Zero-Logs
by Design
BrowserCity does not retain session content or browsing history by default. The architecture keeps vendor-side retention narrow while preserving the operational metadata needed to run sessions.
Last updated: March 1, 2026
Many services promise not to log your activity. BrowserCity’s default architecture is designed to avoid retaining session content or browsing history: ephemeral containers, no persistent session storage, and no session recording pipeline.
Our Commitment
browser.city was designed from day one around a simple principle: you should be able to trust your browser infrastructure provider. That trust cannot rest on policy alone. A privacy policy can be changed overnight. A well-designed architecture cannot.
Zero-logs is not a feature we layered on top of an existing system. It is the foundational architectural constraint from which everything else follows. Every engineering decision — container isolation, storage design, logging pipelines — is evaluated against this commitment first.
What We Do Not Log
The following session-content categories are not retained by BrowserCity as persistent vendor logs by default:
URLs & Navigation
BrowserCity does not retain a browsing-history log of session URLs by default. Network infrastructure and proxy providers may still process destination metadata as needed to route traffic.
Page Content
BrowserCity does not retain page HTML, text, or media as a persistent session-content log by default. Customer-requested extraction artifacts may be returned to your application.
Screenshots & Video
We have no vendor-side session recording pipeline. Screenshots or videos explicitly requested through the API are returned to your client rather than treated as retained BrowserCity activity logs.
Request & Response Payloads
Network traffic between your browser session and external sites is not intercepted, inspected, or logged at the payload level.
Cookies & Storage
Browser cookies, local storage, and session storage within your browser sessions are destroyed with the container on termination.
Input & Keystrokes
BrowserCity does not provide a keystroke, form-input, or mouse-event recording product surface for retained vendor-side session playback.
What We Do Track
We document the minimal data we must retain to operate a billing-based service. The following billing metadata is collected:
- Session duration — start timestamp and end timestamp, retained for billing calculation and invoicing.
- Proxy tier — which proxy type (datacenter, residential, mobile) was used, retained for per-tier billing accuracy.
- Plan tier — which plan was active during the session, retained for invoice generation.
- API endpoint called — the control-plane endpoint (e.g., "create session," "terminate session"), not any session content.
This metadata is used to operate, secure, and bill the service. It is separate from retained browsing-history or page-content logs, but network delivery can still require destination and routing metadata.
Architecture
Each browser session runs in a dedicated ephemeral container provisioned for that session alone. The architecture enforces zero-logs at multiple layers:
Ephemeral Containers
Sessions run in containers that are created fresh for each session and destroyed immediately on termination. There is no shared state between sessions and no persistent storage attached to a session container.
No Storage Mounts
Session containers have no persistent volume mounts. All data written inside a container lives only in the container's memory and ephemeral filesystem, which is destroyed when the container exits.
No Content Logging Pipeline
Our logging infrastructure is explicitly scoped to control-plane events (session lifecycle, billing events, errors) and is not designed to retain browser data-plane content as an activity log.
Direct WebSocket Connections
Your Playwright or CDP connection goes directly to the browser process inside the container. We do not proxy, intercept, or record this WebSocket stream.
Third Parties
We do not install analytics, tracking pixels, or session recording tools on browser session traffic. Cloud infrastructure, network services, and proxy providers necessarily process the routing metadata required to deliver traffic, such as destination addresses, connection metadata, and byte counts.
Proxy providers — where used — may process outbound connection metadata (for example, destination IP/domain and byte counts) as technically necessary for routing. BrowserCity limits what it shares to what is needed for delivery and does not use proxy providers as a retained browser-session content log.
Verification
We believe privacy commitments should be verifiable, not merely stated. We welcome independent scrutiny of our architecture and policies:
- Security researchers are invited to review our architecture claims. Contact security@browser.city.
- We commit to working with independent auditors to verify our zero-logs architecture on request from enterprise customers.
- If you discover a discrepancy between our stated architecture and observed behavior, we ask you to disclose it responsibly so we can address it.
Responsible disclosure: security@browser.city
Contact
Questions about our zero-logs architecture or this policy:
- Email: privacy@browser.city
- Security: security@browser.city
Give your AI agents the web.
Start for free. No credit card required. Private sessions by default.