As a company based in Germany, the Cliqz GmbH (“we”, “us”, “Cliqz”) is subject to the strict German and European data protection regulations. But our standards and policies go far beyond that. Our primary principle is “Privacy by Design”: We never store any data that could be used to identify a user of Cliqz (“you”). Because of such design, we never store what you are searching or doing on the web in an identifiable manner. Our guiding principle is to – where technically possible – never even initiate a transfer of personally identifiable information (“PII”) at all.

Protecting your privacy is part of our DNA

Why? To help you search and browse the web, we do not need to know anything about you as a person. Your name, age, gender, interests and preferences are none of our business. That is why – unlike most other internet businesses – we do not even want to gather such information in the first place.

On the other hand – we do not fool ourselves: Data is an important part to build complex systems like search. However, we strongly believe, and have proof, that such systems can be built without compromising the privacy of users. In everything we implement we ask ourselves: If somebody evil would get access to the data we have on our servers, if we get hacked, if we need to hand over the data to a (foreign) government – would anyone of our users be at risk? If the answer to this question is yes, then the data itself should never ever be collected in the first place. And so we simply don’t collect it.

Last but not least: We do know privacy policies are hard to read and most often literally impossible to fully understand: the line between anonymous and pseudo-anonymous can be very fine. To gain your trust we have open-sourced all of our front-end code (and hence everything that sends something from your computer). We know very few people will ever look into the code, but: you or everyone else could every time check that we’re honest. And hence we cannot hide anything. And we will never do – because protecting your privacy is part of our DNA.

History and bookmarks are always processed only locally and never sent to us

While you are typing queries or web addresses into Cliqz we offer you website suggestions. These suggestions are based on our web search technology and/or on your browser data (e.g., history and bookmarks). It is important to note that Cliqz processes your browser data only locally. This data (e.g., your history and your bookmarks) never leaves your computer.

No identification required

Cliqz does not require you to log in nor provide us with your name or email address. We don’t need and we don’t want to know who you are. Cliqz therefore doesn’t collect or process data such as email addresses or names.

There is one exception to this rule (that requires you actively triggering it!): When you contact us for questions or feedback (e.g., through our hotline or by writing us an email), you can choose to send certain information such as your email address, name or phone number to us. Why? Because this way we can get back to you with the answer or the resolution of the issue. This data is used solely to process your enquiry and stored in case any follow-up queries arise. No one at the Cliqz GmbH except the support team has access to this data (this has e.g., been validated by TÜV Saarland) and we of course will never give access to anyone else or any other company. In case you want to go super private, but still get a support answer, we recommend contacting us via a one-time anonymous email address. That’s totally ok for us – we don’t need to know who you are.

No IP addresses collected

For our servers to communicate with your computer (in particular, to provide you with results from the Cliqz backend), it is technically inevitable to receive your IP address and use it in the exchange of messages between the two machines. This IP address is only and exclusively used to send and receive the information described in this privacy policy and to provide results for a given query. It is discarded immediately thereafter. Other than that, we do not store our user’s IP addresses on our servers. In some cases, as described below in the section on the Human Web, we use a proxy network so that we do not even receive user’s IP addresses.

Strictly anonymous data that is collected by Cliqz

To maintain and improve our search technology and browsing experience, Cliqz does collect strictly anonymous data from you using Cliqz through three channels: telemetry (signals about your system and usage data), atomic units of query logs (query-URL required to improve the search results from the Cliqz backend), and Human Web (statistical data that are used to detect websites to add to the Cliqz-index and assess their relevance and safety). At no occasion is any PII collected from any of these channels. In fact, we break URL and search down to atomic units that make even the connection between two data points (as harmless as they individually might be) impossible, and hence makes it impossible for us, or any other entity that might gain access to the data, to build a user profile by aggregating all your data points. Such profiles are technically impossible because different data points have no key which would allow aggregating or connecting them. In detail:

1) Telemetry

Cliqz logs signals about your system and how you use Cliqz (telemetry) solely to operate and for further development. In this channel, two kinds of data are collected:

a) System Data

For statistical purposes, Cliqz logs the following information about the system environment it is run on:

  • The current state and characteristics of the Cliqz software. This is all software versioning information of Cliqz, plus the information when and through which distribution channel Cliqz has been installed. We use this information to identify and associate potential bugs with specific versions that we provide either on our premises or to distribution partners.
  • A system profile identifier: this is a fully anonymized tag that allows us to improve Cliqz’ search experience through long-term studies by recognizing a given system environment. The identifier is never (not even at browser level) connected to any information about your online behavior, e.g., websites you visit or searches you make.

b) Structural usage data

Structural usage data collected through the telemetry channel is used to improve the experience you have when using Cliqz’ search. This is statistical data about HOW you perform searches (i.e. the way you interact with Cliqz), but not WHAT searches you perform.

N.B.: As these Cliqz data sets contain no personally identifiable details and are not combined with any, it is impossible to draw any conclusions about users’ online behavior.

2) Query logging

This channel collects signals about WHAT you search and where you land. That is why we do not collect any personal identifier here, which makes it impossible to associate searches with users. Moreover, all query entries and clicks on website suggestions are evaluated only as a single event, disentangling these signals from everything else. Thus, we are neither able to combine data from multiple entries or multiple clicks on website suggestions, nor to link this information with personal information like your email address or an IP address, either.

Query logging data is used to further improve the Cliqz backend. More specifically:

  • To be able to suggest websites in real-time while you are typing into Cliqz’ combined browser-and-search-bar, Cliqz sends your keystrokes to our servers. With every new keystroke, our backend scans our index and predicts the most relevant results for your search query.
  • “Relevant” to that regard is (very simplified) defined by the frequency a given website is clicked on for a given query. In other words, Cliqz predicts the most probable site you will navigate to, based on the (partial) query that you type. In order to further improve this mechanism of relevancy, Cliqz logs the clicks in its drop down menu and the respective queries.

