User information
Kagi only stores the information about the client that you explicitly provide by using your account, as laid out in our interface. This includes:
- Your email to facilitate account access and support contact (ex: password reset)
- Your account settings (ex: theme, search region, selected language)
And nothing else.
There is an option to delete your account. When you do this, all information and settings related to your account is removed from our database.
Logistics of User and Query Data
When you issue a search query on Kagi, this starts a pipeline of data flowing in order to fulfill your request, starting from your web browser on your device.
The first step is for your browser to locate our servers, and send your request to them. This is fulfilled in large part by the global DNS infrastructure, but more specifically we employ AWS Route 53 in order to route your request to the Kagi server that has the best latency to your client’s location.
Not every request will go through this step. Once your client has cached our server’s location, it will go directly to the next step, until the cache is invalidated.
Next, your request will find its way to our servers hosted on Google Cloud platform, where our main application is running that will handle your request.
All Kagi communications – inbound and outbound – are made over encrypted HTTPS. HTTPS does not protect these other parties from knowing where the request is going, but it does protect the request content. As such these providers do not know your queries, or about any other interaction that you have with our products.
At this point your request has made it to us. From here, we take your query and use it to aggregate data from multiple other sources, including but not limited to Google, Bing, and Wikipedia, and other internal data sources in order to procure your search results.
In all cases, we transmit no information about your client to these other parties. Kagi’s server’s identify is the sole actor for these queries, only passing the parameters needed to fulfill your intent. Again, all of these interactions with third parties occur over HTTPS as well.
Once we have prepared all of your content, it is funneled back to your client.
Uploads
Data uploaded to allow Kagi to perform a service will be stored and used only to the extent needed to perform said service. This data may be shared with third parties, but only when sharing is required for fulfillment of the service. In these cases, Kagi’s servers will be the sole actor communicating (securely) with third parties, and only to the extent required to fulfill your intent.
For example, you may upload an image to use the reverse image search feature. Kagi will cache the image temporarily and forward it to third-party services, solely for the function of performing the reverse image search. When the search is complete, Kagi will make no further use of the image, and the cache will expire within minutes.
IP Addresses and Geolocation
Kagi has features that either require or are enriched by knowing the client’s physical location, such as our Maps product. When you connect to any website on the internet, you broadcast a source IP address to the server. This is a part of the IP protocol, on top of which internet traffic is built upon.
This is the IP that Kagi uses to fulfill its geolocation lookups. It cannot be omitted from the protocol, so Kagi cannot say “no thanks” even if we wanted to. But there are means of spoofing the value to something else. The source IP is often provided by whatever router you are connected to, advertising the IP address that it has been leased by your ISP.
IP addresses on their own are not identifying information, but they can be when coupled with other data, such as your email. To help ensure privacy, the platform you are interacting with must responsibly make this association impossible,
