(paraphrased) "You trust Github/Slack, why not also trust us?" Perhaps because Github and Slack's monitization models are well known, and Kite's are not.
It's a great concept for a tool, but I could never get it to fly at work. I couldn't even begin to imagine trying to convince a technically savvy cofounder (let alone their lawyer) with "let me use this tool which uploads all of our code to their server."
Also, do you have plans to support deletion of indexed data?
So Kite should be able to avoid this fear by asking only for limited license. For example, a license can expire after 1 year, or be untransferable (or perhaps expire at bankruptcy?).
Facebook does this to some extent: "This IP License ends when you delete your IP content or your account unless your content has been shared with others, and they have not deleted it."
Here's what Heroku does: "Heroku claims no ownership or control over any Content or Application. You retain copyright and any other rights you already hold in the Content and/or Application, and you are responsible for protecting those rights, as appropriate. By submitting, posting or displaying the Content on or through the Heroku Services you give Heroku a worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute such Content for the sole purpose of enabling Heroku to provide you with the Heroku Services. [...]"
Some technical solutions might be possible, in terms of allowing users provably to withdraw their data, but it would be messy and probably not bulletproof.
Even if you have to ship individual backend modules (when more languages get supported). One place might only need the bash/python/js syntax whereas another might need only php, etc.
I'm no security expert but one way I can think of is creating an encryption system which works like this: all my source code will be stored encrypted on your (non-ephemeral) databases. The decryption key will be stored on my computer, and it'll be transferred to the server when I run Kite and destroyed as soon as I quit Kite. The key will be stored in your server only in an ephemeral storage (in-memory database etc.)
There's a difference between trusting someone not to redistribute your work versus having it in writing. Both are important.
Kite doesn't seem to currently have any legal docs that I can see, but I assume that will rectified soon.
More detail in another comment: https://news.ycombinator.com/item?id=11499670
(Also, hi Adam and Alex! Congrats!)
The ability to exclude files that I know contain sensitive data would be a very nice step. Even better if you explicitly state that retroactively excluding files will result in a deletion of the file from your servers.
Not windy enough for flying a kite? ;)