Home · How it works · Policies · Privacy Policy · Terms · Refunds · Submit your site

Privacy policy

Exactly what data we collect, what we don't, and why you can trust it.

arlong is a privacy-first search engine. Our design philosophy is simple: if we don't collect the data, we can't lose it, sell it, or be forced to hand it over. This page documents every piece of data that does - and does not - touch our systems.

Short version: We collect almost nothing. No IPs, no user agents, no search histories, no cookies, no fingerprints. You are a ghost to us, and we intend to keep it that way.

What we collect

The only data we persist is aggregate, anonymized statistics used for our live dashboard. No individual search can be identified, linked, or reconstructed.

Data point Collected? Details
Total searches per hour Yes A single integer counter incremented once per search. No association with any user, IP, or query. Reset every hour. Used for the public stats page.
Search query text No Queries are sent to upstream search providers (DuckDuckGo, Bing) and are never written to disk, database, or log files by arlong.
IP address No Never logged, never stored. Your IP exists only transiently in server memory during the request. Country detection is performed on your machine via ip-api.com — the lookup result (country code only) is cached in your browser session and never sent to us or written to any database. We do not see, store, or process your IP address.
User-agent string No Never logged or stored. We do not parse, record, or analyze browser fingerprints.
Session cookies No No tracking cookies, no persistent sessions. A session cookie is set only for the admin panel and never for regular visitors.
Referring URL No Referrer headers are never logged or stored.
Timestamps No Individual search timestamps are not recorded. The hourly counter resets without any per-request timing data.
Browser fingerprint No We do not run any fingerprinting scripts, canvas fingerprinting, or device identification of any kind.
Error logs Partial When something breaks, we log the error message and a timestamp. These logs contain no user-identifiable information - no IPs, no queries, no headers. Used solely to diagnose and fix bugs.

What "no logging" really means

Most search engines claim they "anonymize" your data after a period of time. That means they do collect it first, then try to strip identifiers later. That is not what we do.

No logging means the data never exists in the first place.

Here is the technical reality of how our no-logging policy works at every layer of the stack:

Application layer (Python / Flask)

Our Flask application does not call logging.info() or any equivalent for incoming requests. The standard Flask request logging that most websites enable by default is explicitly disabled. Search queries are passed directly to upstream providers in memory and never touch a write buffer, database connection, or file handle.

Web server layer (Gunicorn / Vercel)

We run with access logging disabled. The web server is configured to never write access logs. This means no raw request lines, no status codes paired with IPs, no user-agent strings persisted at the infrastructure level. If your hosting provider or load balancer generates logs (e.g., Vercel's edge logs), those logs contain only ephemeral metadata with no query content and are subject to their infrastructure policies - we do not read, store, or export them.

Database layer

There is no database of searches. Our data storage (S3 and local JSON files) contains only:

There is no table, collection, or file that maps a search query to a user, IP, or time.

Upstream requests

When you search, arlong fetches results from DuckDuckGo and Bing on your behalf. We do not add tracking parameters, unique identifiers, or custom headers to these requests. The upstream providers see a request from our server, not from you. We use a rotating pool of user-agent strings to blend in with regular traffic, further protecting your anonymity.

How we collect stats data

The only persistent data we collect is the hourly search count displayed on our live stats page. Here is exactly how that works:

Can the stats data identify you? No. A count of "47 searches at 14:00" cannot be reverse-engineered to know what was searched, who searched it, or even whether the same person searched twice. It is a number, nothing more.

What data we explicitly NEVER collect

To be absolutely clear, here is a comprehensive list of data that never enters our systems:

Advertising on the homepage

arlong has introduced optional banner advertisements on the homepage portal only. Here is what you need to know:

Your privacy is unchanged. The introduction of homepage ads does not affect our data collection practices. We still collect nothing — no IPs, no queries, no browsing history. See our Advertising policy for full details.

Legal compliance

We designed arlong to make compliance with legal data requests technically impossible because we do not possess the data to hand over.

If we ever receive a legal request (court order, subpoena, national security letter), we will challenge it to the fullest extent possible. Because we designed the system to log nothing, we can honestly certify that there is no responsive data to produce.

Changes to this policy

If we ever change how data is collected (which is unlikely, given our design principles), we will update this page and note the date of the last change. We will never retroactively change how your data is treated without explicit notice.

Last updated: July 2026

Community system (votes, comments, domain reports)

arlong has an optional community system that lets signed-in users upvote, downvote, and comment on search results, as well as report low-quality domains. Here is exactly what data is involved:

Your privacy is still protected. No email, no real name, no tracking across the web. The only data we keep is what is strictly necessary for the community system to function and prevent abuse. You can vote and comment without revealing anything about who you are.

Contact

If you have questions about this privacy policy, our data practices, or would like to report a privacy concern, please email us at ahilan290@gmail.com or reach out on Reddit at u/PeaceThrough.