"Seeking the optimal conversion from energy to intelligence"
Moonshot AI is the provider behind Kimi, an LLM and agent platform focused on long contexts, coding, deep research, documents, spreadsheets, slides, web search, and multimodal processing. The Kimi API offers models such as Kimi K2.6, K2.5, K2, and Moonshot-v1.
Moonshot AI
LLM “Seeking the optimal conversion from energy to intelligence”
Location: Singapore ⓘ MOONSHOT AI PTE. LTD., Singapore Ltd.
Kimi K2.6 / K2.5 / K2 / Moonshot V1 Model families for multimodal or text-based tasks, long context, coding, agents, reasoning, and dialogue tasks.
Enterprise Solutions & Customization For medium-sized and large companies with flexible rate limits, multi-project deployments, support, SLA-oriented reliability, and individual agreements according to the platform page.
Target audience
Moonshot AI / Kimi is suitable for developers, knowledge workers, research teams, analysts, consultants, lawyers, product teams, and companies that want to combine long documents, web research, coding, spreadsheets, and agents in one AI workflow.
Outstanding features
Kimi combines large language models with integrated tools for web search, code execution, Excel, memory, fetch, and file processing. The platform is particularly strong in long-context tasks, deep research, coding agents, and office-adjacent workflows.
Main use cases
Kimi is used for programming, research, document analysis, market analysis, spreadsheet work, legal pre-screening, presentations, deep research, and agent automation.
Usage & notes
For non-critical research, Kimi is practical; for personal or confidential data, caution is advised because the API terms allow content use for service improvement, and EU-only/DPA is not clearly documented publicly.
| Target audience | Assessment |
|---|---|
| Private individuals | Conditionally – Kimi Chat can be used, but this provider assessment is primarily relevant here as an API/LLM platform. |
| Self-employed / freelancers | Yes, technically oriented – suitable for research, coding, agents, long-context tasks, and API integration. |
| SMEs | Conditionally – powerful models, but the data protection, transfer, and contractual situation must be reviewed. |
| Large enterprises | Conditionally – enterprise contact available, but no verified EU DPA/data processing agreement structure was found publicly. |
| Developers / teams | Yes – strong focus on OpenPlatform, API, long context, tool calling, web search, code runner, and agents. |
| Privacy-sensitive organizations | Rather critical – server location Singapore, model training/service improvement with user content possible according to policy, no verified data processing agreement found publicly. |
Moonshot AI / Kimi – Model overview
| Model / family | Type | Best suited for |
|---|---|---|
| kimi-k2.6 | Current multimodal Kimi model | Coding, agents, long execution, visual and text-based tasks, autonomous workflows. (Moonshot AI) |
| kimi-k2.5 | Multimodal Kimi model | Dialogue, agents, text and image input, thinking/non-thinking mode. (Moonshot AI) |
| kimi-k2-0905-preview | K2 model | Agentic coding, frontend development, context processing. (Kimi API Platform) |
| kimi-k2-0711-preview | K2 MoE | Coding, agents, reasoning; 1T total / 32B active according to the Kimi-K2 documentation. (Kimi API Platform) |
| kimi-k2-turbo-preview | Fast K2 variant | Low latency, fast agent and chat workflows. (Kimi API Platform) |
| kimi-k2-thinking | Reasoning model | Multi-step tool reasoning, complex research, deep thinking. (Kimi API Platform) |
| kimi-k2-thinking-turbo | Fast reasoning variant | Faster deep reasoning and agent tasks. (Kimi API Platform) |
| moonshot-v1-8k | Text model | Short chat, text, and API tasks. (Kimi API Platform) |
| moonshot-v1-32k | Text model | Medium-length documents, summaries, chat. (Kimi API Platform) |
| moonshot-v1-128k | Long-context text model | Long documents, RAG, legal or technical text analysis. (Kimi API Platform) |
| moonshot-v1-8k-vision-preview | Vision model | Short multimodal image/text tasks. (Kimi API Platform) |
| moonshot-v1-32k-vision-preview | Vision model | Image analysis with medium context. (Kimi API Platform) |
| moonshot-v1-128k-vision-preview | Long-context vision model | Multimodal documents, long image/text contexts. (Kimi API Platform) |
| kimi-latest / kimi-thinking-preview | Deprecated | Not recommended for new projects. (Kimi API Platform) |
Hosting & Data
1) On-prem / local hosting
Meaning: The company operates the solution on its own hardware or within its own infrastructure. In the strictest sense, not only the application runs locally, but ideally the model as well.
