We will be good stewards of any personal information you share with us and we promise not to share your data with anyone else in any way, shape or form. Kagi has no intention or interest in manipulating or monetizing this information in any other way.
When using Kagi Search, you can have peace of mind knowing that we do whatever is possible to keep your private information - private.
Here is a brief rundown of our view on your privacy:
- Searches are anonymous and private to you. Kagi does not see what you are searching at all.
- We don't log or store your IP address.
- We only store cookies needed for site functionality.
- Your IP address is only used temporarily when enriching location/maps searches. It is not logged or shared with any other party.
- We do not use any web browser analytics or other frontend telemetry.
- We do not display any ads, or have any first-party or third-party tracking in service of ads.
- We do not share any customer data with any third parties.
- We collect only the data needed to provide and protect the service.
- We proxy all images to prevent tracking from third parties.
- We use HTTPS encryption everywhere. All passwords are encrypted.
The following is a closer look at how Kagi implements these policies, in the spirit of transparency and education.
This is a living document of technical details and policies that we will update over time. If you still have questions, or find mistakes in this document, please reach out to us! Help us be a role model for privacy on the web.
See the changelog at the end of this document for more details on changes in this document.
Kagi currently makes use of the following data stored on your browser.
|kagi_session||cookies||Opaque token||Session identifier. Never share this with anyone. Required for site functionality.|
|_kagi_search_||cookies||Opaque token||CSRF protection. Required for site functionality.|
|kagi_previous_page||cookies||url path||Temporarily used for returning you to the previous page you were browsing upon login or from the settings page.|
|mapbox.eventData.*||localstorage||JSON||Bookkeeping for maps application|
These are subject to change as our product grows. We make a conscious effort to keep this list as small as possible, only adding data to the client when absolutely necessary to do so.
If you notice anything missing from this list or inaccuracies, please contact us!
Here is a quick rundown of the types of storage that we use to help you understand the scope and impact of each piece of data we store on your client.
Cookies are pieces of data that are transmitted to our servers with each request that your client makes. Your browser will not send these cookies to any other domain that is not kagi.com
If you are concerned that your account may be compromised, log out of your account and log back in. This will invalidate our server-side data and prevent an attacker from using a leaked value.
Note that browser extensions are capable of accessing your browser's data for sites that you visit. This is not something Kagi can protect against, so be careful about using extensions that you trust. If you have concerns about the safety of your Kagi account with a particular extension, please contact us and we will help you make an evaluation.
Kagi only stores the information about the client that you explicitly provide by using your account, as laid out in our interface. This includes:
- Your email to facilitate account access and support contact (ex: password reset)
- Your account settings (ex: theme, search region, selected language)
And nothing else.
There is an option to delete your account. When you do this, all information and settings related to your account is removed from our database.
When you issue a search query on Kagi, this starts a pipeline of data flowing in order to fulfill your request, starting from your web browser on your device.
The first step is for your browser to locate our servers, and send your request to them. This is fulfilled in large part by the global DNS infrastructure, but more specifically we employ AWS Route 53 in order to route your request to the Kagi server that has the best latency to your client's location.
Not every request will go through this step. Once your client has cached our server's location, it will go directly to the next step, until the cache is invalidated.
Next, your request will find its way to our servers hosted on Google Cloud platform, where our main application is running that will handle your request.
All Kagi communications - inbound and outbound - are made over encrypted HTTPS. HTTPS does not protect these other parties from knowing where the request is going, but it does protect the request content. As such these providers do not know your queries, or about any other interaction that you have with our products.
At this point your request has made it to us. From here, we take your query and use it to aggregate data from multiple other sources, including but not limited to Google, Bing, and Wikipedia, and other internal data sources in order to procure your search results.
In all cases, we transmit no information about your client to these other parties. Kagi's server's identify as the sole actor for these queries, only passing the parameters needed to fulfill your intent. Again, all of these interactions with third parties occur over HTTPS as well.
Once we have prepared all of your content, it is funneled back to your client.
Kagi has features that either require or are enriched by knowing the client's physical location, such as our Maps product. When you connect to any website on the internet, you broadcast a source IP address to the server. This is a part of the IP protocol, on top of which internet traffic is built upon.
