Sourcegraph shares your personal information, including the prompts you submit when writing code, with third-party service providers that help operate the services, subject to restrictions on how those providers can use the data.
This analysis describes what Sourcegraph Cody's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision confirms that code prompts and related content submitted to Sourcegraph's AI coding features are shared with third-party subprocessors, which is material for users submitting proprietary or sensitive code.
Code prompts and other content you submit when using Sourcegraph's AI-assisted coding features are shared with third-party subprocessors listed at sourcegraph.com/terms/subprocessors. Users submitting proprietary code should review the subprocessors list to understand which third parties may process their code content.
Cross-platform context
See how other platforms handle Data Sharing with Service Providers and Subprocessors and similar clauses.
Compare across platforms →Monitoring
Sourcegraph Cody has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Our service providers process your Personal Information as needed to provide our Services to you, including your content and processing prompts to help you write code. They may only process your Personal Information pursuant to our instructions and to perform their duties to us. See our Subprocessors page for a list of our service providers.— Excerpt from Sourcegraph Cody's Sourcegraph Privacy Policy
1) REGULATORY LANDSCAPE: Sharing personal data with service providers engages GDPR Article 28 processor obligations and CCPA service provider requirements. The specific disclosure that prompts used to help write code are shared with subprocessors is material under both frameworks, as code may contain personal data or trade secrets. EU/EEA data transfers to subprocessors outside the EEA require adequate transfer mechanisms under GDPR Chapter V. 2) GOVERNANCE EXPOSURE: Medium. The policy references a separate subprocessors page rather than listing subprocessors inline, which means the list may change without formal policy amendment. Users and enterprise customers should monitor the subprocessors page for changes that could affect their data protection posture. 3) JURISDICTION FLAGS: EU/EEA users should confirm that subprocessors receiving personal data have adequate transfer mechanisms in place (Standard Contractual Clauses or equivalent). California users should confirm that subprocessors qualify as service providers under CCPA rather than third parties. 4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise procurement teams should conduct vendor assessments on the subprocessors listed, particularly AI model providers that may process code prompts. The policy's restriction that subprocessors may only process data pursuant to Sourcegraph's instructions should be verified against the actual subprocessor agreements. 5) COMPLIANCE CONSIDERATIONS: Legal teams should implement a process for monitoring changes to the subprocessors page and assessing the data protection implications of any additions. Data processing agreements should include provisions requiring Sourcegraph to notify customers of subprocessor changes.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision confirms that code prompts and related content submitted to Sourcegraph's AI coding features are shared with third-party subprocessors, which is material for users submitting proprietary or sensitive code.
Code prompts and other content you submit when using Sourcegraph's AI-assisted coding features are shared with third-party subprocessors listed at sourcegraph.com/terms/subprocessors. Users submitting proprietary code should review the subprocessors list to understand which third parties may process their code content.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Sourcegraph Cody.