Sourcegraph automatically records your IP address, browser details, repository names you access, and other technical data in server logs, and retains access audit logs including what data you accessed for security incident investigation.
This analysis describes what Sourcegraph Cody's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision authorizes collection of repository names and data accessed as part of audit logging, meaning records of which code repositories you interact with may be retained and shared with customers in the event of a security incident.
Sourcegraph's log data collection includes repository names, user IDs, IP addresses, and records of data accessed. The policy states access audit log information is retained only for security purposes and shared only with relevant customers in the event of a security incident.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
Monitoring
Sourcegraph Cody has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"As with most websites and technology services delivered over the internet, when you access or use our Services, our servers automatically collect data and record it in log files. This log data may include your web request, IP address, browser type and settings, date and time of use, information about browser configuration, error data, repository name, user ID, and cookie data. When you visit or use our Services, we may collect information related to accessing systems and data, including IP addresses, usernames, and data accessed. This information is only retained for the purposes of identifying, analyzing, and resolving potential security incidents.— Excerpt from Sourcegraph Cody's Sourcegraph Privacy Policy
1) REGULATORY LANDSCAPE: Collection of IP addresses and persistent identifiers engages GDPR personal data definitions and CCPA categories of personal information. The retention of access audit logs for security purposes may align with GDPR Article 6(1)(f) legitimate interests, but retention periods should be documented and proportionate. 2) GOVERNANCE EXPOSURE: Low to medium. The policy limits access audit log retention to security incident purposes and restricts access to those who need it for those purposes. The disclosure that this information is shared with relevant customers in the event of a security incident is operationally relevant for enterprise deployments. 3) JURISDICTION FLAGS: EU/EEA deployments should confirm that log data retention periods and purposes satisfy GDPR storage limitation principles. Enterprise customers in regulated industries (financial services, healthcare) should confirm that log data sharing in security incidents is covered by their customer agreements. 4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers should confirm that their customer agreements address notification and data sharing protocols in the event of a security incident involving access audit logs, including timeliness of notification. 5) COMPLIANCE CONSIDERATIONS: Legal teams should confirm that log data retention schedules are documented and defensible under applicable privacy laws, and that deletion workflows for log data are in place upon account termination.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision authorizes collection of repository names and data accessed as part of audit logging, meaning records of which code repositories you interact with may be retained and shared with customers in the event of a security incident.
Sourcegraph's log data collection includes repository names, user IDs, IP addresses, and records of data accessed. The policy states access audit log information is retained only for security purposes and shared only with relevant customers in the event of a security incident.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Sourcegraph Cody.