Sourcegraph shares your personal information, including the prompts you submit when writing code, with third-party service providers that help operate the services, subject to restrictions on how those providers can use the data.
This analysis describes what Sourcegraph Cody's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision confirms that code prompts and related content submitted to Sourcegraph's AI coding features are shared with third-party subprocessors, which is material for users submitting proprietary or sensitive code.
Code prompts and other content you submit when using Sourcegraph's AI-assisted coding features are shared with third-party subprocessors listed at sourcegraph.com/terms/subprocessors. Users submitting proprietary code should review the subprocessors list to understand which third parties may process their code content.
How other platforms handle this
We may share your personal information with our affiliates, meaning entities that control, are controlled by, or are under common control with Consensys. We also share information with service providers who assist in operating our services, subject to confidentiality obligations.
We may also share your personal information with third parties that assist us in providing our services, or where we are under an obligation to report to. But rest assured: we will only ever share your personal information in the limited circumstances described in this Policy.
We may share your personal information with third parties in the following circumstances: With service providers who perform services on our behalf, such as data analytics, marketing, customer service, and technology services. With financial partners, including banks, brokerage firms, and payment pr...
Monitoring
Sourcegraph Cody has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Our service providers process your Personal Information as needed to provide our Services to you, including your content and processing prompts to help you write code. They may only process your Personal Information pursuant to our instructions and to perform their duties to us. See our Subprocessors page for a list of our service providers.— Excerpt from Sourcegraph Cody's Sourcegraph Privacy Policy
1) REGULATORY LANDSCAPE: Sharing personal data with service providers engages GDPR Article 28 processor obligations and CCPA service provider requirements. The specific disclosure that prompts used to help write code are shared with subprocessors is material under both frameworks, as code may contain personal data or trade secrets. EU/EEA data transfers to subprocessors outside the EEA require adequate transfer mechanisms under GDPR Chapter V. 2) GOVERNANCE EXPOSURE: Medium. The policy references a separate subprocessors page rather than listing subprocessors inline, which means the list may change without formal policy amendment. Users and enterprise customers should monitor the subprocessors page for changes that could affect their data protection posture. 3) JURISDICTION FLAGS: EU/EEA users should confirm that subprocessors receiving personal data have adequate transfer mechanisms in place (Standard Contractual Clauses or equivalent). California users should confirm that subprocessors qualify as service providers under CCPA rather than third parties. 4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise procurement teams should conduct vendor assessments on the subprocessors listed, particularly AI model providers that may process code prompts. The policy's restriction that subprocessors may only process data pursuant to Sourcegraph's instructions should be verified against the actual subprocessor agreements. 5) COMPLIANCE CONSIDERATIONS: Legal teams should implement a process for monitoring changes to the subprocessors page and assessing the data protection implications of any additions. Data processing agreements should include provisions requiring Sourcegraph to notify customers of subprocessor changes.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision confirms that code prompts and related content submitted to Sourcegraph's AI coding features are shared with third-party subprocessors, which is material for users submitting proprietary or sensitive code.
Code prompts and other content you submit when using Sourcegraph's AI-assisted coding features are shared with third-party subprocessors listed at sourcegraph.com/terms/subprocessors. Users submitting proprietary code should review the subprocessors list to understand which third parties may process their code content.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Sourcegraph Cody.