If you use the free version of Amp, Sourcegraph may automatically scan your connected files and code for keywords to decide which ads to show you, though the policy states it does not retain or share what it finds.
This analysis describes what Sourcegraph Cody's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision authorizes automated access to user files and connected codebases for advertising purposes, which is operationally distinct from standard developer tool privacy practices and may be relevant for users storing sensitive or proprietary code.
Interpretive note: The policy asserts no personal data is collected during scanning, but whether this assertion satisfies GDPR or CCPA definitions of processing in all technical implementations is not determinable from the document alone.
This provision permits Sourcegraph to perform periodic automated keyword searches of files and codebases connected to Amp Free Mode for advertisement targeting. The policy asserts that no personal data is collected, retained, or shared with advertisers as a result of these scans, but users with sensitive code in connected repositories should be aware this scanning is authorized under these terms.
Cross-platform context
See how other platforms handle Amp Free Mode Codebase Keyword Scanning for Advertising and similar clauses.
Compare across platforms →Monitoring
Sourcegraph Cody has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"When you use Amp Free Mode, we may perform periodic, automated keyword searches of your files, codebase, or data sources that you have connected to Amp in order to deliver context-specific advertisements to you. No personal data will be collected or processed during a keyword search. Data access is moment-in-time, on a per-advertisement basis, and is not ongoing. Results of keyword scans are exclusively used for advertisement placement applicability and not for any other reason, and results are not co-mingled with any other data collected. The results of keyword searches are not shared with Advertising Partners.— Excerpt from Sourcegraph Cody's Sourcegraph Privacy Policy
1) REGULATORY LANDSCAPE: This provision implicates GDPR Article 6 legal bases and the definition of personal data under GDPR and CCPA, given that keyword scanning of user-connected data sources may interact with personal data embedded in code or files. The FTC has jurisdiction over consumer data practices in the US context. If scan sessions are associated with any user identifier at any point, even transiently, regulators may evaluate whether the policy's assertion of no personal data processing is accurate. 2) GOVERNANCE EXPOSURE: Medium. The provision asserts that no personal data is collected or processed during keyword scanning, but enterprise legal teams should assess whether this assertion is verifiable and consistent with actual technical implementation. The policy does not describe audit or verification mechanisms that would allow users or regulators to confirm the non-retention assertion. 3) JURISDICTION FLAGS: EU/EEA users are subject to GDPR, under which the definition of personal data and the requirement for a valid legal basis for processing are broadly construed. California users have CCPA rights that may require Sourcegraph to respond to requests related to inferences drawn from scanning. Users in jurisdictions with sector-specific confidentiality requirements (legal, healthcare, financial services) should assess whether connecting sensitive repositories to Amp Free Mode is appropriate. 4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise procurement teams should confirm whether Amp Free Mode is available or enabled in organizational deployments and whether standard enterprise agreements restrict or disable this advertising mechanism. The provision does not describe what constitutes a 'connected data source,' which may create ambiguity in vendor assessments regarding scope of access. 5) COMPLIANCE CONSIDERATIONS: Legal and compliance teams should request technical documentation from Sourcegraph confirming that keyword scan results are not associated with user identifiers, are not retained, and are not transmitted to third parties, in order to substantiate the policy's assertions under GDPR accountability requirements. Teams managing developer environments with sensitive IP should assess whether Amp Free Mode should be restricted in organizational policy.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision authorizes automated access to user files and connected codebases for advertising purposes, which is operationally distinct from standard developer tool privacy practices and may be relevant for users storing sensitive or proprietary code.
This provision permits Sourcegraph to perform periodic automated keyword searches of files and codebases connected to Amp Free Mode for advertisement targeting. The policy asserts that no personal data is collected, retained, or shared with advertisers as a result of these scans, but users with sensitive code in connected repositories should be aware this scanning is authorized under these terms.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Sourcegraph Cody.