What encryption and tracking protections does Qwant implement for EU users?

1. Qwant’s stated legal and policy protections: GDPR and European hosting

Qwant emphasizes legal protections for EU users: it says it is hosted in Europe, acts as a data controller under GDPR, publishes a privacy policy explaining what it collects and how users can exercise rights (including contact details for a DPO), and highlights the right to deletion under European law ^{[1] [3] [2]}. These policy claims create a regulatory framework that constrains what Qwant can lawfully do with user personal data inside the EU ^{[3] [2]}.

2. Tracking mitigations Qwant advertises: no‑tracking, no cookies, VIPrivacy, Maps and workplace tools

Qwant repeatedly claims it “does not track users,” does not plant cookies or third‑party advertising, and returns unpersonalized search results to avoid filter bubbles ^{[1] [5] [8]}. It offers a browser extension called Qwant VIPrivacy designed to block trackers and cookies when Qwant is the default search engine, and a business product Qwant@Work to limit collection of personal data for organizations ^[4]. Qwant also promotes privacy-aware services — for example Qwant Maps, which it says “finds addresses and guides you around without tracking you,” and mentions Tor/.onion and a no‑JavaScript access option in community summaries ^{[5] [6]}.

3. What Qwant publicly says about encryption and technical protections — and what is not documented

None of the provided sources supply a detailed technical whitepaper describing end‑to‑end encryption of queries or a proprietary multi‑layer encryption system specific to Qwant; instead the public material focuses on legal protections, hosting location and anti‑tracking features ^{[1] [3]}. Third‑party guides and aggregator sites list Qwant among privacy‑focused engines and assert it “doesn’t track users,” but they do not document a unique transport or local encryption protocol beyond standard web protections referenced in broader privacy comparisons ^{[8] [9] [10]}. Therefore, the reporting here documents claims about privacy posture and extensions, but does not provide independent proof of special encryption layers implemented uniquely by Qwant ^{[1] [3] [8]}.

4. Independent testing and regulatory signals that complicate the picture

Community audits and tracker tests have found requests that look like tracking or monitoring on Qwant pages; an independent tester using uBlock Origin logged requests such as “rum” (real user monitoring) that raised questions about extraneous requests from the site ^[7]. More consequentially, France’s data regulator (CNIL) issued a legal reminder in February 2025 noting that data Qwant processed to Microsoft was personal data rather than anonymous, which directly challenges blanket claims of anonymization when third‑party services are involved ^[4]. These findings indicate gaps between corporate messaging and observable data flows or regulatory interpretation ^{[7] [4]}.

5. Practical implications for EU users — strengths, limits, and risk mitigation

For EU users, Qwant’s strengths are its GDPR‑bound governance, Europe‑based hosting, anti‑tracking features (no cookies claims, VIPrivacy extension) and privacy‑focused services like Maps and enterprise offerings ^{[3] [4] [5]}. However, documented third‑party requests and the CNIL reminder about data sent to Microsoft show that complete isolation from external processors and residual telemetry cannot be assumed from public claims alone ^{[7] [4]}. Users seeking maximal technical anonymity should pair Qwant with additional tools (audited extensions, private browsers, encrypted DNS or VPNs) and consult Qwant’s privacy policy and audit reports for the latest, specific technical details, since the reviewed sources do not include a definitive technical breakdown of encryption in transit or at rest beyond policy statements ^{[3] [8]}.