Zero-Logs
by Design
We don't log what you do because the system is built so the data never exists in the first place. Policy alone is not enough — architecture is the guarantee.
Last updated: March 1, 2026
Many services promise not to log your activity. We go further: we build the system so that logging session content is technically impossible at rest. Ephemeral containers, no persistent storage, no session recording pipeline.
Our Commitment
browser.city was designed from day one around a simple principle: you should be able to trust your browser infrastructure provider. That trust cannot rest on policy alone. A privacy policy can be changed overnight. A well-designed architecture cannot.
Zero-logs is not a feature we layered on top of an existing system. It is the foundational architectural constraint from which everything else follows. Every engineering decision — container isolation, storage design, logging pipelines — is evaluated against this commitment first.
What We Do Not Log
The following data is never collected, stored, or accessible to browser.city or any of its employees, infrastructure providers, or subprocessors:
URLs & Navigation
The URLs you visit within a browser session are not logged. We have no record of the sites your sessions access.
Page Content
The HTML, text, or media content of pages loaded in your sessions is never stored or processed by our infrastructure.
Screenshots & Video
We have no screenshot or session recording pipeline. Any screenshots taken via the API go directly to your client — they are never stored on our infrastructure.
Request & Response Payloads
Network traffic between your browser session and external sites is not intercepted, inspected, or logged at the payload level.
Cookies & Storage
Browser cookies, local storage, and session storage within your browser sessions are destroyed with the container on termination.
Input & Keystrokes
Keystrokes, form inputs, mouse events, and any interaction data within your session are never recorded or transmitted to our systems.
What We Do Track
We are transparent about the minimal data we must retain to operate a billing-based service. The following billing metadata is collected:
- Session duration — start timestamp and end timestamp, retained for billing calculation and invoicing.
- Proxy tier — which proxy type (datacenter, residential, mobile) was used, retained for per-tier billing accuracy.
- Plan tier — which plan was active during the session, retained for invoice generation.
- API endpoint called — the control-plane endpoint (e.g., "create session," "terminate session"), not any session content.
This metadata is the minimum required to produce an accurate invoice and detect abuse. It contains no information about what your session did.
Architecture
Each browser session runs in a dedicated ephemeral container provisioned for that session alone. The architecture enforces zero-logs at multiple layers:
Ephemeral Containers
Sessions run in containers that are created fresh for each session and destroyed immediately on termination. There is no shared state between sessions and no persistent storage attached to a session container.
No Storage Mounts
Session containers have no persistent volume mounts. All data written inside a container lives only in the container's memory and ephemeral filesystem, which is destroyed when the container exits.
No Content Logging Pipeline
Our logging infrastructure is explicitly scoped to control-plane events (session lifecycle, billing events, errors) and never touches the data plane where browser traffic flows.
Direct WebSocket Connections
Your Playwright or CDP connection goes directly to the browser process inside the container. We do not proxy, intercept, or record this WebSocket stream.
Third Parties
We do not install analytics, tracking pixels, or session recording tools on any infrastructure that handles browser session traffic. Our cloud infrastructure providers receive only the metadata necessary to route network traffic — they cannot see session content either.
Proxy providers — where used — receive outbound connection metadata (destination IP/domain, byte counts) as is technically necessary for routing, but do not have access to our user data or session associations.
Verification
We believe privacy commitments should be verifiable, not merely stated. We welcome independent scrutiny of our architecture and policies:
- Security researchers are invited to review our architecture claims. Contact security@browser.city.
- We commit to working with independent auditors to verify our zero-logs architecture on request from enterprise customers.
- If you discover a discrepancy between our stated architecture and observed behavior, we ask you to disclose it responsibly so we can address it.
Responsible disclosure: security@browser.city
Contact
Questions about our zero-logs architecture or this policy:
- Email: privacy@browser.city
- Security: security@browser.city
Start building in under a minute
Free tier. No credit card. Full stealth from day one.