it is a fact. you have to be logged in to do a search or use an API key which directly associates your search query with your account.
Let’s say you don’t give them a real email, that’s good. Maybe you’re using Tor or a VPN and they don’t get your IP. And somehow you manage to make your payment anonymously. That’s great.
Well, Kagi is still getting all your search queries which are directly associated with one account. We don’t have their server’s code. We don’t know how or what are they logging. They can claim whatever in their privacy policy, I don’t care. A single entity is receiving all your search queries directly linked to your pseudonymous account. This gives them a vast amount of data about the person using it, even if they do not know who you are, probably very sensitive information too.
Let’s make a huge assumption and assume they are not correlating your search queries and they do not use this information for anything. Well, a third party actor with access to their servers could very well make use of this vast amount of personal data, whether it is a government, their hosting provider, a malicious actor, a security breach, etc.
And that’s considering the best case in which you were covering your tracks hiding your IP all the time and making anonymous payments, which, being honests, most Kagi users don’t do. So yeah, Kagi is a privacy nightmare.