We will always respect your privacy.
We will be good stewards of any personal information you share with us. We promise not to share your data with anyone else in any way, shape or form, except as needed to perform explicitly accessed services. Kagi's entire business is funded by its users and we have no intention to or interest in manipulating or monetizing user information in any way.
When using Kagi Search, you can have peace of mind knowing that we do whatever is possible to keep your private information just that – private.
Here is a brief rundown of our view on your privacy:
- Searches are anonymous and private to you. Kagi does not log and associate searches with an account.
- We do not log or store your IP address. Your IP address is used only temporarily when enriching location/maps searches, and is not shared with any other party.
- We only store cookies needed for site functionality.
- We do not use any web browser analytics or other frontend telemetry.
- We do not display any ads, or have any first-party or third-party tracking in service of ads.
- We do not share customer data with third parties, except as needed to perform explicitly accessed services. In those cases, we will share the minimum amount of data needed to provide the service, and will do so in an anonymous way.
- We collect only the data needed to provide and protect the service.
- We proxy all images to prevent tracking from third parties.
- We use HTTPS encryption everywhere. All passwords are hashed and salted.
The following is a closer look at how Kagi implements these policies, in the spirit of transparency and education.
Questions?
This is a living document of technical details and policies that we will update over time. If you still have questions, or find mistakes in this document, please reach out to us! Help us be a role model for privacy on the web.
See the changelog at the end of this document for more details on changes in this document.
Cookies & Client data
Kagi currently makes use of the following data stored on your browser.
Name | Location | Contents | Intent |
---|---|---|---|
kagi_session | cookies | Opaque token | Session identifier. Never share this with anyone. Required for site functionality. |
_kagi_search_ | cookies | Opaque token | CSRF protection. Required for site functionality. |
kagi_previous_page | cookies | url path | Temporarily used for returning you to the previous page you were browsing upon login or from the settings page. |
kagi_sse_replay | localstorage | JSON | For clients that use JavaScript, this is a limited local cache of result markup to skip round trips to our servers for recent queries. |
mapbox.eventData.* | localstorage | JSON | Bookkeeping for maps application |
These are subject to change as our product grows. We make a conscious effort to keep this list as small as possible, only adding data to the client when absolutely necessary to do so.
If you notice anything missing from this list or inaccuracies, please contact us!
Types of storage
Here is a quick rundown of the types of storage that we use to help you understand the scope and impact of each piece of data we store on your client.
Cookies are pieces of data that are transmitted to our servers with each request that your client makes. Your browser will not send these cookies to any other domain that is not kagi.com
We currently only use cookies to store two opaque tokens. These are random, cryptographically signed strings that do not contain any data about you. However, they do grant access to your Kagi account and provide security features. As such, they are required to use Kagi, and should not be shared with anyone.
If you are concerned that your account may be compromised, log out of your account and log back in. This will invalidate our server-side data and prevent an attacker from using a leaked value.
LocalStorage is another form of browser storage. These values are not sent to our servers, ever. Our current use of localstorage is a standard place to store temporary data that our JavaScript interacts with. They are not required for site functionality.
Note that browser extensions are capable of accessing your browser's data for sites that you visit. This is not something Kagi can protect against, so be careful about using extensions that you trust. If you have concerns about the safety of your Kagi account with a particular extension, please contact us and we will help you make an evaluation.
Server-side & Round-trip data
User information
Kagi only stores the information about the client that you explicitly provide by using your account, as laid out in our interface. This includes:
- Your email to facilitate account access and support contact (ex: password reset)
- Your account settings (ex: theme, search region, selected language)
And nothing else.
There is an option to delete your account. When you do this, all information and settings related to your account is removed from our database.
Logistics of User and Query Data
When you issue a search query on Kagi, this starts a pipeline of data flowing in order to fulfill your request, starting from your web browser on your device.
The first step is for your browser to locate our servers, and send your request to them. This is fulfilled in large part by the global DNS infrastructure, but more specifically we employ AWS Route 53 in order to route your request to the Kagi server that has the best latency to your client's location.
Not every request will go through this step. Once your client has cached our server's location, it will go directly to the next step, until the cache is invalidated.
Next, your request will find its way to our servers hosted on Google Cloud platform, where our main application is running that will handle your request.
All Kagi communications - inbound and outbound - are made over encrypted HTTPS. HTTPS does not protect these other parties from knowing where the request is going, but it does protect the request content. As such these providers do not know your queries, or about any other interaction that you have with our products.
