How We Built Highlighty So We Can't See Your Searches

Written on:

How We Built Highlighty So We Can't See Your Searches cover image

Most privacy promises are policies: a company collects your data and pledges not to misuse it. That requires you to trust the company, and to keep trusting it as people and priorities change.

We wanted Highlighty's privacy to rest on something sturdier than a promise. So we built it so that seeing your searches isn't something we choose not to do — it's something the design doesn't let us do. This post walks through those design choices for a slightly more technical reader.

TL;DR

  • Local-first by design: your queries, saved lists, search history, per-site memory, and settings live in the browser's local storage on your device.
  • Highlights are painted with the browser's native CSS Custom Highlight API, so page content and form-field values are never modified.
  • Scanned PDFs are read by on-device OCR. The page image never leaves your computer.
  • No remotely injected code (Manifest V3): the code reviewed in the store is the code that runs. We can't ship new behavior after install.
  • Cross-tab find routes through the browser's own internal messaging between your tabs — not through our servers.
  • A PRO account stores only your login details and subscription state. Never your queries, lists, history, or page contents.

Local-first: the data that reveals your work never leaves the browser

The things that would expose what you're working on are exactly the things we keep local. Your typed queries, your saved keyword lists, your search history, the per-site memory of what you last searched, and every setting all live in the browser's local storage on your device.

This isn't a privacy feature bolted on top — it's where the work happens. Searching and highlighting run in your browser, on your machine, which is also why Highlighty behaves the same whether you're online or offline. There's no server in the loop to send anything to, so there's nothing to intercept and nothing for us to see.

Highlights that don't touch the page

A naive highlighter would rewrite the page's HTML to wrap matches in colored tags. That's invasive: it can break the page, and it changes the very content you're reading.

Highlighty instead paints matches through the browser's native CSS Custom Highlight API. The browser draws the color over the matching text without altering the underlying content. The page's real text, and the values in any form field, are never modified — copy, paste, undo, and submit all see the original. (For older browsers without the API, there's a careful DOM-mutation fallback.)

This matters for privacy as much as fidelity: because the highlight is a visual layer the browser manages, Highlighty doesn't need to rewrite or capture page content to do its job.

OCR that runs on your device

Scanned or image-only PDFs have no selectable text, so to search them at all, the images have to be turned into text. The easy way to do that is to ship the image off to a cloud OCR service. We didn't.

Highlighty's OCR runs on your device. The page image is processed locally and never uploaded to any server or third party. That's a deliberate constraint: it's slower than a data center and, in this first release, English-only — but it means the contents of your scanned documents stay on your computer by construction, not by promise.

No remotely injected code (Manifest V3)

Some extensions ship a small shell and then download their real behavior from a server after you install. The consequence is that the code reviewed in the store isn't necessarily the code running on your machine — and it can change at any time without review.

Highlighty is built on Manifest V3 and does not use remotely injected code. What's reviewed and published in the store is what runs. There's no mechanism for it to fetch new behavior after installation, which means the version vetted by the store is the version on your machine.

Cross-tab find without a server in the middle

Cross-tab find (a PRO feature) lets you search every open tab at once and jump to the matches. The obvious way to build that would be to send your query to a server that coordinates across tabs. We didn't build it that way.

Instead, your query travels from one of your tabs to your other tabs through the browser's own internal messaging. It never routes through our servers. The feature works entirely within your browser, so even your cross-tab searches don't leave it.

The one thing a PRO account stores

Honesty means not claiming "nothing ever leaves your device," because PRO does sign in with a Highlighty account. Here's the precise boundary.

For PRO, our servers hold your login details and your subscription state — whether the account is on a paid plan or a trial. That's the whole list. The servers never receive your queries, your saved lists, your search history, or the contents of the pages you visit. The account exists to check that PRO is valid, nothing more.

Privacy by construction, not by policy

Put together, these are design decisions, not pinky-promises. Local storage means there's no central copy of your searches. The native highlight API means we don't capture page content. On-device OCR means scanned documents stay put. Manifest V3 means the reviewed code is the running code. Cross-tab messaging means even multi-tab search stays in the browser.

We can't show you data we never receive. That's the point: the architecture is what makes the privacy real.

Frequently asked questions

Where does Highlighty store my queries and history?

In the browser's local storage, on your device. Your queries, saved lists, search history, per-site memory, and settings all live there. None of it is sent to us — the searching and highlighting happen locally, which is also why Highlighty works offline.

How does Highlighty highlight without changing the page?

It paints matches through the browser's native CSS Custom Highlight API, which draws color over text without altering the underlying content. The page's real text and the values in form fields are never modified. Older browsers use a careful DOM-mutation fallback.

Is OCR for scanned PDFs done in the cloud?

No. Highlighty's OCR runs on your device. The page image is processed locally and never uploaded anywhere. It's English-only in this first release.

What does "no remotely injected code" mean?

It means Highlighty doesn't download new behavior from a server after you install it. Built on Manifest V3, the code reviewed and published in the store is the exact code that runs on your machine, and it can't fetch new behavior later.

When I search across tabs, does my query reach your servers?

No. Cross-tab find sends your query from one of your tabs to your other tabs through the browser's own internal messaging. It never routes through our servers — the whole feature stays inside your browser.

If PRO has an account, what's actually on your servers?

Only your login details and your subscription state (paid or trial). Our servers never receive your queries, saved lists, search history, or the contents of the pages you read. Those stay in your browser's local storage on your device.

Would you like to read more? Please check our other blog posts here.

Highlighty logo

© 2026 WEBMIND TECHNOLOGIES LTD.

All rights reserved.

Product

How To Use?

Pricing

Resources

Blog

FAQ

Multi-Highlighter Chrome Extension

Find Multiple Words on a Page in Chrome

Legal

Terms of Service

Privacy Policy

Cookies