arlong is a privacy-first search engine. Our design philosophy is simple: if we don't collect the data, we can't lose it, sell it, or be forced to hand it over. This page documents every piece of data that does - and does not - touch our systems.
Short version: We collect almost nothing. No IPs, no user agents, no search histories, no cookies, no fingerprints. You are a ghost to us, and we intend to keep it that way.
The only data we persist is aggregate, anonymized statistics used for our live dashboard. No individual search can be identified, linked, or reconstructed.
| Data point | Collected? | Details |
|---|---|---|
| Total searches per hour | Yes | A single integer counter incremented once per search. No association with any user, IP, or query. Reset every hour. Used for the public stats page. |
| Search query text | No | Queries are sent to upstream search providers (DuckDuckGo, Bing) and are never written to disk, database, or log files by arlong. |
| IP address | No | Never logged, never stored. Your IP exists only transiently in server memory during the request. Country detection is performed on your machine via ip-api.com — the lookup result (country code only) is cached in your browser session and never sent to us or written to any database. We do not see, store, or process your IP address. |
| User-agent string | No | Never logged or stored. We do not parse, record, or analyze browser fingerprints. |
| Session cookies | No | No tracking cookies, no persistent sessions. A session cookie is set only for the admin panel and never for regular visitors. |
| Referring URL | No | Referrer headers are never logged or stored. |
| Timestamps | No | Individual search timestamps are not recorded. The hourly counter resets without any per-request timing data. |
| Browser fingerprint | No | We do not run any fingerprinting scripts, canvas fingerprinting, or device identification of any kind. |
| Error logs | Partial | When something breaks, we log the error message and a timestamp. These logs contain no user-identifiable information - no IPs, no queries, no headers. Used solely to diagnose and fix bugs. |
Most search engines claim they "anonymize" your data after a period of time. That means they do collect it first, then try to strip identifiers later. That is not what we do.
No logging means the data never exists in the first place.
Here is the technical reality of how our no-logging policy works at every layer of the stack:
Our Flask application does not call logging.info() or any equivalent for incoming requests. The standard Flask request logging that most websites enable by default is explicitly disabled. Search queries are passed directly to upstream providers in memory and never touch a write buffer, database connection, or file handle.
We run with access logging disabled. The web server is configured to never write access logs. This means no raw request lines, no status codes paired with IPs, no user-agent strings persisted at the infrastructure level. If your hosting provider or load balancer generates logs (e.g., Vercel's edge logs), those logs contain only ephemeral metadata with no query content and are subject to their infrastructure policies - we do not read, store, or export them.
There is no database of searches. Our data storage (S3 and local JSON files) contains only:
There is no table, collection, or file that maps a search query to a user, IP, or time.
When you search, arlong fetches results from DuckDuckGo and Bing on your behalf. We do not add tracking parameters, unique identifiers, or custom headers to these requests. The upstream providers see a request from our server, not from you. We use a rotating pool of user-agent strings to blend in with regular traffic, further protecting your anonymity.
The only persistent data we collect is the hourly search count displayed on our live stats page. Here is exactly how that works:
{"14": 47, "15": 53} means 47 searches were made during the 14:00 hour and 53 during the 15:00 hour./search endpoint is called, an in-memory counter for the current hour is incremented by one. That counter is periodically flushed to disk/S3.Can the stats data identify you? No. A count of "47 searches at 14:00" cannot be reverse-engineered to know what was searched, who searched it, or even whether the same person searched twice. It is a number, nothing more.
To be absolutely clear, here is a comprehensive list of data that never enters our systems:
arlong has introduced optional banner advertisements on the homepage portal only. Here is what you need to know:
Your privacy is unchanged. The introduction of homepage ads does not affect our data collection practices. We still collect nothing — no IPs, no queries, no browsing history. See our Advertising policy for full details.
We designed arlong to make compliance with legal data requests technically impossible because we do not possess the data to hand over.
If we ever receive a legal request (court order, subpoena, national security letter), we will challenge it to the fullest extent possible. Because we designed the system to log nothing, we can honestly certify that there is no responsive data to produce.
If we ever change how data is collected (which is unlikely, given our design principles), we will update this page and note the date of the last change. We will never retroactively change how your data is treated without explicit notice.
Last updated: July 2026
arlong has an optional community system that lets signed-in users upvote, downvote, and comment on search results, as well as report low-quality domains. Here is exactly what data is involved:
Your privacy is still protected. No email, no real name, no tracking across the web. The only data we keep is what is strictly necessary for the community system to function and prevent abuse. You can vote and comment without revealing anything about who you are.
If you have questions about this privacy policy, our data practices, or would like to report a privacy concern, please email us at ahilan290@gmail.com or reach out on Reddit at u/PeaceThrough.