← back to 9bench

Privacy

Plain-language. No legalese marathon.

The TL;DR

The benchmark runs entirely in your browser. No data leaves your device during the test. When the test finishes, an anonymous summary of your scores is submitted to our global ranking database — but only if you tick the consent box on the test page (it is the default state, so unticking it before clicking Start runs the benchmark without storing anything).

What we collect when you submit a result

  • Your benchmark numbers: scores (overall, GPU, CPU, RAM), GFLOPS, hash rates, GB/s, latency
  • GPU adapter name (only if your browser exposes it — many privacy-focused browsers don't)
  • CPU core count (from navigator.hardwareConcurrency)
  • A short, low-entropy User-Agent string of the form "Browser-Major / OS / Arch" (e.g. "Chrome 130 / Windows / x64") — parsed server-side from the request headers, never stored as the raw User-Agent. Maximum 64 characters. No build numbers, no patch level, no mobile device model.
  • The timestamp of submission
  • An optional AI capability snapshot if your browser exposed it during the test: largest allocatable GPU buffer (in GB), FP16 support (boolean), and an AI score derived from those numbers. Used to populate the AI Capabilities section of the result page.

What we don't collect

  • Your IP address (Cloudflare may have it for routing — we don't store it in our database)
  • Your name, email, or any account info — you can't have an account here
  • Your exact location (no geo-IP lookup, no GPS)
  • Your browsing history
  • Browser fingerprints, canvas hashes, or persistent device IDs
  • Cookies for tracking (we use Cloudflare Web Analytics — cookieless, see below)
  • Any data while the test is running (zero network activity during measurement)
  • Prompts or output from the optional Live LLM test (runs entirely client-side)

Analytics — Cloudflare Web Analytics (cookieless)

We use Cloudflare Web Analytics to count anonymous visitors and understand which pages get used. It is cookieless, does not fingerprint browsers, and does not require a consent banner under EU ePrivacy / German TTDSG § 25 — there is no client-side storage to consent to.

The data Cloudflare aggregates: visit count per page, country (broad), referrer, browser type (broad). No individual user is trackable across sessions. We can see "1,200 people visited /test today, 80% from Germany"; we cannot see "user X visited at time Y".

To opt out: enable "Do Not Track" or use a tracking blocker. The site works identically.

The optional "Run live AI test" button

If you click Run live AI test on the result page, your browser fetches:

  • The transformers.js library (~30 MB) from cdn.jsdelivr.net. jsDelivr can see your IP and User-Agent during this download.
  • A small open LLM (~250 MB to 1.7 GB depending on your browser memory headroom) from Hugging Face's CDN. Hugging Face can see your IP and User-Agent during this download.

After download, the model runs entirely on your machine via WebAssembly + WebGPU. Prompts, generated tokens, and inference timings stay in your browser tab. Nothing about what you generate is sent to us, jsDelivr, or Hugging Face.

If you'd rather not pay this network cost / disclosure, simply don't click the button. The calibrated estimates above the button work without it.

Cloudflare

The site is hosted on Cloudflare Pages. Cloudflare maintains its own access logs (timestamps, requested URLs, country-level geographic origin) for security and performance, retained 24-48 hours. We don't have access to or store these logs ourselves.

Result URLs and discoverability

When your benchmark completes, you get a permalink like 9bench.com/r/abc12345. This URL is shareable. We mark it noindex,nofollow via meta tag and Disallow: /r/ in robots.txt, so respectful search engines won't index it. (Crawlers that ignore robots.txt can still find it — treat the URL as semi-public.)

The result may also be visible on the leaderboard at /top if your score is in the top 50. The leaderboard shows: anonymous result ID, overall score, GPU name (if available), core count, timestamp. No identifying information.

Deletion / Right to be forgotten

To delete your submitted result: email [email protected] with the result ID (visible in the URL: /r/<id>). We'll delete it within 7 days. The deletion is permanent — the row is removed from D1, not just hidden.

To delete your local history: visit /history and click "Clear all history". This removes data stored in your browser only.

GDPR + TTDSG (EU / Germany)

The operator (Atilla Kürük) is based in Germany — both GDPR and German TTDSG apply.

Legal basis for benchmark submission: explicit consent (Art. 6(1)(a) GDPR). The consent box on the test page is the consent mechanism. You can withdraw consent at any time by requesting deletion (see above). The benchmark itself runs without submitting if you uncheck the box before starting the test.

No cookies or local-storage writes occur for analytics (we use Cloudflare Web Analytics, which is cookieless), so § 25 TTDSG does not require an additional consent banner. Local-storage writes for benchmark history (only on /history) are strictly necessary for that feature.

You have the right to: access (your data is what's at the result URL), rectification (we'll correct mistakes if reported), erasure (email us), data portability (the result URL serves as your data), objection (don't submit), and to lodge a complaint with your data protection authority.

Children

The site has no age verification. The benchmark itself is harmless. If your child submitted a result and you'd like it removed, email us with the result ID.

Terms of use

9bench is provided "as is" without warranty of any kind. The benchmark results are approximate measurements constrained by browser APIs and should not be used as the sole basis for purchasing decisions. You may use 9bench for personal, educational, and commercial purposes (including IT audits and hardware reviews). Automated bulk testing or score manipulation is not permitted. By submitting a benchmark result, you grant 9bench a non-exclusive license to store and display the anonymous data on the leaderboard and in aggregate statistics.

Changes to this policy

We'll update this page if anything changes. The last-modified date appears below. Last meaningful update: 2026-04-29 (privacy hardening pass — removed fingerprint claim, server-side User-Agent shortening, swapped GA4 for Cloudflare Web Analytics, disclosed CDN fetches for the Live LLM test, added pre-test consent box).

Contact

Atilla Kürük (operator) — [email protected]