Techniques for ensuring privacy of users are provided. In one approach, a Web server receives a request from a Web browser. The Web browser generates an encryption key and sends the encryption key to the Web browser in a cookie. The Web server later encrypts the request (or any portion thereof) using the encryption key and deletes the encryption key so that the Web server is unable to determine the actual contents of the encrypted data. If the user does not delete the cookie (which would delete the encryption key), then a later request from the Web browser includes the cookie and the encryption key. The Web server is then able to decrypt the previously encrypted data and perform substantive analysis on the decrypted data.