Tales from Kagi

Kagi passes an independent security audit

Over the course of May - August 2022, Kagi has undergone an extensive security audit by Illumant, an independent security auditor.

We are pleased to report that in conclusion Kagi received the highest possible rating of “Highly Secure” with “…no findings of material significance. This indicates that the organization’s applications, systems, networks and data are well protected.”

Read the report

You can access the final audit report.

For full transparency, the initial report is also public. This is the version that was initially presented to us. Our team carefully reviewed the issues brought forward and acted on them to consequently earn the top security score.

Why a security audit?

An independent audit helps us discover potential security vulnerabilities and fix them. Trust is a big factor for a service like Kagi and it is important to us as it is to our users to know that the application and its data are handled in the most secure way possible.

Additional security through transparency

Kagi was founded with the mission to humanize the web and a business model that relies on aligning incentives between us and our users.

We believe that this adds an additional layer of security that goes above and beyond software security. No matter how an application itself is “secure”, your data could still end up being misused or mishandled due to wrongly incentivised business model. Kagi on the other hand is paid by users, not their data. We do not log or associate searches with an account, because we do not need to. Kagi does not store sensitive billing data (this is handled by Stripe, our payment processor). Even in the case of a security breach to our infrastructure, all that hackers would find is in essence an application binary and zero sensitive information.

We wish to thank Illumant for their work and smooth collaboration through the entire process.