Sourcegraph processes your personal data under three legal bases under GDPR: contract performance, legitimate interests, and consent for marketing. You can withdraw consent for marketing at any time.
This analysis describes what Sourcegraph Cody's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes the legal bases Sourcegraph relies on under GDPR, which determines what rights you have and under what circumstances you can object to or request deletion of your data.
EU and other users covered by GDPR can withdraw consent for marketing communications at any time using the unsubscribe link in marketing emails or by contacting Sourcegraph directly. For data processed under legitimate interests, you have a right to object, which Sourcegraph must evaluate.
Cross-platform context
See how other platforms handle GDPR and Global Privacy Rights and similar clauses.
Compare across platforms →Monitoring
Sourcegraph Cody has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Where laws like GDPR govern our processing of your Personal Information, Sourcegraph must tell you about the legal basis under which we process your Personal Information. Sourcegraph processes Personal Information under the following legal bases: Performance of a contract: We use your Personal Information to provide the Services you subscribe to and to fulfill requests you make of us. Legitimate interests: We use your Personal Information for our legitimate interests, such as security, abuse, and fraud prevention, product improvement, and communications about your use of our Services. Consent: We may rely on your consent to use your personal information for certain direct marketing purposes, such as sending you newsletter updates about Sourcegraph products. You may withdraw your consent at any time through the unsubscribe feature provided with each marketing email or by contacting us at the address given at the end of this Privacy Policy.— Excerpt from Sourcegraph Cody's Sourcegraph Privacy Policy
1) REGULATORY LANDSCAPE: This provision directly engages GDPR Articles 6, 7, and 21. The reliance on legitimate interests for product improvement and communications requires a documented legitimate interests assessment. The European Data Protection Board and national data protection authorities may examine whether legitimate interests are appropriately balanced against user rights, particularly where behavioral analytics are involved. 2) GOVERNANCE EXPOSURE: Medium. The policy's invocation of legitimate interests for product improvement is broad and may encompass behavioral analytics and event tracking. GDPR Article 21 gives users the right to object to processing under legitimate interests, and Sourcegraph should have a documented process for handling such objections. 3) JURISDICTION FLAGS: EU/EEA users have the full suite of GDPR rights (access, erasure, rectification, portability, objection, restriction). UK GDPR imposes equivalent obligations post-Brexit. Users in other jurisdictions may have equivalent rights under applicable local laws referenced in the policy's global privacy section. 4) COMPLIANCE CONSIDERATIONS: Legal teams should confirm that legitimate interests assessments are documented and available for regulatory review. Consent withdrawal mechanisms should be tested and documented. Data subject request workflows (access, deletion, portability) should be audited for responsiveness and completeness. 5) CONTRACT AND VENDOR IMPLICATIONS: For enterprise customers, the applicable legal bases may differ from those described in this policy, depending on the terms of their customer agreements. Enterprise legal teams should confirm which bases apply under their specific agreements.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes the legal bases Sourcegraph relies on under GDPR, which determines what rights you have and under what circumstances you can object to or request deletion of your data.
EU and other users covered by GDPR can withdraw consent for marketing communications at any time using the unsubscribe link in marketing emails or by contacting Sourcegraph directly. For data processed under legitimate interests, you have a right to object, which Sourcegraph must evaluate.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Sourcegraph Cody.