At this point your request has made it to us. From here, we take your query and use it to aggregate data from multiple other sources, including but not limited to Google, Bing, and Wikipedia, and other internal data sources in order to procure your search results.
In all cases, we transmit no information about your client to these other parties. Kagi's server's identify is the sole actor for these queries, only passing the parameters needed to fulfill your intent. Again, all of these interactions with third parties occur over HTTPS as well.
Once we have prepared all of your content, it is funneled back to your client.
Uploads
Data uploaded to allow Kagi to perform a service will be stored and used only to the extent needed to perform said service. This data may be shared with third parties, but only when sharing is required for fulfillment of the service. In these cases, Kagi's servers will be the sole actor communicating (securely) with third parties, and only to the extent required to fulfill your intent.
For example, you may upload an image to use the reverse image search feature. Kagi will cache the image temporarily and forward it to third-party services, solely for the function of performing the reverse image search. When the search is complete, Kagi will make no further use of the image, and the cache will expire within minutes.
IP Addresses and Geolocation
Kagi has features that either require or are enriched by knowing the client's physical location, such as our Maps product. When you connect to any website on the internet, you broadcast a source IP address to the server. This is a part of the IP protocol, on top of which internet traffic is built upon.
This is the IP that Kagi uses to fulfill its geolocation lookups. It cannot be omitted from the protocol, so Kagi cannot say "no thanks" even if we wanted to. But there are means of spoofing the value to something else. The source IP is often provided by whatever router you are connected to, advertising the IP address that it has been leased by your ISP.
IP addresses on their own are not identifying information, but they can be when coupled with other data, such as your email. To help ensure privacy, the platform you are interacting with must responsibly make this association impossible, difficult, or obscured such that no meaningful association can be drawn in order to identify a client.
Kagi does not store your IP address or any association with other user data. We perform an *offline* lookup using a database to resolve the IP address that your client sends to us in to a location with enough accuracy to enrich your search experience. For example, we use this location to configure the initial location of the map when opened, which improves the quality of subsequent searches.
User-Agents and Client Hints
User-Agents are pieces of text that your browser sends to every website that you visit, regardless of HTTPS support. The string contains various pieces of information about the browser itself, such as the brand and version of the browser you are using.
Often, websites use this text to understand what features a browser is capable of in order to send you content that is compatible with your device. Similar to IP addresses, a User-Agent alone cannot identify you, but it can be used with other data, such as your IP, to profile and identify your activity. Some refer to this as "UA sniffing" or "fingerprinting".
Kagi does not store your User-Agent or any association with other user data. We will read your User-Agent in order to detect if you are using a mobile device, and serve you the appropriate content. This is currently our only use case.
There is a brighter future for User-Agents: the leading browser platforms have started a motion to "freeze" the User-Agent string that they send over time and unify their contents between devices. This will gradually making it more difficult for any accurate fingerprinting of UAs to be done by anyone.
There is a new standard called Client Hints that intends to replace User-Agents. Client Hints, unlike UAs:
- Are only sent by your browser over HTTPS
- Allow the server to query exactly what data it wants from your client
Thus putting more power in the hands of the client to respond to these queries, and reducing the amount of data your browser shares by default.
Kagi is prepared! We fully support Client Hints for the features it needs, and will use them first if your browser supports it. We will otherwise fall back to interpreting your UA.
Logs and metrics
While you interact with our platform, Kagi collects logs of a specific resolution in order to monitor and improve our product.
Our framework for data collection practices is:
- Identify and improve product quality and performance
- Identify and respond to issues with any of our upstream sources
- Inform infrastructure and code decisions as our product continues to grow
- Prevent abuse of our product from bad actors (DDOS, etc.)
In closer detail, the log content effectively summarizes what parts of our product are being used, along with additional contextual data:
- Kagi server identification, configuration, and performance (CPU, RAM, etc.)
- Identifiers that tell us what code paths were taken
- Time measurements of individual steps of request fulfillment
- Summaries of requests made to third parties
Absent from our logs are any identifying information about your client. As such, any query or traffic logging that we do cannot be tied back to your account, ensuring that Kagi developers are the only people that the logs will ever be useful to.
Outside of these logs, we separately collect server-side summaries of your clients usage of our resources in a database. This does *not* include what you are doing with these resources, only an identifier of the resource and a weight. There is no association with this data to our traffic logging. This is used for us to make decisions for our product's health such as:
- Investing more in popular resources
- Removing unpopular resources that we pay for
- Detecting abuse of our platform
Data Storage
Now that we've established the limited and anonymized nature of our internal telemetry, we currently employ the following services to store and review this data:
- Anonymous logs are aggregated with GCP's logging tools, retained for 30 days.
