Privacy
Last updated: 2026-07-01
Web AI Benchmark is a tool that benchmarks on-device AI inference inside your browser. This page describes what data the app collects, where it goes, and how to remove it.
What we never collect §
- Model weights, prompts, and generated text never leave your browser. Benchmarks run locally via WebGPU, WebNN, or WebAssembly. The runtime fetches model files directly from HuggingFace into your browser; we don't proxy or copy them.
- No third-party analytics, ads, or SDKs. Any activity logging we do is first-party and described below — we don't share it with advertisers or data brokers.
What we collect when you sign in §
If you sign in with GitHub or Google, the OAuth provider sends us:
- Your email address.
- Your provider profile (display name, avatar URL).
- A user identifier issued by the provider.
We use this to scope your benchmark history and recipes to your account. You can update your display name and upload a custom avatar from Account.
Account event logging §
We log a small set of security- and account-relevant events, not the pages you browse. Specifically: signing in, your role changing, uploading or deleting a benchmark result, and deleting a recipe — each with a timestamp. We don't log page visits, query parameters, or anything else you do on the site.
Unlike your profile or benchmark results, you can't read or delete this log yourself — it's only readable by site administrators, and only to investigate a specific support request, abuse report, or account issue. It isn't shared with third parties, and it isn't used for analytics, ads, or general browsing of user activity.
Our legal basis for this (for EU/EEA users) is legitimate interest in keeping the service secure and able to support you (GDPR Art. 6(1)(f)). You can object to this processing at any time — contact us under Your rights and we'll stop unless we have a compelling reason tied to an active abuse or security investigation.
What we collect when you click "Upload results" §
The "Upload results" toggle on the run pages is opt-in and only available while signed in. When enabled, after each benchmark we save:
- Benchmark metrics (latency, throughput, TTFT, TPS, decode time, etc.).
- Run configuration (backend, dtype, framework version, iterations, prompt-token count, max-new-tokens).
- The HuggingFace model identifier and file path you ran — never the model bytes themselves.
- Hardware details you typed in: CPU, OS, GPU/NPU driver versions.
- Auto-detected environment: browser name and version, GPU adapter string.
- A run timestamp and the user identifier from your account.
None of this is collected when "Upload results" is off, even when you're signed in.
Where saved data lives §
Account info, profiles, recipes, and saved benchmark results are stored in a hosted database. Access is gated by row-level security so users can only read and delete their own rows. Saved benchmark results themselves are immutable; to update a measurement, run the benchmark again.
Data that stays only in your browser §
- Model file cache (OPFS): downloaded model weights so subsequent runs don't re-download. Wipe via the "Clear Model Cache" button in the footer or your browser's site-data tools.
- Model catalog (IndexedDB): a cached copy of the public model catalog used by the Browse page.
- Preferences (localStorage): table column choices, filter values, recently-used hardware fields.
- Interrupted-run state (localStorage): so the app can offer to resume a run after a crash or accidental close.
None of these are sent to our servers.
Third parties §
- HuggingFace — model files are fetched from huggingface.co directly to your browser. They see your IP address and which models you fetch, subject to their own privacy policy.
- GitHub OAuth / Google OAuth — only when you sign in.
Retention and deletion §
Saved benchmark results are kept until you delete them or close your account. We don't auto-expire or anonymize.
- Delete individual results from /inference/results or /llm/results.
- Delete recipes from /inference/recipe or /llm/recipe.
- Account event logs (see Account event logging) are kept for as long as your account exists and are removed when your account is deleted.
- To delete your account and all associated data, email .
Site administrators may also delete any user data (accounts, results, recipes, or shared links) at their discretion — for example to remove spam, content that violates the terms of service, or at a user's request.
Your rights §
Depending on where you live, you may have rights to access, correct, export, or delete the personal data we hold about you. We honour these requests for any signed-in user. Contact us at .
Children §
The service is not directed at children under 18 (or the equivalent minimum age in your jurisdiction). We don't knowingly collect data from them. If you believe a child has signed up, contact us and we'll remove the account.
Changes §
We'll update the "Last updated" date when we change this page. For material changes that affect how saved data is used, we'll notify signed-in users via the app.
Contact §
For privacy questions or data-deletion requests: .