Our posture on privacy
NOSIBLE is built around public written content, not personal profiles. Public availability does not remove privacy rights. NOSIBLE minimizes personal data in the index, retains limited usage logs for 24 hours, does not log API request or response payloads on normal endpoints, and provides routes for objections, delisting, and removal (ICO).
- NOSIBLE indexes public written sources, not personal profiles or identity datasets.
- The search index is not designed to hold personal data or sensitive records.
- The crawler excludes PII, unsafe domains, adult sites, disallowed social platforms, and marketplaces.
- Website verification checks privacy and terms links for ownership, legal context, and rights routes.
- Public availability does not remove privacy rights under GDPR Article 6 and ICO guidance.
- Usage logs retain only the operational data needed for rate limits and abuse prevention and are deleted after 24 hours.
- NOSIBLE does not log or record API request or response payloads on normal endpoints.
- Websites and individuals can email stuart@nosible.com to request removal, objection, erasure, or delisting review under GDPR Article 17.
Privacy starts with what does not enter the index
NOSIBLE does not index personally identifiable information and does not hold personal data in the search index. The crawler also excludes unsafe domains, inherently pornographic sites, disallowed social platforms, marketplaces, and paywalled content. Privacy risk is reduced before content reaches the core product.
When public-source text still contains personal data, privacy law still applies. NOSIBLE relies on legitimate interests, necessity, minimization, public transparency, and case-by-case handling of objections or removal requests, consistent with GDPR Article 6, GDPR Article 14, ICO guidance, CNIL web-scraping guidance, and EDPB Opinion 28/2024.
Customer API data is minimized by default
| Area | NOSIBLE position |
|---|---|
| Search index | The index is for public written content and source metadata. It is not designed to hold personal data. |
| Website legal pages | NOSIBLE scans homepage links for privacy policies and terms of service so the source can be reviewed against public legal context. |
| Legal basis | Public-source processing is assessed through legitimate interests, necessity, minimization, and balancing under GDPR Article 6. |
| Transparency | Web-scale indirect collection relies on public notice and safeguards under GDPR Article 14 and the Article 14(5)(b) disproportionate-effort framework. |
| Usage logs | Usage logs contain only the operational data needed for rate-limit enforcement and abuse prevention. They are always enabled and retained for 24 hours. |
| API payloads | NOSIBLE does not log or record API request or response payloads on normal endpoints. |
| Delivery files | Bulk Search and Time Search results are delivered as encrypted JSON files. |
Source owners can ask to be removed from the index
Website owners and individuals can email stuart@nosible.com with the affected URL, the request type, and enough information to verify their identity or authority. Website opt-out requests lead to removal from the index and notice to affected paying customers. Individual objections, erasure requests, and delisting requests are reviewed case by case against privacy, accuracy, source context, public role, public interest, and the right to information under GDPR Article 17, Google Spain, GC and Others v. CNIL, Google LLC v. CNIL, and NT1 and NT2 v. Google.
Common privacy questions
Does NOSIBLE store personal data in the index?
No. NOSIBLE does not index personally identifiable information and does not hold personal data in the search index. The crawler is focused on public written source material, and pages that create personal-data risk are outside the intended search corpus. Privacy risk is reduced before content reaches the product.
Does public availability remove privacy rights?
No. Public availability is relevant to reasonable expectations, but it does not switch off privacy law. ICO guidance is explicit that personal data can remain protected even when it is publicly available (ICO). NOSIBLE handles that through minimization, source exclusions, public privacy information, and a route for objections, delisting, or removal requests.
What lawful basis applies to public-source processing?
For UK and EU privacy analysis, the relevant basis is legitimate interests under GDPR Article 6(1)(f). That requires a purpose, necessity, and balancing assessment. KNLTB v. Autoriteit Persoonsgegevens confirms that commercial interests can qualify, subject to strict necessity and balancing. NOSIBLE limits processing through source context, exclusions, minimization, and rights handling.
Why does NOSIBLE look for privacy policies and terms of service?
Privacy policies and terms help identify who operates a website, what jurisdiction may apply, and what public rights routes the source owner makes available. NOSIBLE uses homepage link scanning and strict URL matching to find those documents. They support source review, legal-entity extraction, jurisdiction checks, and case-by-case handling of removal or privacy objections.
Why is unsafe or adult content mentioned on the privacy page?
Those exclusions reduce data-handling risk before content enters the product. NOSIBLE checks domains with Google Safe Browsing and excludes inherently pornographic websites using known unsafe or NSFW lists. CNIL guidance also treats sensitivity-heavy sources as higher risk in scraping assessments (CNIL). These categories add privacy and safety risk without improving the search corpus.
What customer data does NOSIBLE retain for API operations?
NOSIBLE retains limited usage logs for 24 hours to enforce rate limits, prevent abuse, and maintain service reliability. These logs contain the operational metadata needed to run the API. NOSIBLE does not log or record search queries, request payloads, response payloads, or customer content on normal endpoints.
Can usage logging be disabled?
No. NOSIBLE keeps the minimum usage metadata required to enforce rate limits, identify abuse, and operate the service reliably. It is always enabled and automatically deleted after 24 hours. This operational logging does not include search queries, request payloads, response payloads, or customer content from normal endpoints.
How are Bulk Search and Time Search results protected?
Bulk Search and Time Search results are delivered as encrypted JSON files rather than written to ordinary API logs. Access is limited through the delivery configuration agreed with the customer. After delivery, customers control who can access the files, where they are stored, and how long downstream systems retain them.
Can a website ask to be forgotten?
Yes. A website owner can email stuart@nosible.com with the affected domain or URLs and enough information to verify ownership or authority. NOSIBLE removes approved opt-out requests from the index and notifies affected paying customers of the change.
Can an individual ask NOSIBLE to delist a result about them?
Yes. Email stuart@nosible.com with the affected result and proof of identity. NOSIBLE reviews requests case by case, balancing privacy, accuracy, public role, source context, and public interest. Delisting is not automatic; information about public figures or significant public matters may remain indexed where public access outweighs privacy (Google Spain; GC and Others v. CNIL).
How does NOSIBLE handle transparency when data comes from third-party sources?
NOSIBLE collects from published sources rather than directly from every person named in those sources. Individual notice at web scale can be impossible or disproportionate, but GDPR Article 14 still requires public information and safeguards. The Article 29 Working Party transparency guidelines require a documented analysis and public notice where Article 14(5)(b) is used.
What happens to delivery files and customer outputs?
Fast Search returns results in the HTTP response. Bulk Search and Time Search results are delivered as encrypted JSON files. Delivery setup controls customer-side access, retention, and handling.
What privacy issues should customers consider with delivery files?
Customers should review where result files land, who can access that storage, and how long downstream systems retain the outputs. NOSIBLE protects Bulk Search and Time Search delivery files with encryption, but customers control their downstream storage and access policies.