2) Private cloud / data center
Meaning: The solution runs in a dedicated or more clearly separated cloud environment, often with a hosting provider or hyperscaler, but in a German data center or in a particularly controlled environment.
3) EU SaaS / managed
Meaning: The provider operates the solution itself as a service. The company uses the tool as a ready-made cloud service, ideally with EU data residency.
4) Hybrid
Meaning: One part of the processing remains internal / local / in a private cloud, while another part runs in an external cloud or EU SaaS.
5) AVV / DPA
Meaning: This is the data processing agreement or Data Processing Addendum. It governs that the provider processes personal data on behalf of the customer and is bound by the customer's instructions.
6) No training
Meaning: The provider does not use your prompts, uploads, attachments, chat histories, or outputs for training or improving the general model — ideally excluded by contract.
7) Open-source / transparency path
Meaning: There is a path toward greater technical transparency and sovereignty, for example through:
- open models
- documented components
- self-hostable parts
- traceable architecture
- export / switching options
| On-prem / local hosting | ❓ |
| Private cloud / data center | ❓ |
| EU SaaS / Managed | ❓ |
| Hybrid | ⚠️ |
| DPA / AVV | ❓ |
| No training on customer data | ❓ |
| Open source / transparency path | ⚠️ |
On-prem / local hosting: indirect / not available
The website does not mention any on-premises or local deployment of the Moonshot/Kimi models on the customer’s own infrastructure. There are only references to the local use of external tools such as OpenClaw or MoonPalace, not to a self-hostable model offering.
Private Cloud / Data Center: Unclear
The homepage mentions enterprise solutions and “security and compliance assurance,” but the website does not specify a dedicated private cloud deployment, an isolated EU/EEA data center, or comparable controlled hosting models.
EU SaaS / Managed: unclear
A managed SaaS offering is clearly identifiable, but EU/EEA data residency or an EU/EEA data center are not specified on the website. Therefore, EU SaaS operations cannot be verified.
Hybrid: Partially
OpenClaw describes a local or self-hosted agent path that can be combined with Kimi as an external model provider. This indirectly indicates a hybrid usage model, though it is not an officially described hybrid product with data protection or EU hosting guarantees.
SLA / DPA: unclear
Although an “Order Form” is mentioned in the Terms, no DPA or publicly available data processing agreement is provided on the website.
No Training: Unclear
No clear disclaimer can be found on the website stating that prompts, uploads, chat histories, or outputs will not be used to train general-purpose models. On the contrary, MoonPalace refers to the export of BadCase data to improve model capabilities; no opt-out option is specified on the website.
Open Source / Transparency Path: Partial
There is a discernible transparency path regarding open-source references: Kimi K2.5 is described as “open-source SoTA,” Kimi CLI is referred to as an open-source AI agent, and OpenClaw is described as an open-source/self-hosted platform. However, the actual hosting, compliance, and sovereignty options for the core offering are only partially documented.
Data Processing
The website describes an API/cloud model with file uploads, file storage, and various official tools. This suggests that external data processing by the provider is likely. For enterprise customers, data protection and compliance safeguards are mentioned in general terms. Specific details regarding data location, storage location, retention periods, subprocessors, international data transfers, or EU/EEA data residency are not provided on the website.
Conclusion
For users in Europe, based on the specified domain, it is not possible to provide reliable evidence of GDPR-compliant use. Positive aspects include the availability of legal documents, Enterprise-specific information, and a certain degree of open-source and local integration options. However, the key compliance evidence required for EU/EEA use is missing for a positive or even merely qualified assessment.
Sources
- https://platform.moonshot.ai/
- https://platform.moonshot.ai/docs/agreement/modeluse
- https://platform.moonshot.ai/docs/agreement/modeluse.en-US
- https://platform.moonshot.ai/docs/guide/use-kimi-in-openclaw
- https://platform.moonshot.ai/blog/posts/what-is-openclaw/
- https://platform.moonshot.ai/docs/guide/use-moonpalace
- https://platform.moonshot.ai/docs/guide/use-kimi-vision-model
- https://platform.moonshot.ai/docs/api/files
| On-prem / local hosting | ❓ |
| Private cloud / data center | ❓ |
| EU SaaS / Managed | ❓ |
| Hybrid | ⚠️ |
| DPA / AVV | ❓ |
| No training on customer data | ❓ |
| Open source / transparency path | ⚠️ |
On-prem / local hosting: indirect / not available
The website does not mention any on-premises or local deployment of the Moonshot/Kimi models on the customer’s own infrastructure. There are only references to the local use of external tools such as OpenClaw or MoonPalace, not to a self-hostable model offering.
