Vlad Yes that's a good start! For a small startup with few users, this seems more than enough. However, Kagi is steadily growing and will soon be subject to more scrutiny and possible government requests. Even if you did not receive any such warrant or subpoena until now, you will at some point in the future. Being prepared and proactive for that moment will pay off.
Warrant canary
From Wikipedia:
A warrant canary is a method by which a communications service provider aims to implicitly inform its users that the provider has been served with a government subpoena despite legal prohibitions on revealing the existence of the subpoena.
You're current implementation isn't useful, as it would be illegal for Kagi to update the following list from 0 to 1 (or more):
Kagi has received:
- 0 National Security letters;
- 0 Gag orders
A warrant canary works by using negative pronouncements, meaning the only way to inform users is to remove the warrant canary (or stop updating it). Thus it needs to be time stamped and should have its own page or prominent place, so users will notice the missing canary.
Transparency Reports:
This is used for regular subpoenas which are permitted to be publicly disclosed. Here users can assure themselves that Kagi is keeping its promises outlined in the privacy policy.
PS: Whoever wrote your privacy page, kudos to them, this is the first privacy policy that was interesting and useful to read! Great work on that!!