This is the IP that Kagi uses to fulfill its geolocation lookups. It cannot be omitted from the protocol, so Kagi cannot say "no thanks" even if we wanted to. But there are means of spoofing the value to something else. The source IP is often provided by whatever router you are connected to, advertising the IP address that it has been leased by your ISP.
IP addresses on their own are not identifying information, but they can be when coupled with other data, such as your email. To help ensure privacy, the platform you are interacting with must responsibly make this association impossible, difficult, or obscured such that no meaningful association can be drawn in order to identify a client.
Kagi does not store your IP address or any association with other user data. We perform an *offline* lookup using a database to resolve the IP address that your client sends to us in to a location with enough accuracy to enrich your search experience. For example, we use this location to configure the initial location of the map when opened, which improves the quality of subsequent searches.
User-Agents are pieces of text that your browser sends to every website that you visit, regardless of HTTPS support. The string contains various pieces of information about the browser itself, such as the brand and version of the browser you are using.
Often, websites use this text to understand what features a browser is capable of in order to send you content that is compatible with your device. Similar to IP addresses, a User-Agent alone cannot identify you, but it can be used with other data, such as your IP, to profile and identify your activity. Some refer to this as "UA sniffing" or "fingerprinting".
Kagi does not store your User-Agent or any association with other user data. We will read your User-Agent in order to detect if you are using a mobile device, and serve you the appropriate content. This is currently our only use case.
There is a brighter future for User-Agents: the leading browser platforms have started a motion to "freeze" the User-Agent string that they send over time and unify their contents between devices. This will gradually making it more difficult for any accurate fingerprinting of UAs to be done by anyone.
There is a new standard called Client Hints that intends to replace User-Agents. Client Hints, unlike UAs:
- Are only sent by your browser over HTTPS
- Allow the server to query exactly what data it wants from your client
Thus putting more power in the hands of the client to respond to these queries, and reducing the amount of data your browser shares by default.
Kagi is prepared! We fully supports Client Hints for the features it needs, and will use them first if your browser supports it. We will otherwise fall back to interpreting your UA.
While you interact with our platform, Kagi collects logs of a specific resolution in order to monitor and improve our product.
Our framework for data collection practices is:
- Identify and improve product quality and performance
- Identify and respond to issues with any of our upstream sources
- Inform infrastructure and code decisions as our product continues to grow
- Prevent abuse of our product from bad actors (DDOS, etc.)
In closer detail, the log content effectively summarizes what parts of our product are being used, along with additional contextual data:
- Kagi server identification, configuration, and performance (CPU, RAM, etc.)
- Identifiers that tell us what code paths were taken
- Time measurements of individual steps of request fulfillment
- Summaries of requests made to third parties
Absent from our logs are any identifying information about your client. As such, any query or traffic logging that we do cannot be tied back to your account, ensuring that Kagi developers are the only people that the logs will ever be useful to.
Outside of these logs, we separately collect server-side summaries of your clients usage of our resources in a database. This does *not* include what you are doing with these resources, only an identifier of the resource and a weight. There is no association with this data to our traffic logging. This is used for us to make decisions for our product's health such as:
- Investing more in popular resources
- Removing unpopular resources that we pay for
- Detecting abuse of our platform
Now that we've established the limited and anonymized nature of our internal telemetry, we currently employ the following services to store and review this data:
- Anonymous logs are aggregated with GCP's logging tools, retained for 30 days.
- Anonymous logs are shared with Sentry when bugs, crashes, or warnings that occur for debugging purposes.
Bear in mind that all services provided in Kagi are provided “as is” and there are no warranties. There will be significant limitations for any damages from your use of Kagi and any services provided.
Introduction These Terms of Service ("Terms") govern your use of Kagi (the "Services").
Accounts In order to use some of the Services, you may need to create a Kagi Account. During registration, you will be asked to set a password. You are responsible for keeping your password confidential and for the activity that happens through your Kagi account. Kagi is not responsible for any losses arising out of unauthorized use of your account
Communications We send periodic messages to help you get the most from your Kagi Account. You may receive these in your browser or to the address you signed-up with; they cover onboarding, different Services, and related offers and surveys. You may also choose to receive other types of email messages.