3) Human Web

Our search technology works with the “wisdom of the crowd” and a technology called Human Web. Users contribute anonymously to the statistical data that are used to detect websites and assess their relevance and safety. This way each of our users makes searching for everyone else better and the web a safer place.
The more users use Cliqz, the better it gets for everyone. However, all query entries and website visits are evaluated only as a single event, disentangling these signals from everything else. Thus, we are neither able to combine data from multiple entries or multiple visits to websites, nor to link this information with any personal information like your email address, either. In particular:

  • Cliqz sends to our servers data about your website visits and how you interact with this website. This is carried out entirely anonymously, without reference to any personally identifiable information or user identity.
  • In cases where it adds to the improvement of result ranking and result snippet information, Cliqz also collects the site’s content. This is done only for sites for which at no point the Cliqz GmbH can draw any conclusion about a single user, i.e. we do not collect any information from sites that require any form of login.
  • All Human Web communication is routed through a proxy network. This ensures that when we receive the data we do not know anything about the user because the proxy network removes the user’s IP address etc. (we only get the IP from the proxy network and cannot infer any user from it). The proxy itself cannot read or learn anything about the message content (as it is encrypted). Hence we fully separate sender and content and make it impossible for all involved parties to ever connect user and usage data. IP addresses are removed automatically from the Human Web data before we even receive it.

Strictly anonymous data that users can choose to share

When using Cliqz, you can choose to share your location with the Cliqz backend. In this case, Cliqz uses this information only and exclusively to add local results and local information to result snippets in its dropdown. Also, here we technically limit ourselves to not be able to infer any information about a single user. In detail: In case the user chooses to share the information, the Cliqz backend receives latitude and longitude information, but only after reducing the initial 6 decimal places of this information to only 3. This translates to a precision of roughly a square area with a diagonal of 130 meters around your actual location. Thus, Cliqz is able to provide accurate local results without being able to identify e.g. your home or work address. Please also note this is a feature that you must actively enable, your location is never shared by default.

Where is the data processed?

To offer the best-possible performance worldwide, the technical infrastructure for the operation of the Cliqz-technology and -browser is distributed across computer centers in Germany and the United States, and can – when required – also use computers across the world. We don’t believe it matters where the servers are located, but what is stored on the servers. In our case: only non-personally identifiable information, i.e. nothing that could be linked to a particular person. Data is only used to build Cliqz features like search; data stored in our servers cannot be repurposed to learn profiles or track individual people.

Please note, however, that if you chose to contact us, personally identifiable communication information may be routed through (and stored on) servers outside the European Union.

The Cliqz-technology is open source

We have nothing to hide. Please feel free to check our code at any time on our publicly accessible Github repository (https://github.com/cliqz-oss).

Disclosure of data

We never do (and are not even technically able to) disclose any personally identifiable information to 3rd parties.

We might be legally required to disclose available data to 3rd parties. However, even if such data was disclosed, no personally identifiable information of any kind is present in that data, thus your total anonymity is guaranteed from 3rd parties that are granted access to the data. The disclosed data cannot be used to track or to build a profile of a user in any way.

Redirect to search engines

To offer you a complete browser experience, Cliqz offers you various options for redirecting to external search engines. When you take advantage of these options, Cliqz forwards your query to the external search engine. Your data then becomes subject to the respective provider’s rules and methods.

Scope of this privacy policy

Protecting your privacy is part of our DNA and hence we apply privacy to all of Cliqz’ products. This specific privacy policy applies to CLIQZ for Desktop and CLIQZ for Firefox. Additional information about CLIQZ for Android and CLIQZ for iOS can be found below. There is a separate data privacy statement for this website. The separate privacy policies for the Ghostery products can be found here.

CLIQZ for Android

This app asks for accessing the following:

  • Precise location (GPS and network based)
    When using Cliqz, you can choose to share your location with the Cliqz backend. In this case, Cliqz uses this information only and exclusively to add local results and local information to result snippets on the result cards. Please also note this is a feature that you must actively enable, your location is never shared by default.
  • Photos / Media / Files
    Cliqz needs these permissions for you to be able to upload and download files to and from websites. Cliqz also uses this data to analyze which third parties are trying to access your data, and we use this data for our anti-tracking and anti-phishing functions.
  • Camera
    With the feature Connect, you can couple Cliqz for Android with the Cliqz browser on your desktop device. To do so, you need to use your smartphone’s camera to capture a QR code.
  • Others
  • Data from the Internet
    This is technically required, since it is the basic function of a browser.
  • Retrieve network connections
    This is technically required for the basic function of a browser and the search engine.
  • To access all networks
    This is technically required for the basic function of a browser and the search engine.
  • Disable hibernation
    This permission prevents that your device is switching to stand-by, while you stay on a website for a longer time.
  • Install Shortcuts
    This permission allows you to add the app icon on the home screen.

From Android 6.0 onwards you choose whether and when to grant the mentioned permissions to Cliqz. Older versions of Android require permissions to be given upon installation of the app. But the philosophy is the same: We only use the granted permissions when they are needed to perform the specific functionality.

CLIQZ for iOS

This app asks for accessing the following:

  • Location Services (GPS and network based)
    When using Cliqz, you can choose to share your location with the Cliqz backend. In this case, Cliqz uses this information only and exclusively to add local results and local information to result snippets on the result cards. Please also note this is a feature that you must actively enable, your location is never shared by default.
  • Photo Library
    Cliqz needs this permission for you to be able to upload and download files to and from websites. Cliqz also uses this data to analyze which third parties are trying to access your data, and we use this data for our anti-tracking and anti-phishing functions.