Sourcegraph automatically records your IP address, browser details, repository names you access, and other technical data in server logs, and retains access audit logs including what data you accessed for security incident investigation.
This analysis describes what Sourcegraph Cody's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision authorizes collection of repository names and data accessed as part of audit logging, meaning records of which code repositories you interact with may be retained and shared with customers in the event of a security incident.
Sourcegraph's log data collection includes repository names, user IDs, IP addresses, and records of data accessed. The policy states access audit log information is retained only for security purposes and shared only with relevant customers in the event of a security incident.
Cross-platform context
See how other platforms handle Log Data and Access Audit Logs Collection and similar clauses.
Compare across platforms →Monitoring
Sourcegraph Cody has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"As with most websites and technology services delivered over the internet, when you access or use our Services, our servers automatically collect data and record it in log files. This log data may include your web request, IP address, browser type and settings, date and time of use, information about browser configuration, error data, repository name, user ID, and cookie data. When you visit or use our Services, we may collect information related to accessing systems and data, including IP addresses, usernames, and data accessed. This information is only retained for the purposes of identifying, analyzing, and resolving potential security incidents.— Excerpt from Sourcegraph Cody's Sourcegraph Privacy Policy
1) REGULATORY LANDSCAPE: Collection of IP addresses and persistent identifiers engages GDPR personal data definitions and CCPA categories of personal information. The retention of access audit logs for security purposes may align with GDPR Article 6(1)(f) legitimate interests, but retention periods should be documented and proportionate. 2) GOVERNANCE EXPOSURE: Low to medium. The policy limits access audit log retention to security incident purposes and restricts access to those who need it for those purposes. The disclosure that this information is shared with relevant customers in the event of a security incident is operationally relevant for enterprise deployments. 3) JURISDICTION FLAGS: EU/EEA deployments should confirm that log data retention periods and purposes satisfy GDPR storage limitation principles. Enterprise customers in regulated industries (financial services, healthcare) should confirm that log data sharing in security incidents is covered by their customer agreements. 4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers should confirm that their customer agreements address notification and data sharing protocols in the event of a security incident involving access audit logs, including timeliness of notification. 5) COMPLIANCE CONSIDERATIONS: Legal teams should confirm that log data retention schedules are documented and defensible under applicable privacy laws, and that deletion workflows for log data are in place upon account termination.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision authorizes collection of repository names and data accessed as part of audit logging, meaning records of which code repositories you interact with may be retained and shared with customers in the event of a security incident.
Sourcegraph's log data collection includes repository names, user IDs, IP addresses, and records of data accessed. The policy states access audit log information is retained only for security purposes and shared only with relevant customers in the event of a security incident.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Sourcegraph Cody.