All apps

Is Kimi safe with your data?

D
Kimi icon

Kimi

Moonshot AI

46/100

Weak disclosure · high confidence

Kimi earns a D (46/100) because it leaves much about its data practices unstated.

Dealbreaker flag

  • D1.4: you grant us and our affiliates a non-exclusive, unrestricted, perpetual, free license to use and re-license to third parties

#118

of 211 apps ranked

46

score · Assistant avg 49

-3

vs category average

Grade scaleA · 70–100B · 60–69C · 48–59D · 35–47F · 0–34

Kimi trains inputs by default without explicit opt-in, shares with service providers and affiliates, commits only to vague retention practices, and relies on passive child protections, but does disclose data categories, offers core deletion/access rights, and uses minimal named security controls.

What Kimi's privacy policy and terms of service say about your data

D1.4 , Harmful content licence

Policy grants Kimi "a non-exclusive, unrestricted, perpetual, free license to use and re-license to third parties" , a broad, sublicensable clause reserved without user opt-out.

D5.4 , Vague purpose-to-basis links

Policy lists purposes but links inconsistently to legal bases; many purposes reference only "applicable law" or "legitimate interests" without specific justification, falling short of full transparency.

D2.1–2.5 , Core rights present

Access, deletion (with exceptions), portability, correction, and marketing objection all explicitly named with defined scope; deletion right includes legal/fraud exceptions.

D7.2 , Breach notice lacks timeframe

Policy commits to "promptly inform" of breaches but provides no named timeframe (e.g., 72 hours), rendering the commitment vague.

What the policy is silent or vague on

  • Not stated: keeping user inputs out of model training
  • Not stated: a way to opt out of training
  • Not stated: whether training use differs by plan
  • Not stated: your ownership of generated outputs

Kimi privacy rating

Training-data use0 of 4 disclosed
Keeps user inputs out of model training, or makes training opt-inSilent
Names a way to opt out of or into trainingSilent
Says whether training use differs by plan or tierSilent
Lets the user keep ownership of generated outputsAdverse
Data-subject rights5 of 5 disclosed
Grants a right to access your dataDisclosed
Grants a right to delete your dataDisclosed
Offers data portability in a usable formatDisclosed
Grants a right to correct your dataDisclosed
Grants a way to object to or opt out of processingDisclosed
Retention and deletion0 of 4 disclosed
States a retention period for your dataPartial
States a deletion timeline after closure or requestSilent
Sets a shorter retention for AI conversation logsSilent
Commits to collecting only the data it needsSilent
Third-party sharing2 of 5 disclosed
Lists the categories of third parties it shares withDisclosed
References a sub-processor list or data processing agreementSilent
Does not sell or share data for advertising, or offers opt-outDisclosed
Names a safeguard for international data transfersPartial
States a standard for government and law-enforcement accessPartial
Transparency1 of 4 disclosed
Discloses that you are interacting with AIPartial
Marks AI-generated or synthetic outputNot applicable
Enumerates the categories of data it collectsDisclosed
Maps processing purposes to legal basesPartial
Is versioned and dated, with change noticePartial
Sensitive data and children0 of 2 disclosed
Discloses automated decisions and a human-review pathNot applicable
Limits the use of special-category dataPartial
Governs biometric data specificallyNot applicable
States protections for children's dataPartial
Security and accountability0 of 3 disclosed
Describes its security safeguardsPartial
Commits to breach notificationPartial
Names a certification or a privacy contactSilent
DisclosedPartialSilentAdverseNot applicable

Details

Category
Assistant
Modalities
text
Processes biometrics
No
Policy last updated
2025-07-07
Region scored
Global / US-default
Last assessed
2026-07-08

Documents examined

Each grade reflects our analysis of what an app states in its public privacy policy and terms as of the assessment date. It measures the transparency of those documents, not the company's actual data practices, security, or compliance. Grades are our opinion, offered for general information. Full disclaimer.

Is Kimi safe with your data? Grade D | AI App Trust & Transparency Index