Sprigr uses a zero-knowledge search architecture. Every query runs inside the user’s browser via WebAssembly. No search data is transmitted, stored, or processed on any server. Privacy compliance by design, not by policy.
Start My Free TrialEvery time a visitor types a query into a traditional site search, that keystroke is sent to a third-party server. The server logs the query, timestamps it, and often ties it to an IP address, session ID, or user account. This happens on every keystroke if you use an as-you-type search provider.
Search queries are personal data under GDPR. They reveal what people are thinking, what they want to buy, what medical symptoms they are researching, and what financial products they are comparing. The European Data Protection Board has made clear that search queries constitute personally identifiable information, especially when combined with identifiers like IP addresses or cookies.
The moment you send search queries to a third-party server, you become a data processor with real obligations. You need a Data Processing Agreement with your search provider. You need consent flows for search tracking. You need to handle data subject access requests — if a user asks what search queries you have stored about them, you must be able to answer. You need deletion workflows, data retention policies, and cross-border transfer mechanisms if your search provider operates outside the EU.
This is not a hypothetical burden. Fines under GDPR reach up to 4% of global annual revenue. And regulators are paying more attention to third-party data processors than ever before.
Privacy that is enforced by architecture, not by a privacy policy someone wrote and nobody reads.
The Sprigr WASM engine loads your pre-compiled search index into the browser. Every query is scored, filtered, and highlighted locally. No network request is made for search. Your server never sees what users are searching for, because the data never leaves their device.
Sprigr sets zero cookies. There is no localStorage usage, no fingerprinting, and no session tracking for search functionality. The WASM module runs in memory and leaves no trace on the user’s device when the tab is closed. No consent banner required for search.
Sprigr’s optional analytics track aggregate metrics: total search count, popular queries, and click-through rates. There are no individual user profiles, no search history per user, and no way to reconstruct what a specific person searched for. Aggregate data is not personal data.
The data flow that determines your compliance burden.
With Sprigr, your search functionality is compliant by default.
Yes. Because Sprigr runs search entirely in the browser, no search query data is ever transmitted to or stored on any server. There is no personal data processing for search functionality, which means no GDPR obligations arise from search queries. You do not need a Data Processing Agreement, consent banners, or data subject access request workflows for search.
No. Sprigr does not set any cookies, use localStorage, or fingerprint users for search functionality. The WASM module runs entirely in memory during the browser session. Optional analytics are aggregate only — click counts and popular queries, never individual user profiles.
Yes, search queries are widely considered personal data under GDPR. They reveal user intent, interests, health concerns, and other sensitive information. When combined with IP addresses or session identifiers, they become directly attributable to individuals. This is precisely why server-side search creates such a significant compliance burden — and why Sprigr’s browser-side approach eliminates the problem entirely.
No. A DPA is required when a third party processes personal data on your behalf. Since Sprigr search runs in the user’s browser and no search query data is transmitted to Sprigr’s servers, there is no data processing relationship for search queries. Your data ingestion via the REST API is a separate matter and is covered under standard terms.
There are none. Search queries stay in the user’s browser and are never sent to any server, regardless of where that server is located. This means no Schrems II concerns, no Standard Contractual Clauses needed, and no adequacy decisions to worry about for search functionality. Your EU users’ search queries never leave their devices.
Full access for 6 months. No credit card required. No user data to worry about.
Start My Free Trial