If you use Cody through Sourcegraph.com without an enterprise account, Sourcegraph collects your code queries, the AI prompts generated from them, and the AI's responses to improve the product, though not to train general AI models.
This analysis describes what Sourcegraph Cody's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Non-enterprise Sourcegraph.com users are subject to broader data collection than enterprise users: their User Prompts, LLM Prompts, and Responses are collected for product improvement purposes, whereas Enterprise Cody users have their Customer Content used only to provide the service.
Interpretive note: The phrase 'none of it will be used to train any generally available models' does not exclude use for training proprietary or customer-specific models, creating some ambiguity about the full scope of data use.
Individual Sourcegraph.com users who are not on enterprise licenses should be aware that their code queries and AI responses are retained by Sourcegraph for product improvement purposes. While the terms state this data is not used to train generally available models, it is used beyond mere service delivery in contrast to enterprise deployments.
Cross-platform context
See how other platforms handle Data Collection for Non-Enterprise Sourcegraph.com Users and similar clauses.
Compare across platforms →Monitoring
Sourcegraph Cody has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"For individual users accessing the Sourcegraph Cody extension via Sourcegraph.com, Sourcegraph also collects the following User Content to support and improve user experience, though none of it will be used to train any generally available models: User Prompts; LLM Prompts; Responses.— Excerpt from Sourcegraph Cody's Sourcegraph Cody Usage and Privacy
REGULATORY LANDSCAPE: Collection of User Prompts, LLM Prompts, and Responses from non-enterprise users for product improvement purposes engages GDPR consent and legitimate interest requirements if the users are in the EU or EEA. CCPA opt-out rights for use of personal information may be relevant for California residents. The FTC's enforcement of representations about data use practices applies to this collection. GOVERNANCE EXPOSURE: Medium. The differentiated data collection posture between enterprise and non-enterprise users creates a governance distinction that should be clearly reflected in privacy notices and consent mechanisms. The statement that data will not be used to train 'generally available models' leaves open whether it may be used to train other types of models. JURISDICTION FLAGS: EU and EEA individual users have GDPR rights to access, correction, and deletion of collected User Content. California residents have CCPA rights regarding the use of personal information for secondary purposes. The collection of code queries may include personal data depending on what users include in their prompts. CONTRACT AND VENDOR IMPLICATIONS: Organizations permitting employees to use Cody via Sourcegraph.com without enterprise accounts should be aware that those users' data is subject to broader collection and use than enterprise deployments. This creates a potential shadow IT data governance risk if non-enterprise usage is not monitored. COMPLIANCE CONSIDERATIONS: Privacy notices for Sourcegraph.com should clearly disclose the differentiated data collection practices between enterprise and non-enterprise users. Organizations with GDPR or CCPA obligations should assess whether individual employee use of the free Cody tier creates additional compliance obligations related to the broader data collection scope.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Non-enterprise Sourcegraph.com users are subject to broader data collection than enterprise users: their User Prompts, LLM Prompts, and Responses are collected for product improvement purposes, whereas Enterprise Cody users have their Customer Content used only to provide the service.
Individual Sourcegraph.com users who are not on enterprise licenses should be aware that their code queries and AI responses are retained by Sourcegraph for product improvement purposes. While the terms state this data is not used to train generally available models, it is used beyond mere service delivery in contrast to enterprise deployments.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Sourcegraph Cody.