Kagi data retention and data deletion policy

marcel001122

Read entire privacy policy a few times this Christmas. There needs to a clear section of what data is retained and how long in times (minutes/ days) while someone has an active account. Also what happens when an amount is deleted? How quickly are the details purged from Kagi servers? How long does the local law require Kagi to maintain these PPI? Stripe will have payment details so assuming they will keep all transaction details for 7-10 years depending on user’s region during transaction.

Privacy policy on Kagi.com should be clearer in absence of any tangible privacy proofs and only “trust us, we have no reason to lie” guarantees. I’ve seen Vlad defend the position in so many places but probably your privacy policy is more binding than your posts in forums? I don’t know.. just thinking of ways to be as trustworthy as Mullvad who in my opinion are leading the whole privacy on web movement.

Luis

We're working on a new version of our Privacy Policy that will address your points. I'll keep the thread open until the new version is released.

marcel001122

Luis Fab! Also can we have a way to download what data Kagi holds and request deletion from “My account” instead of emailing support etc? Or is it a big ask?

Refract9305

Luis Hi, do you have a rough estimate of when the new version of the privacy policy will be released?

Luis

marcel001122 w0e usually handle such requests through support. Aklthough it's not a significant effort, I’d still ask you to follow that process. This helps us better assess the importance of automating it in the future

Refract9305

The Kagi Assistant Privacy section (https://help.kagi.com/kagi/ai/assistant.html#privacy) says:

"your data is never used to train AI models (not by us or by the LLM providers), and no account information is shared with the LLM providers."
"By default, threads expire after 24 hours of inactivity."

Can we have some clarification on usage of the data beyond the above details? Such as:

Is our Assistant data used for any other purpose?
When a thread "expires", is its data completely destroyed on Kagi's end? And is its data completely destroyed by the LLM providers?
Kagi's privacy policy states that searches are not logged nor associated with accounts, is there a setting for Kagi Assistant to not log or associate any data with the user's account?
Can Kagi's privacy policy (https://kagi.com/privacy) be updated to include the Assistant?

n/a

marcel001122

Luis

We've just released documentation about our model providers, https://help.kagi.com/kagi/ai/llms-privacy.html, to clarify how each handles data.

I know this doesn't address all your points, but as noted in #5780, we will be releasing a new privacy policy soon, which should address all your questions.

I'll merge both threads to streamline communication once the latest privacy policy version goes live

marcel001122

Thanks! I think we need to probably look at Mullvad and AdGuard VPN to provide a solid but easy to follow policy as there are so many products from Kagi now!

What is retained irrespective of interaction, what is retained when interacting are really nicely written for AdGuard VPN. Mullvad also does nice breakdown of exactly what things look like on their server plus retention times for things that are collected.

Mullvad is audited but Kagi like AdGuard VPN is unaudited. AdGuard has reputation benefit but Kagi has to win those users right?

Luis

Refract9305 hopefully this week, but no later than next week

marcel001122

Luis Ahem... 😉

Refract9305

Luis Hi, do you any updates on the situation with the privacy policy?

marcel001122

Refract9305 This one is planned but not sure what the ETA might be..

Luis

I should have learned by now not to discuss deadlines... :/
The new privacy policy is finalised and will be released soon. We're planning to publish it alongside a few major updates, including Privacy Pass, but the latter needs a few more days of polishing before its official release.

marcel001122

Luis Oh no.. Privacy pass is delayed, again? 🙁
It must be a trickier implementation than assumed. The paper made it look so easy. But to be fair, their own extension had 2 star ratings on Firefox and Chrome which shows how hard it might be to make it work right.