Personalized web search (PWS)[2][9] has demonstrated its effectiveness in improving the quality of various search services on the Internet. However, evidence show that users’ reluctance to disclose their private information during search has become a major barrier for the wide explosion of PWS. We study privacy security in PWS applications that model user preferences as hierarchical user profiles. We suggest a PWS structure called UPS that can adaptively generalize profiles by queries while respecting user specified privacy requirements. Our runtime simplification aims at striking a balance between two predictive metrics that evaluate the utility of personalization and the privacy risk of exposing the widespread profile. We present two insatiable algorithms, namely Greedy DP and Greedy IL, for runtime generalization. We also provide an online prediction mechanism for deciding whether personalizing a query is valuable. Extensive experiments demonstrate the effectiveness of our framework. The new results also reveal that Greedy IL(Greedy Information Limit) significantly outperforms Greedy DP in terms of efficiency.