I've noticed that Kagi's privacy policy does not clearly state the GDPR/CCPA rights available to users. Specifically, the privacy policy should inform users about:
- Right of access - Users can request and view their personal data
- Right to rectification - Users can correct inaccurate information
- Right to erasure - Users can request deletion of their data ("right to be forgotten")
- Right to restriction - Users can restrict how their data is processed
- Right to object - Users can object to certain types of data processing
- Right to data portability - Users can request their data in a portable format
- Right to lodge a complaint - Users can file complaints with data protection authorities
Additional Information Needed
The privacy policy should also include practical instructions for:
How to delete your account:
Show how users can delete their Kagi accounts via the Kagi website (https://kagi.com/settings/user_details)
How to submit privacy-related questions:
You could use support@kagi.com as a contact method for users who have questions regarding privacy or use a dedicated email for this.
Why This Matters
This is not just a best practice, it's a legal requirement under GDPR for websites serving EU and UK customers. Users have these rights regardless, but organizations must actively inform them.
I'm genuinely puzzled why this hasn't been addressed yet, as adding this information to the privacy policy doesn't require significant effort. A simple, clear section outlining these rights and the procedures to exercise them would bring Kagi into full compliance and improve user trust.
Suggested Solution
Add a dedicated section to the privacy policy titled "Your Data Subject Rights" that clearly explains each right, how users can exercise them, and who to contact with questions.
Thank you for considering this feedback. I appreciate Kagi's commitment to user privacy and believe this addition would strengthen your compliance and resolve complaints users already have regarding the GDPR drama.
