Following the Privacy by Design principle, Cliqz creates innovative browser features without compromising the privacy of users.

Most products and services in the Internet seem to be free at first glance, but you indirectly pay them with your personal data. Companies such as Google or Facebook log the activities of Internet users on large scale – not only on their own pages, which is quite legitimate, but also on third-party websites. All this happens usually in the background and invisible to the user via third-party trackers. Google, Facebook & Co. collect as much information about users as possible. According to the companies, this is to improve the quality of their services. In fact, they merge the data into detailed user profiles and use it for targeted advertising.

Reach of Tracking Companies

Cliqz also requires vast amounts of data for its search engine and anti-tracking technology. In our opinion, collecting data is not reprehensible in itself and sometimes simply necessary to provide certain services. However, data protection must not fall by the wayside! This is why we – unlike most other Internet companies – limit ourselves exclusively to anonymous statistical data. We don’t need to know anything about you as a person to make it easier for you to search and browse the web. Your name, age, gender, personal interests and preferences are none of our business. Therefore, we don’t store any personal information that could be used to identify users or create user profiles.

We’re convinced and have proven that complex systems like a search engine can be built and operated without endangering the privacy of the user. We’re following the Privacy by Design concept that was originally developed by data protectors in the mid-1990s.

Our implementation of Privacy by Design guarantees that nobody can learn anything about your browsing behavior. At the same time, consistent data protection and no-compromise privacy protection are unique selling points in a market dominated by quasi-monopolists. The Cliqz Browser and the anti-tracking technology are based on a TÜV-certified architecture that is designed for data protection and user privacy. Our data infrastructure is secured by multiple layers of protection. This applies both to the servers (backend) and to the communication between the Cliqz software on the client device and the backend. Among other things, we use a proxy network and encryption to ensure that no conclusions can be drawn about the person transmitting the data.

Private Data Remains Under the User’s Control

We moved data aggregation from the server side to the client side. For example, your history and bookmarks are stored solely on your client device and are not transferred to servers as with other providers. You always have full control over your data and can delete it at any time.

To maintain and improve our search technology, we only collect strictly anonymous statistics about how you use Cliqz. We use three channels to do this: telemetry (signals about your system and usage data), atomic units of query logs (query-URL required to improve the search results from the Cliqz backend), and Human Web (statistical data that is used to detect websites to add to the Cliqz index and assess their relevance and safety). See our privacy policy for more details.

At no occasion is any Personal Identifiable Information (PII) collected from any of these channels. In fact, we break URL and search down to atomic units that make even the connection between two data points (as harmless as they individually might be) impossible. That makes it impossible for us, or any other entity that might gain access to the data, to build a user profile by aggregating all your data points. Such profiles are technically impossible because different data points have no key which would allow aggregating or connecting them.

Proxy Network Obfuscates User Identity

IP addresses required for the proper functioning of our search engine are deleted immediately after the respective search query has been processed. If you wish, you can also search via a proxy network to hide your IP address from the Cliqz servers. This will, however, slow down the search process because the data is redirected several times.

The transmission of Human Web data is also encrypted via a proxy network. We only receive the IP address of the proxy network and cannot derive any users from it. The proxies themselves aren’t able to read the encrypted information. As a result, sender and content are completely separated from each other. This makes it impossible to ever link user and usage data.

Die IP-Adresse wird im Proxy-Netzwerk verschleiert, Cliqz sieht nur die Suchanfrage ohne jeglichen Personenbezug.

Anonymization of Telltale URLs

In general, everything that can be done in terms of data aggregation on the server side can also be done on the client side. The data always remains locally on the user’s device and is queried there if necessary. However, there are a few things to consider in this context in order not to endanger the user’s privacy. For example, we don’t collect any web addresses (URLs) that contain PII.

But we do not only distinguish between public and private URLs. Public URLs may contain a lot of additional information. For example, if you search for a hotel on a travel portal, you’ll often find information about the travel period and destination as parameters in the URL. Private URLs, on the other hand, can often be accessed without prior log-in and even contain personal data such as usernames or passwords (e.g. twitter.com/username). This information can be used to identify individuals. Some URLs also contain parameters that even allow tracking of users across multiple domains. In order to filter out such “insecure” URLs and to prevent that personal data ends up on our servers, we use different heuristic and machine learning-based mechanisms.

Only data from URLs that have the same content when you're logged in or logged out is recognized as

Preventing Deanonymization

Due to the way we collect and store data, subsequent deanonymization is impossible. To protect your privacy, we strictly separate site visit statistics from search statistics. This prevents any link between two data points, no matter how harmless they may be in themselves. In addition, we don’t store session IDs or time stamps that are exact to the second or minute. To ensure that browser sessions cannot be reconstructed, we transmit the data about each page visit individually and at least with a one-hour delay. This makes it impossible to track you across multiple pages or domains. Neither we nor third parties, who may gain access to the data legally (authorities) or illegally (hackers), will be able to create a user profile by merging all data points. Thanks to the Privacy by Design architecture, there are no reference points in the data stored on Cliqz servers that would allow data points to be merged or connected to reconstruct profiles.

This means that your anonymity will always be preserved. Even if we wanted to or were legally obliged to do so, we could never share personally identifiable information with third parties. Due to our Privacy by Design architecture, it’s technically impossible to collect such information.

Maximum Transparency

The Cliqz Browser and all integrated features are open source. This allows anyone to check the code. Our software, infrastructure and data collection methods are also regularly reviewed internally and externally. External reviewers include experts from Mozilla, Princeton University and RedTeam Pentesting. In addition, we have built a transparency monitor to give you insight into which data is generated when using the Cliqz Browser. It displays the data we receive when you start typing a search term into the address bar or when you visit a website.

Cliqz also follows the principles of Privacy by Design when it comes to our business model. MyOffrz is the first service that brings together tailored offers and individualized, interest-based targeting with consistent data privacy and protection. Best of all: The whole process takes place directly in your browser. None of your personal data leaves your device! The MyOffrz software decides in the browser, that is locally installed on your device, which offers you wind up seeing. It “knows” what is most likely to interest you – based on your searches and your visits to websites. The data required for the decision-making process always remains on your device, in your possession and under your control. Creating user profiles isn’t necessary for that business model either. To show you the right website, the right information or the right offer, we don’t need to know anything about you. This is a real paradigm shift.