Remove Kagi from the jurisdiction of the CLOUD act

tarbaig

KAGI would gain an enormous amount of attractivity for businesses in Europe if there was an option to engage into a contract with an entity not in the US and with written guaranties that now data flow to the US happens.

Vlad

tarbaig Assuming this is done, how do you imagine a team/org plan for a business looking like?

tarbaig

Estimating the amount of money companies ( including the one I work for) would be willing to pay for a non spying search engine is hard.

For a universally used entity like a search engine the only viable option would most likely be bulk licenses. For pricing I would suggest to have a look at things like confluence.

What I can tell you is that, my current understanding is that using google in the office is theoretically a legal problem. Highlighting that problem and offering a solution would be my business model.

magnustuom

Here's a real world example, it says chrome in the title but covers all of google:
https://www.bleepingcomputer.com/news/security/chrome-use-subject-to-restrictions-in-dutch-schools-over-data-security-concerns/

Vlad

magnustuom

The officials worry that Google services collect student data and make it available to large advertising networks, who use it for purposes beyond helping education.

I do not think there is such concern with Kagi?

Kagi
a) does not collect data (other than email address)
b) certainly does not use it beyond any purpose but to authenticate you and email about product updates

We'd like to hear more about this discussion and how to position Kagi in EU.

seventhwave

Hi Vlad ,
frankly I was going to vote che @monkeyblue proposal...but, thinking more about this pattern, you're right.
Looking closely to the privacy policy page, no personal data are transferred between search sessions.
However, @monkeyblue has a point thinking about "perception".
So an idea could be: choosing the GCP region.
I'm from Italy, and now Kagi is telling me that I'm connected to EUROPE-WEST2.
I think that the GCP global load balancer has geographically driven me to the europe-west2-a/b/c compute engine zones.
Perhaps you could give a user the possibility to override the standard region? In this way someone could say "I'm in USA/Australia/Brazil but I like more to access EU-only resources".
On the other side, I also think that the data I'm looking now (connected to EUROPE-WEST2) aren't physically stored in an EU database (if I was you, I'd be using Spanner in few locations worldwide)....but perhaps i'm wrong, and in this case this would be really reassuring (to the "standard" user) to know that "ok, I'm all in Europe"

Vlad

seventhwave You are correct we have a central DB which is located in US (currently) and read replicas across the regions including EU for performance reasons.

The point of perception is a very interesting one.

But what seems to be the greatest issue here is the perception there is data being sent anywhere, where in fact there isn't so the location of our central databse should not matter. The reason why is this so hard to comprehend is because people are used to their data being logged/mined/misused where Kagi has no incentive to do that. We only need an account to process payments and that's it.

So figuring out how to communicte this could be key for EU customers. Interesting discussion !

seventhwave

Vlad yes, I think that no real action is needed on your side.
Thinking about user impact, perhaps you'll add a simple card reminder in the first search sessions about this obvious (on your side) fact: no user data will be sent on your servers (link: privacy policy).
And I know this is redundant, but I've done this error lots of times: if we don't clearly communicate something, this doesn't exists
(just another idea, to help our success)

Vlad

seventhwave This already exists in form of a dismissable tip that shows up when user firs tregister.

macro

I don't think its crucial as getting momentum but I do think it could drive a particular set of people (especially for Europe, and as a french I can definitely sens people care about that here).

One simple thing would be that European servers are linked/supervisez to a European company you manage, that's all.

9rqnq

I believe GDPR compliance could already be useful for building more trust to the company within the EU. I also think it is possible to achieve compliance with servers located outside the EU.

Vlad

9rqnq I believe Kagi is already GDPR compliant. Are we missing something?

jonathan-s

The point of perception is a very interesting one.

In the last month or so, this issue has definitely become ever more relevant with reddits such as > https://www.reddit.com/r/BuyFromEU/

Though given that Kagi is not a European a company, it seems likely you won't be able to capitalise on this. The appetite to do business with European companies have definitely increased.

Also for reference the stats from one of these websites > https://plausible.io/european-alternatives.eu

Nyaa

+1
While I've been a satisfied Kagi user since its inception, I will cancel my yearly Kagi Premium Family subscription when it comes up for renewal;
Despite the lack of an equally good European alternative, I'm unwilling to have my searches and sensitive private data sent to a country where democratic values are under great threat. Recent actions by the Trump-Vance administration (such as the undermining of democratic institutions) have caused serious concerns (about the state of democracy in the U.S.)

Clive

Hi Kagi team,

First of all, thank you for building such a thoughtful and privacy-focused search engine. It's a refreshing alternative in a landscape dominated by ad-driven tech giants.

However, I’d like to raise a concern that I—and many other European users—share: Kagi is currently based in the United States. While I understand this is where the company was founded, the U.S. legal framework around data privacy is increasingly seen as incompatible with the values many Europeans hold, especially when compared to the strong privacy protections enforced by the GDPR, DMA, and other EU regulations.

This suggestion entails either relocating Kagi’s operations (fully or partially) to the European Union or establishing a European legal entity and/or infrastructure (such as hosting and data processing). The goal is to bring Kagi into alignment with EU privacy regulations such as the GDPR and Digital Markets Act, and to reassure privacy-conscious users—especially in Europe—that their data is truly safe from surveillance or legal overreach from U.S. authorities.

This would not alter the user interface or core functionality of Kagi in any disruptive way. Rather, it would increase trust, potentially attract more users from the EU, and reduce hesitancy among those who are skeptical about U.S.-based services, especially with Donald Trump now back in office, which raises new concerns over surveillance, deregulation, and tech policy.

It would also help Kagi position itself as a globally trusted privacy-first search engine, not just one with a strong product, but with governance and legal infrastructure aligned with the world's strongest data protection regimes.

This isn’t a “feature” in the traditional UI/UX sense but rather a strategic infrastructure and legal change that would directly influence user trust, adoption, and long-term engagement—particularly in privacy-conscious regions like the EU.

Examples of how users would benefit:

A user based in Germany or France might currently hesitate to use Kagi because it's a U.S. company, and thus subject to U.S. laws like the CLOUD Act. If Kagi were registered or hosted in Europe, these users would feel more secure that their data is protected under EU laws.

Privacy-focused users and organizations (such as journalists, lawyers, researchers, or activists) would be more likely to recommend Kagi if it were demonstrably outside of U.S. legal jurisdiction.

Government institutions, educational organizations, or privacy NGOs in the EU may be more inclined to use or promote Kagi if it’s EU-compliant at a legal and infrastructural level.

the_fork

I share many points shared above. I recently subscribed to Kagi and I am very satisfied so far, but the fact that it’s a US-based company made me much more reluctant to subscribe as I have no trust in the US and prioritise EU companies when I can.

What made me switch is the fact that I saw recommendations from people sensitive to privacy questions, and the fact that Kagi offers solutions to reduce data collection as much as possible, payment being the main data-collecting step.

The current political situation in the US gives me no trust in the future of the US and I’d strongly prefer paying my subscription to a EU entity, even if your developers are located all around the world.