What specific logs or identifiers (IP addresses, timestamps, user agents) does DuckDuckGo state it retains in its full privacy or legal-compliance documentation?

1. “What they explicitly say they don’t keep” — IPs, unique identifiers, and search links

DuckDuckGo’s privacy policy and help pages repeatedly assert that the company “doesn’t save your IP address or any unique identifiers alongside your searches or visits to our websites” and that it never logs IP addresses or any unique identifiers to disk that could be tied back to a user or their search and browsing history ^[1]. The company frames this as a core design principle — “we don’t track you, ever” — and emphasizes that its search engine is engineered so it cannot create a search or browsing history for any individual ^{[2] [5]}.

2. “What they do retain, and how it’s described” — anonymous queries and ephemeral data

DuckDuckGo acknowledges that it does save search queries, but says those queries are stored “completely disconnected from any unique identifiers like IP addresses” and are treated as anonymous data used to improve search indexes and analyze search trends ^[1]. The help pages and privacy policy characterize other device-sent information as used temporarily to deliver content or for security (for example, to block bots), with an emphasis that such information is not stored alongside searches ^{[1] [3]}.

3. “Local search, GEO::IP, and the ‘throw away’ claim” — how location is handled

For localized search results DuckDuckGo explains a specific technical flow: it performs a GEO::IP lookup using the IP address automatically sent by the device to guess location, then states it “throws away the IP address” and, per the privacy policy, does not save the IP address on its servers ^[4]. This is presented as a privacy-engineered compromise to deliver local results without long-term storage of IP-based location data ^[4].

4. “Security reporting and CSP reports” — anonymized telemetry claims

When addressing security tooling and telemetry, DuckDuckGo says its Content Security Policy (CSP) reports “contain no personal information” and are “completely anonymous,” highlighting a consistent framing that diagnostic or security reports are stripped of personal identifiers ^[5]. The company also notes product architecture choices—such as not creating unique cookies—to reduce its ability to link activity to individuals ^[5].

5. “Exceptions and user-consented data: subscriptions, optional features, and support” — limited retention where needed

DuckDuckGo’s materials make clear that optional features and subscription services may require and retain some personal information: the Email Protection feature requires an email address explained in a dedicated policy, and the DuckDuckGo subscription’s privacy terms allow retention of support requests and a “random ID” for subscription purposes while asserting that the random ID is not connected to VPN traffic or credit card data ^{[1] [6] [7]}. The subscription terms state support requests are kept only as long as necessary for support, dispute resolution, safety/security, or legal obligations ^[7]. The company also claims it does not keep VPN activity logs ^[6].

**6. “How to interpret these statements — company claims vs. external verification”

The documentation provided by DuckDuckGo is explicit about what identifiers it says it does not retain (IPs, user identifiers tied to searches) and what limited, anonymized records it does keep (anonymous queries, CSP reports, ephemeral device data used for delivery/security, and limited subscription/support records); those are company assertions presented across its privacy policy and help pages ^{[1] [2] [5] [4] [6]}. The sources in this packet are DuckDuckGo’s own pages and a privacy commentary summarizing those claims ^{[3] [8]}; they do not include independent audit reports or legal subpoenas testing those claims, so reporting here is limited to DuckDuckGo’s stated practices rather than external verification.