- Anonymous logs are shared with Sentry when bugs, crashes, or warnings that occur for debugging purposes.
AI Tools & Labs experiments
AI Tools
This section addresses usage of AI tools in Kagi such as "Summarize Results", "Ask Questions about Document" and any "labs" experiments such as FastGPT. "Summarize Page" feature use is covered by the "Universal Summarizer" section below.
- Requests to AI tools are never associated with any user personally identifiable information (PII) in the cache.
- Output of AI models can be cached for short period of time (up to 10 minutes) to reduce cost and improve user experience on subsequent reloads of the same interaction.
- Content can be anonymously shared with external AI model providers. When done so, it is opted-out of any re-use.
- Anonymous logs are shared with Sentry when bugs, crashes, or warnings occur for debugging purposes.
Universal Summarizer
This section addresses Universal Summarizer and its handling of data users ask it to summarize.
- Summaries are currently cached by default to provide instant (and free) responses for content that was already previously summarized. The data saved in our cache includes URL, summarization engine, any additional parameters used, and produced summary output. Original Content such as any custom text or documents uploaded to the summarizer are not cached. Content from publicly accessible URLs are not Original Content and may be cached.
- Cache can be disabled by using cache=off API parameter. This will clear any existing cache and also prevent output from being cached. In this case, the summarization request passes through our infrastructure and is not stored anywhere after processing.
- Requests are never associated with any user personally identifiable information (PII) in the cache.
- Content to be summarized can be anonymously shared with external AI model providers. When done so, it is opted-out of any re-use.
- Anonymous logs are shared with Sentry when bugs, crashes, or warnings occur for debugging purposes.
Warrant Canary
We, Kagi, are committed to being transparent and taking full control of our service. Private information of our users has never been disclosed or seized, nor have we been compromised or suffered a data breach.
Kagi has received:
- 0 National Security letters;
- 0 Gag orders;
- 0 Warrants from any government organization;
To ensure your privacy and security, we don’t monitor, log or store your queries or associate them with your account.
Terms of Service
Bear in mind that all services provided in Kagi are provided “as is” and there are no warranties. There will be significant limitations for any damages from your use of Kagi and any services provided.
Introduction These Terms of Service ("Terms") govern your use of Kagi (the "Services").
Accounts In order to use some of the Services, you may need to create a Kagi Account. During registration, you will be asked to set a password. You are responsible for keeping your password confidential and for the activity that happens through your Kagi account. Kagi is not responsible for any losses arising out of unauthorized use of your account
Privacy Policy We use the information we receive through the Services as described in our Kagi Privacy Policy.
Fair Use Policy In an effort to provide services to everyone, we may limit interactions with our AI tools to 500 interaction per month for the Unlimited plan users.
Commercial Use Only Kagi API products are licensed for commercial use. Frontend products, such as (but not limited to) Universal Summarizer (found here) may only be used for non commercial purposes. We define "non-commercial" following the Creative Commons definition: "not primarily intended for or directed towards commercial advantage or monetary compensation.". If you would like to use frontend products for commercial use, please contact support@kagi.com or ask on Discord to arrange for a license.
Communications We send periodic messages to help you get the most from your Kagi Account. You may receive these in your browser or to the address you signed-up with; they cover onboarding, different Services, and related offers and surveys. You may also choose to receive other types of email messages.
Proprietary Rights Kagi does not grant you any intellectual property rights in the Services that are not specifically stated in these Terms. For example, these Terms do not provide the right to use any of Kagi’s copyrights, trade names, trademarks, service marks, logos, domain names, or other distinctive brand features.
Termination These Terms will continue to apply until ended by either you or Kagi. You can choose to end them at any time for any reason by deleting your Kagi account, discontinuing your use of the Services, and if applicable, unsubscribing from our emails. We may suspend or terminate your access to the Services at any time for any reason, including, but not limited to, if we reasonably believe: (i) you have violated these Terms, (ii) you create risk or possible legal exposure for us; or (iii) our provision of the Services to you is no longer commercially viable. We will make reasonable efforts to notify you by the email address associated with your Kagi account or the next time you attempt to access the Services. In all such cases, these Terms shall terminate, including, without limitation, your license to use the Services, except that the following sections shall continue to apply: Indemnification, Disclaimer; Limitation of Liability, Miscellaneous.
Indemnification You agree to defend, indemnify and hold harmless Kagi, its contractors, contributors, licensors, and partners, and their respective directors, officers, employees and agents ("Indemnified Parties") from and against any and all third party claims and expenses, including attorneys' fees, arising out of or related to your use of the Services (including, but not limited to, from any content uploaded by you).
