Privacy Policy.
The short version: we collect almost nothing for the browser and searxly.app (our support site at support.searxly.app requires accounts). We tell you exactly what the few exceptions are.
Last updated: July 2026 · This is plain language, not legal boilerplate. If anything here ever conflicts with how the product actually behaves, the product's behavior is the source of truth and we'll fix the wording. The one-sentence version: we designed Searxly so there's almost nothing about you to collect in the first place (except on our separate support site, which requires accounts).
1. Our approach
Searxly is private by architecture, not by promise. There are no accounts, no analytics SDKs, and no telemetry in the app. We don't build an ad profile of you, and we have no business model that depends on your data. Most of what the app does happens entirely on your own device, where we never see it. Where a feature does touch the network, this policy names it and says what it reveals.
2. What stays on your device
The following is stored on your device and is never sent to a Searxly server:
- Browsing history & bookmarks — kept locally. You can turn history off, and turn on encryption-at-rest (CryptoKit + your device keychain) for stored data.
- Passwords — the optional password vault (macOS) is local and encrypted; entries are never synced to us.
- Biometric templates — Face ID, Touch ID and Secure Enclave data never leave your device. See the Biometric Data Policy.
- Wallet keys — on macOS, wallet keys are generated from a standard recovery phrase and encrypted on your device. They never leave it; we cannot access your funds, see your phrase, or sign on your behalf.
- Search on macOS — your searches run through a search engine on your own Mac (see section 3).
- Agentic Tools (macOS) — the local tool server your own AI can connect to runs entirely on your Mac, and is off by default (see section 4).
3. Search & address-bar suggestions
How search reaches the web depends on your platform:
- On macOS, Searxly runs a SearXNG search engine locally on your Mac. Your query is aggregated on-device, and the engine fetches results from upstream sources directly from your machine (or through Tor in Searxly Maximum). We do not receive, store, or log your searches.
- On iPhone & iPad, the search engine can't run on the device, so the app searches through our hosted instance at search.searxly.app. Your query and IP reach that server the same way any request reaches any website. We run SearXNG, which is built not to keep search logs or user profiles — we don't associate queries with your identity, build ad profiles from them, or sell them. The server keeps only minimal, short-lived operational data (as any server does) to run the service and prevent abuse.
- Address-bar suggestions — as you type, search-query completions are fetched from your configured search instance: on macOS that's your local engine, so they never leave your Mac; if you set a remote instance (or on iPhone & iPad, where “Online Suggestions” is off by default), they're sent there. There's no third-party autocomplete, and website/history suggestions are always computed locally.
4. On-device AI & Agentic Tools
Searxly's own AI features run on your device, not in a Searxly cloud:
- On iPhone & iPad, optional AI features — a short AI Overview above results, page summaries, and “ask about this page” — run entirely on-device using Apple Intelligence. Nothing is sent to any server, which is why they also work in private tabs. (Page translation likewise uses Apple's on-device translation.)
- On macOS, Searxly has no built-in AI assistant. Instead it exposes its private browsing as tools your own local AI can call over the Model Context Protocol, through a small server that is off until you turn it on, bound to loopback, and protected by a token. Tool calls run locally — private search routes only through your own engine, and page reads or browser actions happen on your device — and every call is written to an activity log you can read. If you connect a cloud model yourself, whatever your client sends to that provider is between you and them; Searxly still runs the tools locally and sends nothing itself.
5. Safe-browsing warning
Searxly can warn you before a known-malicious or deceptive site. The check runs against a blocklist bundled inside the app, entirely on your device — deliberately not Google Safe Browsing, which would send every address you visit to a third party. Nothing about the sites you visit leaves your device. It's on by default, and you can turn it off.
6. VPN (macOS)
Searxly's base edition includes an optional managed VPN. When you turn it on, your internet traffic is routed through our VPN server before it reaches the sites you visit — so that server necessarily carries your traffic in transit. We operate it on a no-logs basis: we don't keep records of the sites you visit through the VPN. The server processes only the minimal connection data needed to run the service and prevent abuse. Access can be gated by a pass — connecting proves a signature from your wallet and an on-chain check, which our gateway sees and uses only to verify access, not to profile you.
7. Wallet & on-chain features (macOS)
If you use the built-in wallet, your keys stay on your device (see section 2). To function, it reads public information and uses a few third parties:
- Blockchain nodes (Base RPC) — to read balances and broadcast transactions you approve, through public Base RPC providers. Like any on-chain request, they see the request and your IP.
- Transaction history — fetched from a public block-explorer API (Etherscan); it sees the address you're viewing and your IP.
- Price feeds (CoinGecko, DexScreener) — for token prices and charts.
- Optional name resolution — if you turn on ENS / Basenames, .eth and Base names are resolved through a public Ethereum/Base RPC.
