Does Brave Search collect personal data and how is it stored?
Executive summary
Brave Search presents itself as a privacy-first search engine that “doesn’t collect personal information about you, your device or your searches” and says it avoids storing identifiers that can link queries to individuals [1] [2]. In practice Brave combines default non‑collection, privacy‑preserving engineering (STAR, k‑anonymity) and selective, limited processing — and it also relies on publishers, partners and optional features that can introduce personal data flows outside the core private-by-default promise [3] [4].
1. How Brave frames its promise: private by default and no linkable identifiers
Brave’s official Search privacy notice explicitly states that Brave Search is “designed to be private by default” and that the service “doesn’t collect personal information about you, your device or your searches,” claiming it does not transmit profiling information to the web [1], and Brave’s API documentation reiterates that it “does not collect any identifiers that can link a search query to an individual or their devices” [2]. These commitments are echoed across Brave’s broader privacy materials, which stress minimizing collection as a primary protection and adherence to GDPR/CCPA principles [5] [6].
2. Engineering controls: STAR, k‑anonymity and unlinkable bouncing
Brave has developed and published privacy‑preserving systems such as STAR, which enforces a k‑anonymity property so data contributions are not unique to any one user and can only be observed when shared by multiple users, and features like “unlinkable bouncing” and ephemeral site storage to reduce cross‑site linkage and third‑party tracking [3] [7]. Brave describes these as technical mechanisms that allow some product telemetry or Web Discovery contributions without making users uniquely identifiable [3] [7].
3. What Brave does collect or process (advertising, clicks, optional features)
Brave acknowledges limited processing of aggregate or non‑linkable metrics: it records clicks and views of Brave Search ads to measure ad effectiveness but says this measurement data “cannot be linked back to individuals or their devices” [1]. Brave’s browser privacy policy and product pages also note that certain features — for example, Brave Rewards or integrations that require payments — entail storing identifiers or interacting with third‑party processors (Brave records some identifiers on US servers; payment details handled by Stripe) and that some cached performance data may be held briefly [5] [2].
4. The partner and publisher caveat: where personal data can enter the system
Brave’s separate notices for publisher and business partner interactions make clear a crucial exception: data collected by publishers or business partners can be shared with Brave, and Brave may process or pass such “End‑User Data” to advertisers or partners under contractual terms — Brave says publishers are responsible for obtaining lawful bases for collection and passing consent to Brave [4] [8]. This creates a channel where personal data originating outside Brave’s private‑by‑default search pipeline can be involved in Brave’s services [4].
5. Independent reporting and caveats: claims versus independent verification
Third‑party guides and reviews broadly repeat Brave’s privacy claims — that Brave Search does not track or store personal searches — but these are largely summaries of Brave’s documentation rather than independent audits [9] [10] [11]. Investigative or technical third‑party audits are not present in the provided material, so public-facing claims rest primarily on Brave’s statements and technical whitepapers like STAR; absent independent verification, there remains a gap between company promise and externally validated practice [3] [1].
6. Bottom line and practical implications
Brave Search does not, by its published policies, collect identifiable personal search queries or device identifiers for building user profiles; it employs privacy‑preserving systems (STAR, k‑anonymity, unlinkable bouncing) and limits retention of transient data [1] [3] [7]. However, exceptions exist: ad measurement, opt‑in features (e.g., Rewards), publisher/partner data flows, and third‑party payment processors can introduce personal data that Brave processes or routes under contract, and Brave records certain identifiers on U.S. servers for operational reasons [1] [4] [5] [2]. The assessment depends on those nuances: for default, non‑opted‑in users Brave Search appears to avoid collecting personal search data according to its documentation, but users relying on Brave for absolute absence of any data flow should note the documented exceptions and the reliance on partner‑provided consent regimes [1] [4].