Private Cloud / Data Center: Unclear
The homepage mentions enterprise solutions and “security and compliance assurance,” but the website does not specify a dedicated private cloud deployment, an isolated EU/EEA data center, or comparable controlled hosting models.
EU SaaS / Managed: unclear
A managed SaaS offering is clearly identifiable, but EU/EEA data residency or an EU/EEA data center are not specified on the website. Therefore, EU SaaS operations cannot be verified.
Hybrid: Partially
OpenClaw describes a local or self-hosted agent path that can be combined with Kimi as an external model provider. This indirectly indicates a hybrid usage model, though it is not an officially described hybrid product with data protection or EU hosting guarantees.
SLA / DPA: unclear
Although an “Order Form” is mentioned in the Terms, no DPA or publicly available data processing agreement is provided on the website.
No Training: Unclear
No clear disclaimer can be found on the website stating that prompts, uploads, chat histories, or outputs will not be used to train general-purpose models. On the contrary, MoonPalace refers to the export of BadCase data to improve model capabilities; no opt-out option is specified on the website.
Open Source / Transparency Path: Partial
There is a discernible transparency path regarding open-source references: Kimi K2.5 is described as “open-source SoTA,” Kimi CLI is referred to as an open-source AI agent, and OpenClaw is described as an open-source/self-hosted platform. However, the actual hosting, compliance, and sovereignty options for the core offering are only partially documented.
Data Processing
The website describes an API/cloud model with file uploads, file storage, and various official tools. This suggests that external data processing by the provider is likely. For enterprise customers, data protection and compliance safeguards are mentioned in general terms. Specific details regarding data location, storage location, retention periods, subprocessors, international data transfers, or EU/EEA data residency are not provided on the website.
Conclusion
For users in Europe, based on the specified domain, it is not possible to provide reliable evidence of GDPR-compliant use. Positive aspects include the availability of legal documents, Enterprise-specific information, and a certain degree of open-source and local integration options. However, the key compliance evidence required for EU/EEA use is missing for a positive or even merely qualified assessment.
Sources
- https://platform.moonshot.ai/
- https://platform.moonshot.ai/docs/agreement/modeluse
- https://platform.moonshot.ai/docs/agreement/modeluse.en-US
- https://platform.moonshot.ai/docs/guide/use-kimi-in-openclaw
- https://platform.moonshot.ai/blog/posts/what-is-openclaw/
- https://platform.moonshot.ai/docs/guide/use-moonpalace
- https://platform.moonshot.ai/docs/guide/use-kimi-vision-model
- https://platform.moonshot.ai/docs/api/files
Strengths & weaknesses at a glance
| Strengths | Weaknesses |
|---|---|
| • Strong agent and coding focus. | • GDPR situation for EU companies unclear. |
| • 256K context in current Kimi-K2 models. | • API Terms allow the use of content for the development/improvement of the services. |
| • Tools for research, Excel, code, and documents. | • No publicly documented EU-only operation and no publicly found DPA. |
| • Open Kimi-K2 path for self-hosting/research. | • According to the documentation, K2 predecessor models are being discontinued. |
Reviews
0 reviews in total
There are no confirmed reviews for this tool yet.
Submit review
Your review will only become visible after email confirmation. This protects the portal against abuse.
Report review
Please select the reason why this review should be checked.
GDPR-compliant usage possible?
Although the specified domain https://platform.moonshot.ai/ contains references to data protection and compliance, the information essential for a robust GDPR assessment throughout the EU/EEA is either missing or cannot be found on this domain. In particular, the website does not specify: the specific server location or data center location, EU/EEA data residency, subprocessors, the Data Processing Agreement (DPA), the option to opt out of model training, or relevant certifications. Since only information from this domain may be taken into account, overall compliance cannot be reliably verified.
Positive
The website provides links to a privacy policy and terms of use. Additionally, the homepage for enterprise offerings mentions “data compliance and privacy protections.” There is also an open-source/locally-based approach via documented integrations with OpenClaw, as well as references to open-source components such as Kimi CLI and MoonPalace.
Negative
The website does not specify an EU/EEA server location, EU data residency, a Data Processing Agreement (DPA), a list of subprocessors, a contractual exclusion of training with customer data, on-premises or true self-hosting options for the models themselves, or ISO 27001, SOC 2, or comparable certifications. Additionally, the domain redirects to content on a different domain; since only the specified domain may be evaluated, the documentation on the target domain itself remains incomplete.
Server Location
Not specified on the website. No specific location of servers or data centers within the EU/EEA or outside the EU/EEA can be found on the specified domain.