Security.
Most "private" software asks you to trust a company. Searxly is built so there's almost nothing to trust in the first place — the engine runs on your Mac, your keys never leave it, and the AI defaults to on-device. This is the full, honest breakdown, feature by feature.
What stays on your Mac, and what crosses the line.
The whole design hinges on a single boundary: your machine. The sensitive things — your queries, your keys, your AI prompts — live inside it. Only a few, well-defined requests ever cross out, and you can see every one of them.
Sandboxed app · Hardened Runtime · no accounts · no telemetry
.onion tabs route through Tor relays, hiding your IP. The rest of your browsing isn't touched.Every outbound action is shown, logged, and yours to refuse.
Eleven layers, one principle.
Each piece is engineered to remove a reason to trust us. Open any one for the mechanism — diagrams, specs, and the threats it's built to stop.
Four rules behind every decision.
Verifiable, not trusted
The strongest privacy claim is one you don't have to believe. The search engine runs on hardware you own; the local AI tools never call an AI provider, verifiable with a network monitor; the source is published. We'd rather show you than ask you to take our word.
Defense in depth
No single control is treated as a silver bullet. Prompt injection gets five layers; the wallet seed gets a slow KDF, AES-GCM, the Secure Enclave and a lockout. If one layer fails, the next is still standing.
Least privilege
The app is sandboxed and the privileged work is isolated behind an XPC helper, so even a compromised web page is fenced in. Components get exactly the access they need and nothing more.
Honest about limits
Security isn't marketing. Where a guarantee has an edge — your IP to a search engine, prompt injection as an unsolved field, a feature still pending review — we say so plainly instead of papering over it.
Found something? Tell us.
If you believe you've found a vulnerability, please report it privately through an official channel before disclosing it publicly, and give us a reasonable window to fix it. Security researchers acting in good faith are welcome here.
Official channels only · Please don't test against other people's machines or funds