This page is WeSearch's full privacy stance, written for humans. We try to keep the inventory small enough to fit on one page, because if you can't read your privacy policy in five minutes, the platform is doing too much. The structure of this page is: what we collect, what we don't, what we share, how long things live, and how to delete it.
What we collect
Identity (anonymous)
The first time you tap a reaction or post a comment, your browser generates a 32-byte random API key and a stable display handle ("Plain Loom 638") derived deterministically from that key. The key never leaves your browser in plaintext. We store a hash of the key on our server so we can verify your reactions are yours. We cannot reverse the hash to find the original key.
Reactions and comments
Reactions you post (👍 ❤️ 🔥 😂 🤔) are stored against the hash of your API key, the URL of the story, and the timestamp. Comments are stored similarly: the comment body, the parent comment id (for threading), the hashed key, and the timestamp. Comments are public by default.
Story view counts
Each /s/<slug> page increments an aggregate view counter on the server. The counter is a single integer per story; it is not associated with any specific reader.
Server logs
Standard HTTP access logs: IP address, user-agent string, request path, response status, timing. Logs rotate within 30 days. We use them for operational debugging (rate-limit abuse, failing endpoints) and never for analytics.
Push subscriptions
If you opt in to push notifications, the browser hands us a Web Push subscription endpoint (a URL on the browser vendor's push server) and a public key. We store these against your hashed API key. If you opt out or revoke browser permission, the entry is deleted.
Donations
If you donate via Stripe, Stripe collects payment information. We never see your card. We receive a Stripe customer id and a charge confirmation; that's it. If you provide an email at donation, it's stored only against the donation record, not the API key.
Optional email-recovery
If you choose to set up cross-device recovery, you provide an email address; we store a hash of (your email + a server salt) along with a hash of your key. The plaintext email is never stored. Recovery sends a single-use link to that email.
What we do not collect
- Real names, addresses, phone numbers. Not asked, not stored.
- Reading history. We don't track which stories you've read, scrolled past, or dwelled on.
- Scroll patterns, mouse movements, dwell time, hover events. No client-side analytics ship.
- Cross-site behavior. No referrer-tracking, no third-party cookies, no fingerprinting.
- Device fingerprints. We use a hashed API key, which you control. We don't compute or store browser fingerprints.
- BYOK credentials. AI keys you provide for in-browser features (Tenor, OpenAI) are forwarded to the upstream provider per request and never persisted server-side.
- Email addresses by default. Email is strictly optional and only used for recovery.
- Any third-party analytics. No Google Analytics, no Meta Pixel, no Chartbeat, no Mixpanel, no Plausible, no Fathom, no PostHog, no anything.
Cookies and storage
WeSearch uses localStorage on your device — not cookies — for:
- Your API key (the only thing that persists across sessions on your device)
- The preferred-feed-category you last picked
- BYOK keys you've entered (browser-only, never sent to our server)
- Tour-completed flag
- Your "Mine" feed list
- Bookmarks and friends list (also synced server-side under your hashed key)
- OG-image cache (a tiny in-memory map of slug → cached image URL)
None of this is sent to our servers except the API key in the Authorization header on requests that need it. We do not set tracking cookies. We do not set third-party cookies. We do not set any cookie that survives a tab close.
Third parties
WeSearch is an aggregator, which means we proxy your requests to upstream providers in some cases. The third parties we talk to are limited to:
- Cloudflare sits in front of our origin server as a CDN + DDoS shield. Every request to wesearch.press hits a Cloudflare edge first. Cloudflare receives your IP, user-agent, and requested path. They do not run an advertising business, do not sell traffic data to ad networks, and let us configure a strict no-third-party-script edge. We use Cloudflare for global TTFB performance and origin protection; the trade-off is honestly disclosed here. If you want to bypass Cloudflare entirely, route via Tor — we don't actively block it.
- Open-Meteo for weather (your latitude/longitude is forwarded only when you query weather).
- Original publisher CDNs for OG images on story pages (the publisher's image URL is fetched server-side and cached).
- Stripe for donation processing.
- VAPID push servers (Mozilla, Google, Apple) for delivering Web Push notifications.
- Optional BYOK providers (Tenor, OpenAI, Anthropic) when you explicitly use a feature requiring your own key.
None of these are passed your identity. The push servers see a randomized endpoint id only.
How long things live
- API key hash: forever, until you reset.
- Reactions and comments: forever, unless you delete them. You can delete any comment you posted.
- Server access logs: 30 days, then rotated.
- Push subscription: until you opt out or revoke.
- Email-recovery hash: until you opt out.
- Donation records: kept for accounting purposes per applicable law.
How to delete your data
You can:
- Reset your local API key to start fresh. Old comments stay public under their old handle but no longer link to you. Settings → Identity → Reset key.
- Delete individual comments at any time from the comment row.
- Opt out of push from Settings → Notifications.
- Opt out of email recovery from Settings → Identity.
- Request full deletion via /support. We will delete every record tied to your hashed key (including comments, reactions, push subscription, and any email-recovery hash) within 7 days and confirm by email if you provide one.
Government requests
If WeSearch receives a lawful subpoena, we will respond per applicable law. The information we have is limited: hashed API keys, public comments tied to those hashes, push subscription endpoints, and short-rotation IP logs. We do not have email addresses by default, do not have real names, and do not have reading history.
Children
WeSearch is not designed for children under 13. We do not knowingly collect any data from anyone under 13. If you believe a child is using WeSearch and want their data deleted, contact /support.
Changes to this policy
We post a dated changelog at the bottom of this page when the privacy stance changes. We don't email you about changes because we don't have your email by default; check this page when you next visit if it matters to you.
Frequently asked
Do you sell my data?
No. We don't have data to sell. We don't track reading history, don't store device fingerprints, don't run third-party analytics, and don't share anything with ad networks.
How do I delete everything tied to my account?
Email /support requesting full deletion. We delete every record tied to your hashed API key (comments, reactions, push subscription, optional email-recovery hash) within 7 days.
Do you use cookies?
We use localStorage on your device for things like your API key and feed preferences, but we do not set tracking cookies. No third-party cookies, no cross-site cookies, no cookies that survive a tab close.
What if a court asks for my data?
We respond per applicable law. The information we have is limited: hashed API key, public comments, short-rotation IP logs, optional push endpoint. We do not have your real name, email (by default), or reading history.