Privacy Policy

Last updated: 2026-05-19

BitSeek is built on the principle that a search engine should not know who its users are. This document explains the data we collect, the data we don't collect, and what we do with it.

We do not log IP addresses. Your IP is never written to disk, never recorded in our database, and never shared with anyone. Full stop.

What we collect

Queries. We log the text of each query, the timestamp, the response latency, and the number of results. We use this to debug, improve ranking, and report aggregate stats. Queries are not linked to any user identity unless you create an account and explicitly opt-in to history.
Click events. When you click a result, we record which result at which position for which query — never who clicked. This is what powers the "self-improving" ranking that learns to bury low-quality domains.
Dwell-time hints. When you return to BitSeek after clicking a result, we record roughly how long you were away. We never see what you did on the destination site.
Anonymous rate-limit token. For each incoming request we compute a short one-way HMAC-SHA-256 hash of the IP, salted with a per-deployment secret, and truncated to 16 hex characters. This hash — not the IP — is what we use to rate-limit spam and abusive traffic. The hash cannot be reversed to recover the IP, and because every BitSeek deployment uses a different salt, hashes cannot be correlated across instances.

What we do NOT collect or store

We do not log, store, or retain IP addresses in any form.
We do not log full User-Agent strings (we hash them the same way as IPs, for the same reason).
We do not link queries to a user identity unless you create an account and opt in to history.
We do not run third-party trackers, analytics, advertising pixels, or fingerprinting scripts.
We do not share data with third parties. Ever.
Favicons are served through our own proxy — your browser never directly contacts Google, Cloudflare, or any other favicon service.

How requests are routed

To protect upstream search engines from blocklisting our nodes (and us from being blocked), BitSeek routes queries to a private cluster of SearXNG nodes. Some upstream traffic is forwarded through a residential proxy network to avoid datacenter-IP discrimination. Upstream engines see the proxy IP, not yours — but they never see your IP either way, because your IP never leaves our edge.

If you create an account

Accounts are optional. If you sign up:

We store your email, a salted hash of your password (bcrypt), and your account preferences.
Premium members may opt-in to search history — when enabled, your queries are linked to your account. You can wipe history at any time. Disabling history stops new recording.
You can delete your account and all associated data at any time from your account page.

Bitcoin payments

Premium upgrades are paid via BTCPay Server. We see only the on-chain transaction details we need to confirm payment (amount, invoice ID, status). We do not collect billing addresses, names, or KYC information.

Cookies & local storage

BitSeek uses one browser localStorage key (bs-auth) to keep you logged in if you create an account, and a single session cookie on the admin panel (HttpOnly, Secure, SameSite=Lax). We do not use third-party cookies of any kind.

Data we keep

Anonymous query & click logs — kept indefinitely in aggregate form to power ranking. They contain no identifiers that link back to you.
Rate-limit hash counters — held in memory / Redis, expire automatically within hours.
Account data — kept until you delete your account, at which point it is removed.

Your rights

You can request a copy of all data we have about you, or request deletion, at any time by emailing the operator of this instance. If you're using a self-hosted BitSeek, contact whoever runs it.

Changes

If we change this policy, the "last updated" date above will move forward. For substantial changes affecting existing accounts we'll notify you by email.