Earlier, we answered some questions about our service on the privacytools.io forum. Some of this information has changed since then and here are our updated answers as of 8-11-2020.

Who owns the company/organization? What percentage does each owner hold? (December 31 of prior year and current date)

Infinity Search is owned by Innovare Technologies, an Oklahoma company. There is only one owner. Since we have no outside influence, we never have any conflicts of interest.

Have you changed how information is processed and shared in the last year?

We no longer use DuckDuckGo's Instant Answer API and now we directly use Wikipedia's one. We also have our own index now, but there is no logging of information on that one.

Do you share data – even “fuzzed” or “anonymized” data – with any of the owners/shareholders or any other company or organization server?

We use some third party services to retrieve and display information on Infinity Search. These services do get the search query but that is all. These services are Wikipedia for our instant extracts integration and Microsoft for our web results. On our service and index, however, we do not log anything regarding what our users are searching for.

To track site metrics, we built an analytics platform, Infinity Analytics, that is open source that only stores the page that was viewed and the HTTP referrer. On a technical note, we only store the url and path of these sources.  The query string and parameters are not stored (e.g we store page=infinitysearch.co/results and not page=infinitysearch.co/results?q=your_private_search).

Please share a diagram showing how information flows when a user interacts with your service.

There is not a need for a diagram here because we can explain it easily in words. A user comes to our site and searches for something, we make the search on their behalf and display the results on their page without ever logging any identifiable information about them. On all of our pages, we log the page that is being viewed the HTTP referrer with our analytics engine.

Which components of your service are not open source? Where can we find the code for the open source components?

The only part of our service that is not open source at the moment is the web crawler, indexer, and proxy. This is because they are not done yet and they are still in too early of development to be released. Everything else, however, including our mini projects, are open source and available on our GitLab profile.

Have you had any independent audits in the last three years? Please share the dates of those audits and audit reports.

No. We are a new service and have never had an audit of any kind. Since our service is open source, anyone is welcome to view our code, analyze it for their concerns, and inform us of the results. Some people already done this and it has helped us improve our service.

If you require sign-up or account creation, do consumers have easy access to tools to delete their data? Can they delete everything on the servers or just the local cache?

When users delete their account, all of their information is permanently deleted. We also make it very easy for users to delete their account.

Is there a way for consumers to view any information you have collected about them?

For users without accounts, we do not collect any indentifiable information about them. We are working on documenting and making our website visit statistics open to the public, however.

For users with accounts, the information that is stored about them is what they choose to store/save onto their account and they can view this from their account page at any time. They can delete parts of their data manually or when they delete their account, everything about them is permanently removed.

What is your business model? How do you fund operations and make money?

We make money in three ways: non-tracking advertisements, affiliate links, and Infinity Search Pro (still under development).

Do you offer a transparency report?

No. We do not know what a transparency report entails but we would be willing to make one.

How is data secured (in transit and at rest)?

Our service always uses the HTTPS protocol such that all connections are encrypted. All data that is stored is also encrypted.

Who has access to customer data?

Wikipedia and Microsoft can see the searches that are being made.

What 3rd parties have access to customer data?

Wikipedia and Microsoft can see the searches that are being made.

What processes do you have in place if there is unauthorized access to data?

If there was a data breach, we would inform our users of what happened and make them reset their passwords. On our side, we would research how it happened and learn how to prevent something like that from happening again.

What customer data is collected, how often, and in what level of identification?

For visitors without accounts, the only data that is collected is the page that was viewed and the HTTP referrer. This is only used for site metrics and cannot be used to identify users.

For users with an accounts, their emails and hashed passwords are saved along with any other permanent information that they decide to save.

Will changes to your Terms & Conditions and privacy policies be communicated to end users at least 30 days in advance of any changes? How will these changes be communicated?

No, not at the moment. Since we are constantly making new changes and updates to our service, we will inform our users of the changes that we make right around the times that they happen. For big changes, however, we will inform our users in advance.