Privacy Policy

Introduction

This Privacy Policy describes how Rufous Search handles information when you use our service. We designed the product around the principle that your queries are yours — not a product to be sold or profiled. By using Rufous Search you agree to the practices described below.

What we collect

Rufous Search itself does not maintain user profiles, advertising identifiers, or long-term behavioural data about your search history. For each search request we record an audit entry containing the timestamp, the project token used, the originating IP address, the query string, and the authorisation status (allowed, missing token, or invalid token). This audit data is used only to operate and secure the service.

Cookies

We set a single session cookie after you sign in. It stores a session identifier only; it does not contain your password, token, or personal information. You can clear this cookie at any time by signing out.

Third-party search providers

Your query is forwarded to the upstream search engines chosen by the administrator. Those providers operate under their own privacy policies. Rufous Search does not reveal your identity to upstream engines — requests are proxied from the server, not from your browser.

Data retention

Audit logs are retained for as long as your organisation requires. You may request deletion of audit entries associated with your account by contacting your administrator.

Security

Passwords are hashed with a salted hashing algorithm before storage. Access tokens follow the sk-prod-… format and are generated with a cryptographically secure random source. We recommend rotating tokens periodically and revoking any token that may have been exposed.

Your choices

You may delete your account at any time. Deleting your account removes your user record and invalidates the project token associated with your account.