What can I do about this clause?

{'method': 'EMAIL', 'recipient': 'privacy@sourcegraph.com', 'difficulty': 'MODERATE', 'action_type': 'DELETE_DATA', 'instructions': "Contact Sourcegraph's privacy team to submit a data deletion request that includes event analytics data tied to your user ID. The policy directs privacy requests to the contact address provided at the end of the Privacy Policy.", 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'The FTC has jurisdiction over consumer data collection and tracking practices, including behavioral analytics tied to persistent identifiers.', 'complaint_url': 'https://reportfraud.ftc.gov/'}

What is the severity of this clause?

ConductAtlas classifies this Automated Usage Analytics and Event Tracking clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Automated Usage Analytics and Event Tracking — Sourcegraph Cody

Share 𝕏 Share in Share 🔒 PDF

Monitor governance changes for Sourcegraph Cody Create a free account to receive the weekly governance digest and monitor one platform for governance changes.

Create free account No credit card required.

Document Record

What it is

Sourcegraph automatically tracks how you use its services, including what you click on and how often you use specific features, and links this activity to an internal identifier assigned to you.

ⓘ

This analysis describes what Sourcegraph Cody's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

This provision authorizes collection of detailed behavioral data tied to a persistent user identifier, which may allow reconstruction of individual usage patterns over time even if the identifier is not directly linked to a name.

Consumer impact (what this means for users)

Sourcegraph collects click patterns and feature utilization frequency tied to an internally-generated user ID, which means detailed behavioral profiles may be maintained for each user of the Services even without association to a directly identifying name or email.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Delete Your Data

Contact Sourcegraph's privacy team to submit a data deletion request that includes event analytics data tied to your user ID. The policy directs privacy requests to the contact address provided at the end of the Privacy Policy.

Cross-platform context

See how other platforms handle Automated Usage Analytics and Event Tracking and similar clauses.

Compare across platforms →

Monitoring

Sourcegraph Cody has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

▸ View Original Clause Language DOCUMENT RECORD

"
Event analytics data and metadata to better understand usage within the Services, including click patterns and length and frequency of feature utilization, tied to an internally-generated user ID number.

— Excerpt from Sourcegraph Cody's Sourcegraph Privacy Policy

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

1) REGULATORY LANDSCAPE: Collection of behavioral data tied to persistent identifiers engages GDPR recital 30 and Article 4 definitions of personal data, under which pseudonymous identifiers are generally treated as personal data if re-identification is reasonably possible. CCPA similarly treats internal identifiers linked to behavioral data as personal information. The FTC and EU data protection authorities have both addressed the privacy implications of persistent behavioral tracking. 2) GOVERNANCE EXPOSURE: Medium. The policy does not specify the retention period for event analytics data or the scope of re-identification controls applied to internally-generated user IDs. This creates compliance uncertainty for organizations required to respond to data subject access or deletion requests, as the policy does not clarify whether event analytics records are included in deletion workflows. 3) JURISDICTION FLAGS: EU/EEA users have rights of access and erasure under GDPR that would apply to pseudonymous behavioral data if re-identification is reasonably possible. California residents have CCPA rights regarding categories of personal information including identifiers and inferences drawn from usage data. 4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise procurement teams should confirm that usage analytics data is subject to deletion and portability obligations under customer agreements. The policy does not specify whether event analytics data is shared with subprocessors beyond Sourcegraph's own analytics infrastructure. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should verify that data subject request workflows include event analytics records tied to user IDs, and should assess whether the internally-generated user ID constitutes personal data under applicable law given the potential for re-identification.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Watcher free for 14 days

Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.

Applicable agencies

FTC

The FTC has jurisdiction over consumer data collection and tracking practices, including behavioral analytics tied to persistent identifiers.
File a complaint →

Provision details

Document information

Document

Sourcegraph Privacy Policy

Entity

Sourcegraph Cody

Document last updated

May 12, 2026

Tracking information

First tracked

May 12, 2026

Last verified

May 12, 2026

Record ID

CA-P-011842

Document ID

CA-D-00799

Evidence Provenance

Source URL

https://sourcegraph.com/terms/privacy

Wayback Machine

View archived versions →

Content hash (SHA-256)

df2d4196ecea360b04ad9684b8e596ac2cfeb41cb2be50ace2b878d7c3dd599f

Analysis generated

May 12, 2026 15:34 UTC

Methodology

summarize_document-v8

Evidence

✓ Snapshot stored ✓ Hash verified

Citation Record

Entity: Sourcegraph Cody
Document: Sourcegraph Privacy Policy
Record ID: CA-P-011842
Captured: 2026-05-12 15:34:28 UTC
SHA-256: df2d4196ecea360b…
URL: https://conductatlas.com/platform/sourcegraph-cody/sourcegraph-privacy-policy/automated-usage-analytics-and-event-tracking/
Accessed: May 13, 2026

Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.

Classification

Severity

Medium

Other risks in this policy

Amp Free Mode Codebase Keyword Scanning for Advertising medium
Customer Personal Data Exclusion medium
Data Sharing with Service Providers and Subprocessors medium
Do Not Track Non-Response low
GDPR and Global Privacy Rights medium
Log Data and Access Audit Logs Collection low

Professional Governance Intelligence

Need to monitor specific governance provisions?

Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies

Start Professional free trial

Or start with Watcher →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Sourcegraph Cody's Automated Usage Analytics and Event Tracking clause do?

How does this clause affect you?

Is ConductAtlas affiliated with Sourcegraph Cody?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Sourcegraph Cody.