We will always respect your privacy.
We will be good stewards of any personal information you share with us and we promise not to share your data with anyone else in any way, shape or form. Kagi has no intention or interest in manipulating or monetizing this information in any other way.
When using Kagi Search, you can have peace of mind knowing that we do whatever is possible to keep your private information - private.
Here is a brief rundown of our view on your privacy:
- Searches are anonymous and private to you.
- We don't log or store your IP address.
- We only store cookies needed for site functionality.
- Your IP address is only used for enriching location/maps searches. It is not logged or shared with any other party.
- We do not use any web browser analytics or other frontend telemetry.
- We do not display any ads, or have any first-party or third-party tracking in service of ads.
- We do not share any customer data with any third parties.
- We collect only the data needed to provide and protect the service.
- We proxy all images to prevent tracking from third parties.
- We use HTTPS encryption everywhere.
The following is a closer look at how Kagi implements these policies, in the spirit of transparency and education.
This is a living document of technical details and policies that we will update over time. If you still have questions, or find mistakes in this document, please reach out to us! Help us be a role model for privacy on the web.
This information is up to date as of 2021-09-02. See the changelog at the end of this document for more details.
Cookies & Client data
Kagi currently makes use of the following data stored on your browser.
|kagi_session||cookies||Opaque token||Session identifier. Never share this with anyone. Required for site functionality.|
|_kagi_search_||cookies||Opaque token||CSRF protection. Required for site functionality.|
|mapbox.eventData.*||localstorage||JSON||Bookkeeping for maps application|
These are subject to change as our product grows. We make a conscious effort to keep this list as small as possible, only adding data to the client when absolutely necessary to do so.
If you notice anything missing from this list or inaccuracies, please contact us!
Types of storage
Here is a quick rundown of the types of storage that we use to help you understand the scope and impact of each piece of data we store on your client.
Cookies are pieces of data that are transmitted to our servers with each request that your client makes. Your browser will not send these cookies to any other domain that is not kagi.com
If you are concerned that your account may be compromised, log out of your account and log back in. This will invalidate our server-side data and prevent an attacker from using a leaked value.
Note that browser extensions are capable of accessing your browser's data for sites that you visit. This is not something Kagi can protect against, so be careful about using extensions that you trust. If you have concerns about the safety of your Kagi account with a particular extension, please contact us and we will help you make an evaluation.
Server-side & Round-trip data
Kagi only stores the information about the client that you explicitly provide by using your account, as laid out in our interface. This includes:
- Your email to facilitate account access and support contact (ex: password reset)
- Your account settings (ex: theme, search region, selected language)
And nothing else.
There is an option to delete your account. When you do this, all information and settings related to your account is removed from our database.
Logistics of User and Query Data
When you issue a search query on Kagi, this starts a pipeline of data flowing in order to fulfill your request, starting from your web browser on your device.
The first step is for your browser to locate our servers, and send your request to them. This is fulfilled in large part by the global DNS infrastructure, but more specifically we employ AWS Route 53 in order to route your request to the Kagi server that has the best latency to your client's location.
Not every request will go through this step. Once your client has cached our server's location, it will go directly to the next step, until the cache is invalidated.
Next, your request will find its way to our servers hosted on Google Cloud platform, where our main application is running that will handle your request.
All Kagi communications - inbound and outbound - are made over encrypted HTTPS. HTTPS does not protect these other parties from knowing where the request is going, but it does protect the request content. As such these providers do not know your queries, or about any other interaction that you have with our products.
At this point your request has made it to us. From here, we take your query and use it to aggregate data from multiple other sources, including but not limited to Google, Bing, and Wikipedia, and other internal data sources in order to procure your search results.
In all cases, we transmit no information about your client to these other parties. Kagi's server's identify as the sole actor for these queries, only passing the parameters needed to fulfill your intent. Again, all of these interactions with third parties occur over HTTPS as well.
Once we have prepared all of your content, it is funneled back to your client.
IP Addresses and Geolocation
Kagi has features that either require or are enriched by knowing the client's physical location, such as our Maps product. When you connect to any website on the internet, you broadcast a source IP address to the server. This is a part of the IP protocol, on top of which internet traffic is built upon.
This is the IP that Kagi uses to fulfill its geolocation lookups. It cannot be omitted from the protocol, so Kagi cannot say "no thanks" even if we wanted to. But there are means of spoofing the value to something else. The source IP is often provided by whatever router you are connected to, advertising the IP address that it has been leased by your ISP.
