If your existing Sourcegraph contract had unlimited liability for data security or confidentiality breaches, this Cody addendum caps that at five times your annual license fees. If your contract already had a liability limit, that limit continues to apply.
This analysis describes what Sourcegraph Cody's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision introduces a specific financial ceiling for data security and confidentiality breach claims arising from Cody use, which is operationally significant for organizations that negotiated uncapped liability in their base Agreement as a risk management measure.
Enterprise customers who negotiated uncapped confidentiality or data security liability in their base Sourcegraph Agreement will find that liability capped at five times annual license fees for Cody-related breaches. This affects the financial recovery available in the event of a data breach or confidentiality violation involving Cody.
Cross-platform context
See how other platforms handle Liability Cap for Confidentiality and Data Security Breaches and similar clauses.
Compare across platforms →Monitoring
Sourcegraph Cody has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"If you have uncapped liability for breach of confidentiality or data security in your Agreement with Sourcegraph, a limit of liability of five times (5x) your annual license fees will apply to breaches of confidentiality or data security in connection with your use of Cody. If you do not have uncapped liability in your Agreement with Sourcegraph, the limit of liability in your Agreement shall apply to your use of Cody.— Excerpt from Sourcegraph Cody's Sourcegraph Cody Usage and Privacy
REGULATORY LANDSCAPE: Liability caps in enterprise software agreements do not extinguish regulatory obligations under GDPR, CCPA, or other applicable data protection laws. Regulatory fines and enforcement actions are separate from contractual liability and are not subject to contractual caps. The cap affects only the contractual claim between the customer and Sourcegraph, not third-party or regulatory exposure. GOVERNANCE EXPOSURE: High for organizations that previously held uncapped contractual liability as a negotiated risk allocation. The 5x annual license fee cap may be materially insufficient to cover data breach remediation costs, notification obligations, and regulatory penalties depending on the size of the breach and the volume of data involved. JURISDICTION FLAGS: EU and EEA organizations face GDPR fines that are independent of contractual liability caps. California organizations face CCPA statutory damages that are similarly independent. Organizations in regulated industries such as financial services or healthcare may face sector-specific penalties unrelated to this contractual cap. CONTRACT AND VENDOR IMPLICATIONS: Procurement and legal teams should calculate the actual monetary value of the 5x annual license fee cap relative to the organization's data breach risk profile. Organizations that negotiated uncapped liability specifically for data security reasons should assess whether the Cody addendum effectively modifies that negotiated position and whether renegotiation is warranted. COMPLIANCE CONSIDERATIONS: Risk management and insurance teams should be informed that Cody-related data security and confidentiality claims are subject to this specific cap, and cyber insurance coverage should be reviewed to ensure it addresses the gap between the contractual cap and potential breach costs. Legal teams should document this provision in vendor risk registers.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision introduces a specific financial ceiling for data security and confidentiality breach claims arising from Cody use, which is operationally significant for organizations that negotiated uncapped liability in their base Agreement as a risk management measure.
Enterprise customers who negotiated uncapped confidentiality or data security liability in their base Sourcegraph Agreement will find that liability capped at five times annual license fees for Cody-related breaches. This affects the financial recovery available in the event of a data breach or confidentiality violation involving Cody.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Sourcegraph Cody.