Data at rest & device

Stored on your Mac.
Encrypted. Wipeable.

Searxly keeps your data on your device — and then protects it there. History and passwords can be encrypted at rest with CryptoKit, secrets live in the data-protection Keychain, and a panic-wipe clears all of it instantly. There are no accounts and no telemetry, so there's nothing on our side to leak.

Encryption at rest

A master key the OS guards for you.

When you turn on encryption at rest, Searxly protects stored data with CryptoKit — Apple's vetted crypto library — under a master AES key. That key isn't sitting in a file: it lives in the macOS data-protection Keychain, marked WhenUnlockedThisDeviceOnly and non-syncable, so it never leaves the machine and isn't readable while the device is locked.

  • AES via CryptoKit — no homemade crypto
  • Master key in the device-only Keychain, this device only
  • Secrets scoped to the sandboxed app's access group
History · passwords · AI memory
Your local data
↓  encrypt with CryptoKit
🔒 AES master key
Guarded by the OS, not stored in a plain file
🔒 Data-protection Keychain
WhenUnlockedThisDeviceOnly · non-syncable
Encrypted at rest, on your disk
Locked device → key unreadable → data unreadable
What's stored, and how

Local first, protected second.

Encrypted at rest

Turn on encryption and stored data is protected with CryptoKit + your Keychain. It's an option you control, applied to the data that matters.

Local password vault

The optional password vault is local and encrypted; entries are never synced to us. Its store uses the same data-protection Keychain posture as the wallet.

History on your terms

Browsing history and bookmarks stay on the device — and you can turn history off entirely, or clear it whenever you like.

Panic-wipe & strict mode

A panic-wipe or strict privacy mode clears local data and AI memory instantly — one action, everything gone, no server copy to chase.

No accounts, no telemetry

There are no accounts, no analytics SDKs and no phone-home. We don't build a profile, because there's no pipe for your data to flow through.

Tab hibernation & blocking

Content and tracker blocking and tab hibernation are built into the core — privacy hygiene that's on by design, not an add-on you hunt for.

At a glance

The storage posture.

Encryption
CryptoKit (AES) for data at rest, under a master key
Key & secret storage
macOS data-protection Keychain, WhenUnlockedThisDeviceOnly, non-syncable
Scope
Items scoped to the sandboxed app's access group
Password vault
Local, encrypted, never synced
Erase
Panic-wipe / strict privacy mode clears local data + AI memory
Cloud copy
None — no account, no server-side store, no telemetry
The trade-off, stated plainly

Local-only means the backup is on you.

Keeping everything on-device with no cloud copy is the privacy win — and it means there's no "forgot password, email me a reset" safety net we could offer, because that would require us holding your data. Your wallet recovery phrase and your own device backups are the way back in. We think that's the right trade for software built to own your data, but you should know it going in.

Your data, on hardware you own.

Encrypted at rest, wipeable in a tap, and never mirrored to a server.

Next: Web & accessPrivacy Policy