Proprietary Rights Kagi does not grant you any intellectual property rights in the Services that are not specifically stated in these Terms. For example, these Terms do not provide the right to use any of Kagi’s copyrights, trade names, trademarks, service marks, logos, domain names, or other distinctive brand features.
Termination These Terms will continue to apply until ended by either you or Kagi. You can choose to end them at any time for any reason by deleting your Kagi account, discontinuing your use of the Services, and if applicable, unsubscribing from our emails. We may suspend or terminate your access to the Services at any time for any reason, including, but not limited to, if we reasonably believe: (i) you have violated these Terms, (ii) you create risk or possible legal exposure for us; or (iii) our provision of the Services to you is no longer commercially viable. We will make reasonable efforts to notify you by the email address associated with your Kagi account or the next time you attempt to access the Services. In all such cases, these Terms shall terminate, including, without limitation, your license to use the Services, except that the following sections shall continue to apply: Indemnification, Disclaimer; Limitation of Liability, Miscellaneous.
Indemnification You agree to defend, indemnify and hold harmless Kagi, its contractors, contributors, licensors, and partners, and their respective directors, officers, employees and agents ("Indemnified Parties") from and against any and all third party claims and expenses, including attorneys' fees, arising out of or related to your use of the Services (including, but not limited to, from any content uploaded by you).
Disclaimer; Limitation of Liability THE SERVICES ARE PROVIDED "AS IS" WITH ALL FAULTS. TO THE EXTENT PERMITTED BY LAW, KAGI AND THE INDEMNIFIED PARTIES HEREBY DISCLAIM ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES THAT THE SERVICES ARE FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE, AND NON-INFRINGING. YOU BEAR THE ENTIRE RISK AS TO SELECTING THE SERVICES FOR YOUR PURPOSES AND AS TO THE QUALITY AND PERFORMANCE OF THE SERVICES, INCLUDING WITHOUT LIMITATION THE RISK THAT YOUR CONTENT IS DELETED OR CORRUPTED OR THAT SOMEONE ELSE ACCESSES YOUR ONLINE ACCOUNTS. THIS LIMITATION WILL APPLY NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY REMEDY. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF IMPLIED WARRANTIES, SO THIS DISCLAIMER MAY NOT APPLY TO YOU. EXCEPT AS REQUIRED BY LAW, KAGI AND THE INDEMNIFIED PARTIES WILL NOT BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES ARISING OUT OF OR IN ANY WAY RELATING TO THESE TERMS OR THE USE OF OR INABILITY TO USE THE SERVICES, INCLUDING WITHOUT LIMITATION DIRECT AND INDIRECT DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, LOST PROFITS, LOSS OF DATA, AND COMPUTER FAILURE OR MALFUNCTION, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND REGARDLESS OF THE THEORY (CONTRACT, TORT, OR OTHERWISE) UPON WHICH SUCH CLAIM IS BASED. THE COLLECTIVE LIABILITY OF Kagi AND THE INDEMNIFIED PARTIES UNDER THIS AGREEMENT WILL NOT EXCEED $500 (FIVE HUNDRED DOLLARS). SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL, CONSEQUENTIAL, OR SPECIAL DAMAGES, SO THIS EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU.
Modifications to these Terms Kagi may update these Terms from time to time to address a new feature of the Services or to clarify a provision. The updated Terms will be posted online. If the changes are substantive, we will announce the update through Kagi's usual channels for such announcements such as blog posts and forums. Your continued use of the Services after the effective date of such changes constitutes your acceptance of such changes. To make your review more convenient, we will post an effective date at the top of this page.
Miscellaneous These Terms constitute the entire agreement between you and Kagi concerning the Services and are governed by the laws of the state of Delaware, U.S.A., excluding its conflict of law provisions. If any portion of these Terms is held to be invalid or unenforceable, the remaining portions will remain in full force and effect. In the event of a conflict between a translated version of these terms and the English language version, the English language version shall control.
Updated Terms of Service
Added kagi_previous_page cookie to Cookies & Client data table.