Disclaimer; Limitation of Liability THE SERVICES ARE PROVIDED "AS IS" WITH ALL FAULTS. TO THE EXTENT PERMITTED BY LAW, KAGI AND THE INDEMNIFIED PARTIES HEREBY DISCLAIM ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES THAT THE SERVICES ARE FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE, AND NON-INFRINGING. YOU BEAR THE ENTIRE RISK AS TO SELECTING THE SERVICES FOR YOUR PURPOSES AND AS TO THE QUALITY AND PERFORMANCE OF THE SERVICES, INCLUDING WITHOUT LIMITATION THE RISK THAT YOUR CONTENT IS DELETED OR CORRUPTED OR THAT SOMEONE ELSE ACCESSES YOUR ONLINE ACCOUNTS. THIS LIMITATION WILL APPLY NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY REMEDY. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF IMPLIED WARRANTIES, SO THIS DISCLAIMER MAY NOT APPLY TO YOU. EXCEPT AS REQUIRED BY LAW, KAGI AND THE INDEMNIFIED PARTIES WILL NOT BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES ARISING OUT OF OR IN ANY WAY RELATING TO THESE TERMS OR THE USE OF OR INABILITY TO USE THE SERVICES, INCLUDING WITHOUT LIMITATION DIRECT AND INDIRECT DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, LOST PROFITS, LOSS OF DATA, AND COMPUTER FAILURE OR MALFUNCTION, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND REGARDLESS OF THE THEORY (CONTRACT, TORT, OR OTHERWISE) UPON WHICH SUCH CLAIM IS BASED. THE COLLECTIVE LIABILITY OF Kagi AND THE INDEMNIFIED PARTIES UNDER THIS AGREEMENT WILL NOT EXCEED $500 (FIVE HUNDRED DOLLARS). SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL, CONSEQUENTIAL, OR SPECIAL DAMAGES, SO THIS EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU.
Modifications to these Terms Kagi may update these Terms from time to time to address a new feature of the Services or to clarify a provision. The updated Terms will be posted online. If the changes are substantive, we will announce the update through Kagi's usual channels for such announcements such as blog posts and forums. Your continued use of the Services after the effective date of such changes constitutes your acceptance of such changes. To make your review more convenient, we will post an effective date at the top of this page.
Miscellaneous These Terms constitute the entire agreement between you and Kagi concerning the Services and are governed by the laws of the state of Delaware, U.S.A., excluding its conflict of law provisions. If any portion of these Terms is held to be invalid or unenforceable, the remaining portions will remain in full force and effect. In the event of a conflict between a translated version of these terms and the English language version, the English language version shall control.
Browser-Extension
The Kagi browser extension is governed by the overall Kagi Privacy Policy above, in particular:
Accessing Kagi from Private Windows
- If permitted, the extension will access your Kagi.com session cookie.
- If configured to run in Private Windows, the extension will provide your Kagi.com session information in all requests to Kagi.com.
- This allows you to use Kagi search in Private Windows without logging in each time, so long as your normal browsing session remains logged in.
- At no point is this session information sent to any third party.
- To invalidate the session information, simply log out of your Kagi account from any session.
Universal Summarizer
- Use of the Universal Summarizer feature involves sending the URL of the chosen tab to Kagi.com.
- The Universal Summarizer feature can only operate on publicly accessible websites.
- Once received by Kagi.com, the URL is subject to the Kagi Privacy Policy shown above.
FastGPT
- Use of the FastGPT feature involves sending the provided prompt to Kagi.com.
- Once received by Kagi.com, the prompt is subject to the Kagi.com Privacy Policy shown above.
Changelog
2024-05-29
Added section on Browser-Extension
2023-09-21
Increased Fair Use limits for AI tools (300 to 500)
2023-08-15
Updated Terms of Use (Clarified commercial use licensing)
2023-08-04
Updated Privacy Policy (Clarified summary)
2023-05-24
Updated Privacy Policy (Added Warrant Canary and covered "Labs" experiments such as FastGPT)
2023-05-04
Updated Privacy Policy (Clarified when data is shared with third parties, and to what extent. Added upload section.)
2023-02-29
Updated Privacy Policy (AI Tools & Universal Summarizer)
2023-02-28
Updated Terms of Service (Fair Use Policy for AI Tools)
2022-03-31
Updated Terms of Service
2021-11-30
Added kagi_previous_page cookie to Cookies & Client data table.
2021-09-02
Initial draft.