- Swaps — a swap you start is routed through the 0x aggregator and on-chain routers; our gateway prepares it from your wallet address and a signature you approve, and uses them only to carry out that action.
We never custody your funds, act as a broker or exchange, or sign on your behalf. On-chain swaps carry a small fee, described in our Terms.
8. Places & maps — Local Pack (macOS, off by default)
If you turn on Local Pack, a place-type search — for example “pharmacies in Lyon” — sends just the place category and the city you name to the Searxly gateway, which runs the OpenStreetMap/Overpass lookup server-side and returns the places and the map. The map-data providers only ever see our gateway, never you. It's city-level only — there's no “near me” and no access to your precise location — and it's disabled entirely in Searxly Maximum.
9. Feedback you send us (macOS)
If you use in-app Feedback, or submit a knowledge-panel correction, the message you write is delivered to our team channel (through a webhook to Discord, which processes it as our messaging tool). We receive only what you choose to type, plus any minimal context you include. It's entirely optional, and only ever sent when you press send.
10. App updates (macOS)
Searxly checks for updates by requesting our update feed from searxly.app. That request reveals your IP and current version to the host, like any web request. Updates are cryptographically signed and verified before they install. In Searxly Maximum the update check is fetched over Tor (and can use an .onion feed), so even the version check doesn't reveal your IP.
11. Normal browsing requests
Searxly is a web browser, so when you open a page or load a result's favicon, thumbnail, or a knowledge-card source (e.g. Grokipedia or Wikipedia), your device contacts those third-party sites directly — exactly as any browser does. Those servers see a normal request and your IP. Built-in ad & tracker blocking reduces this; we don't sit in the middle of it or log it.
12. This website
The searxly.app site is static and ships no tracking scripts and no advertising cookies — fittingly, given where we stand on advertising. See our Cookie Policy for details. Your web host may keep standard server access logs (e.g. IP, user-agent) for security and operations, as is normal for any website.
13. Support website (support.searxly.app)
Our support portal at support.searxly.app is a separate service that requires account creation to submit tickets, view history, or receive updates. This is the only place in our ecosystem where accounts exist.
When you create an account there we collect:
- Your email address (required for the account)
- Any information you voluntarily include in support tickets or feedback
- Standard session and authentication data (cookies, IP for security)
This data is used only to provide support and is not linked to your activity in the Searxly browser. The browser and searxly.app itself never require accounts.
14. Editions
Searxly Maximum is built to be 100% local: it has no managed VPN, no wallet, no Local Pack, and no feedback webhook. Its search runs locally and can route through Tor, and its bundled Tor runtime is signature-verified at every launch. In short, Maximum touches the network in even fewer places than the base edition.
15. What we never do
We do not sell, rent, or share your data with advertisers or data brokers — ever. We don't run analytics or telemetry, and we don't build a profile of you.
16. Data retention
On-device data lives on your device for as long as you keep it, and clears when you delete it, run a panic-wipe, or enable strict privacy mode. The Searxly browser and searxly.app have no server-side accounts. The only accounts in our ecosystem are on the separate support site (see section 13). The limited server touch-points above (our search instance, the VPN/gateway, Local Pack, feedback you send, and support portal) keep only minimal, short-lived operational data as described.
17. Your controls & rights
- Turn history off, or encrypt stored data at rest.
- Keep Agentic Tools off entirely, or local-only, and require confirmation for any tool that touches the network.
- Use panic-wipe or strict privacy mode to clear local data instantly.
Because the browser itself holds almost nothing about you, you control your own data directly on your device. For the limited server touch-points (including the support portal, which requires accounts), you can contact us to ask what we hold or request deletion. If you're in the EU/EEA or the UK, you keep your local data-protection rights, including access and erasure.
18. Children
Searxly is not directed to children, and any token or crypto activity is intended for adults. Age and legal requirements for crypto vary by region — please don't route around them.
19. Who we are & contact
Searxly is published by Nathan Ducatillon, a sole trader (entrepreneur individuel) trading as Searxly, registered in France under SIREN 107 502 882, with a registered office at 10 rue de Penthièvre, 75008 Paris, France. For the limited personal data described in this policy, the data controller is Nathan Ducatillon (Searxly), reachable at privacy@searxly.app; full identification is in our Legal Notice. For questions, security reports, or data requests, reach us through the channels below. These are the only official channels; anything else claiming to be Searxly isn't:
- Email (privacy & data requests) — privacy@searxly.app
- X — @Searxly
- Telegram channel — t.me/searxlyapp
- Telegram community — t.me/searxlycom
- Discord — discord.gg/YNNgTkNAXD
- Source code — GitHub
20. Changes
If this policy changes, we'll update the date above and post material changes on our official channels. We'll keep it short and honest.