive.
2.3 Search audit log
Each /api/search call is written asynchronously to an operational audit table. The request response is
never failed solely because this write fails.
Fields stored:
- timestamp (
created_at), - SHA-256 hash of the source IP address (
client_ip_hash), - normalized query,
langandpage, - whether the response was cached, request duration and status code,
- error message for failed searches, when present,
- full response JSON for successful searches, including result titles, URLs, snippets,
publishedAtandengine, - remaining rate-limit allowance, when available.
The IP hash is pseudonymous, not anonymous: it is stable and currently unsalted, so it can still be personal data if combined with other information.
Purpose: debugging, abuse investigation, reliability analysis, rate-limit tuning and aggregate service metrics.
Retention: there is currently no fixed automatic deletion window for the audit table. Records may be deleted, rotated or compacted manually as part of operations. We plan to replace this with a fixed automatic retention window; until then, assume audit records can remain until manually deleted.
2.4 Web-server and hosting logs
Standard web-server and hosting logs may record source IP, timestamp, path, status, User-Agent and similar operational metadata. Retention is controlled by deployment configuration and log rotation.
2.5 Rate limiting
Requests to /api/** are counted per source IP so the service can enforce fair-use limits.
Rate-limit state stores the source IP, remaining allowance and recent request timing for a short operational window.
3. External search sources
Your query may be forwarded to third-party search providers depending on current configuration and availability. Those third parties may receive your query and network metadata under their own privacy policies, not ours.
If you do not want third-party search providers to see a query, do not send it to this service. There is no per-request provider opt-out in the public API.
4. What we do with data
- We do not sell, rent, lease or trade your queries, IP hashes or responses.
- We do not use your queries to train, fine-tune or evaluate machine learning models.
- We do not share your queries with advertisers. We have no advertisers.
- We do not build user profiles for advertising or tracking.
- We may derive aggregate, non-identifying counts such as request volume, cache hit rate or error rate.
5. Legal bases (GDPR / EU/EEA users)
If you are in the EU/EEA, the legal bases for processing are:
- Legitimate interest (Art. 6(1)(f) GDPR) for operating, debugging, securing, rate-limiting and improving a public API.
- Compliance with a legal obligation if we are required to retain or disclose data by law.
You may have rights of access, erasure, restriction, objection, portability and complaint to a supervisory authority. Because there are no accounts, requests can be difficult to verify. To help us search records, include the approximate timestamp, query text, and source IP used at the time if you are comfortable sharing it. Contact: see the support page.
6. Children's privacy
The service is not directed at children under the age of 13 (or 16 in the EU/EEA). Do not use it to submit personal data about children.
7. International transfers
The service is hosted in a single region. By using it from another region, your query and network metadata may cross borders. External search providers may process data in other regions under their own policies.
8. Security
We apply reasonable technical measures: HTTPS in production, no accounts to compromise, limited public API surface, hashed source IPs in the audit table, and best-effort operational access control. No system is perfectly secure; report vulnerabilities via the support page.
9. Changes to this policy
We may update this policy. The current version is always at this URL. Material changes will be summarized in the changelog.
10. Contact
Questions about privacy: see the support page.
Last updated: 2026-06-06.