IP addresses on their own are not identifying information, but they can be when coupled with other data, such as your email. To help ensure privacy, the platform you are interacting with must responsibly make this association impossible, difficult, or obscured such that no meaningful association can be drawn in order to identify a client.
Kagi does not store your IP address or any association with other user data. We perform an *offline* lookup using a database to resolve the IP address that your client sends to us in to a location with enough accuracy to enrich your search experience. For example, we use this location to configure the initial location of the map when opened, which improves the quality of subsequent searches.
User-Agents and Client Hints
User-Agents are pieces of text that your browser sends to every website that you visit, regardless of HTTPS support. The string contains various pieces of information about the browser itself, such as the brand and version of the browser you are using.
Often, websites use this text to understand what features a browser is capable of in order to send you content that is compatible with your device. Similar to IP addresses, a User-Agent alone cannot identify you, but it can be used with other data, such as your IP, to profile and identify your activity. Some refer to this as "UA sniffing" or "fingerprinting".
Kagi does not store your User-Agent or any association with other user data. We will read your User-Agent in order to detect if you are using a mobile device, and serve you the appropriate content. This is currently our only use case.
There is a brighter future for User-Agents: the leading browser platforms have started a motion to "freeze" the User-Agent string that they send over time and unify their contents between devices. This will gradually making it more difficult for any accurate fingerprinting of UAs to be done by anyone.
There is a new standard called Client Hints that intends to replace User-Agents. Client Hints, unlike UAs:
- Are only sent by your browser over HTTPS
- Allow the server to query exactly what data it wants from your client
Thus putting more power in the hands of the client to respond to these queries, and reducing the amount of data your browser shares by default.
Kagi is prepared! We fully supports Client Hints for the features it needs, and will use them first if your browser supports it. We will otherwise fall back to interpreting your UA.
Logs and metrics
While you interact with our platform, Kagi collects logs of a specific resolution in order to monitor and improve our product.
Our framework for data collection practices is:
- Identify and improve product quality and performance
- Identify and respond to issues with any of our upstream sources
- Inform infrastructure and code decisions as our product continues to grow
- Prevent abuse of our product from bad actors (DDOS, etc.)
In closer detail, the log content effectively summarizes what parts of our product are being used, along with additional contextual data:
- Kagi server identification, configuration, and performance (CPU, RAM, etc.)
- Identifiers that tell us what code paths were taken
- Time measurements of individual steps of request fulfillment
- Summaries of requests made to third parties
Absent from our logs are any identifying information about your client. As such, any query or traffic logging that we do cannot be tied back to your account, ensuring that Kagi developers are the only people that the logs will ever be useful to.
Outside of these logs, we separately collect server-side summaries of your clients usage of our resources in a database. This does *not* include what you are doing with these resources, only an identifier of the resource and a weight. There is no association with this data to our traffic logging. This is used for us to make decisions for our product's health such as:
- Investing more in popular resources
- Removing unpopular resources that we pay for
- Detecting abuse of our platform
Now that we've established the limited and anonymized nature of our internal telemetry, we currently employ the following services to store and review this data:
- Anonymous logs are aggregated with GCP's logging tools, retained for 30 days.
- Anonymous logs are shared with Sentry when bugs, crashes, or warnings that occur for debugging purposes.
Kagi is currently under development and in closed beta. By registering an account with Kagi you agree to do your best to provide constructive feedback to the Kagi team. During the beta period, you are free to use the service in any way you like including trying to 'break it', find bugs or unexpected behaviors. Because this is still a beta product, we expect the product will not always work as expected. We kindly ask you to run any public posts disclosing product details or screenshots with us before publishing them.
We will always respect your privacy. We will be good stewards of any personal information you share with us and we promise not to share your data with anyone else in any way, shape or form. Kagi has no intention or interest in manipulating or monetizing this information in any other way. We only collect and retain sufficient data to help our users use the service, when they want to login into an account or be remembered for later use, and to improve the quality of the service we provide.
In harmony with our philosophy of being simple and lightweight, we make a hard effort to store only the required data on the client, and nothing more. Kagi uses a minimal set of session cookies, as well as browser caching (assets, local storage) where it benefits the user's experience the most. We do not collect telemetry on how you use our app - we rely on your feedback to improve the Kagi experience.