Privacy Policy.

Last updated: 2026 · This is a plain-language policy, not legal boilerplate. If anything here ever conflicts with how the product actually behaves, the product's behavior is the source of truth and we'll fix the wording. The one-sentence version: we designed Searxly so there's almost nothing about you to collect in the first place.

1. Our approach

Searxly is private by architecture, not by promise. There are no accounts, no analytics SDKs, and no telemetry in the app. We don't build an ad profile of you, and we have no business model that depends on your data. Most of what the app does happens entirely on your own Mac, where we never see it.

2. What stays on your device

The following never leaves your machine and is never sent to a Searxly server:

• Search queries & results — your searches run through a SearXNG instance running locally on your Mac and are aggregated on-device. We don't receive, store, or log them.
• Browsing history & bookmarks — stored on your device. You can turn history off, and turn on encryption-at-rest (CryptoKit + your Keychain) for stored data.
• Wallet keys — generated from a standard BIP-39 phrase and encrypted on your device. They never leave it. We cannot access your funds, see your phrase, or sign on your behalf.
• Passwords — the optional password vault is local and encrypted; entries are not synced to us.
• On-device AI — when Searxly AI runs locally (Apple Intelligence or your own local model), your prompts, attached files, and any retrieved context stay on the Mac. You can verify this with a network monitor.

3. The AI layer

Searxly AI is off until you turn it on, and a master switch makes the whole layer inert. There is no training on your conversations and no behavioral profile, ever. Two things are worth knowing:

• Private search grounding: when the AI looks something up, it routes only through your own private SearXNG — never a public instance or an ad network. Tool use is shown in the chat and written to an activity log you can read and export.
• Optional private cloud: if you opt in to the cloud tier (for more power than on-device), the prompt and the context you choose to include are sent to the independent inference provider that runs the open model, so it can generate a reply. That provider processes the request to serve it; we don't attach your identity to it, and it isn't used to advertise to you. Prefer to keep everything local? Leave the cloud off — on-device is the default.

4. Normal browsing requests

Searxly is a web browser, so when you open a page or load a result's favicon, thumbnail, or a knowledge-card source (e.g. Grokipedia), your device contacts those third-party sites directly — exactly as any browser does. Those servers see a normal request and your IP. Built-in ad & tracker blocking reduces this; we don't sit in the middle of it or log it.

5. This website

The marketing site is static and ships no tracking scripts and no advertising cookies — fittingly, given where we stand on advertising. Your host may keep standard server access logs (e.g. IP, user-agent) for security and operations, as is normal for any website.

6. The holder waitlist

If you choose to join the waitlist, we process the minimum needed to verify eligibility and send your download:

• Email address — so we can send your app download and waitlist updates.
• Public wallet address — to read your public $SEARXLY balance on Base.
• A one-time signed message — proving you control that address. It cannot move funds or authorize spending.

We read your balance via a public Base RPC and re-verify it server-side. We never request a transaction, never move funds, and never receive your private keys. Joining is entirely optional.

7. Third parties we touch

• Base RPC node — public blockchain node, used to read your token balance (sees the read request + your IP, like any on-chain read).
• Price feeds (e.g. DexScreener / CoinGecko) — for token prices and charts in the wallet.
• Inference provider — only if you enable the Searxly AI cloud; receives your prompt + chosen context to generate a reply.
• Email provider — only if you join the waitlist; delivers your confirmation and download email.
• Local search engine — the bundled SearXNG runs on your own machine as part of the app; it's local infrastructure, not a service we receive data from.

We do not sell, rent, or share your data with advertisers or data brokers. Ever.

8. Data retention

On-device data lives on your device for as long as you keep it — and clears when you delete it, run a panic-wipe, or enable strict privacy mode. Waitlist records (email + verification) are kept only as long as needed to run early access. You can ask us to delete your email and waitlist record at any time.

9. Your controls

• Turn history off, or encrypt stored data at rest.
• Keep the AI off entirely, or local-only; require confirmation for any tool that touches the network.
• Panic-wipe / strict privacy mode to clear local data and AI memory instantly.
• Don't join the waitlist — and the rest of this site reads nothing about you.

10. Children

Searxly is not directed to children, and the holder waitlist and any token activity are intended for adults. Crypto involves legal and age requirements that vary by region — please don't route around them.

11. Contact & official channels

Questions, security reports, or deletion requests — reach the team here. These are the only official channels; anything else claiming to be Searxly isn't:

• X / Twitter — @Searxly
• Telegram channel — t.me/searxlyapp
• Telegram community — t.me/searxlycom
• Discord — discord.gg/YNNgTkNAXD
• Source code — GitHub

12. Changes

If this policy changes, we'll update the date above and post material changes on our official channels. We'll keep it short and honest.