Sourcegraph states it does not intentionally collect sensitive categories of personal data such as health, biometric, or racial information, and that submitting such data violates the terms of service.
This analysis describes what Sourcegraph Cody's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes a policy-level commitment not to collect sensitive data categories, but the qualifier 'intentionally' means that if such data is inadvertently submitted through code repositories or prompts, the policy does not guarantee it will not be processed.
Interpretive note: The 'not intentionally' qualifier creates ambiguity regarding whether inadvertent collection of sensitive data through AI prompts or repository content triggers the same protections, which may vary by jurisdiction.
Sourcegraph states it does not intentionally collect sensitive personal data, but users who submit code or prompts containing embedded sensitive data (such as health records or biometric identifiers) should be aware that the 'not intentionally' qualifier means inadvertent processing is not explicitly excluded.
How other platforms handle this
We may display advertisements on our Services and those advertisements may be targeted to your interests based on your personal information. We may share your personal information with advertising partners for interest-based advertising purposes. You may opt out of interest-based advertising by visi...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Monitoring
Sourcegraph Cody has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Sourcegraph does not intentionally collect 'Sensitive Personal Information,' such as personal data revealing racial, ethnicity, political and religious beliefs, trade union membership, or genetic, biometric, health, or sexual data. Providing Sensitive Personal Information violates our Terms of Use.— Excerpt from Sourcegraph Cody's Sourcegraph Privacy Policy
1) REGULATORY LANDSCAPE: Sensitive personal data categories are subject to heightened protection under GDPR Article 9, which generally requires explicit consent or a specific exemption for processing. CCPA and CPRA also impose additional obligations for sensitive personal information categories. If sensitive data is submitted inadvertently through code prompts or repositories, Sourcegraph's processing of such data may require evaluation under these frameworks regardless of intent. 2) GOVERNANCE EXPOSURE: Medium. The 'not intentionally' qualifier means that inadvertent sensitive data collection through AI coding prompts or repository content is not contractually excluded. Organizations in healthcare, financial services, or other regulated sectors should assess whether their developers may inadvertently include sensitive data in prompts or connected repositories. 3) JURISDICTION FLAGS: EU/EEA users benefit from GDPR Article 9 protections for special categories of data. Illinois BIPA may apply if biometric data is inadvertently processed. HIPAA may be implicated for US healthcare organizations if protected health information is included in code prompts. 4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers in regulated industries should include contractual prohibitions on sensitive data submission in their acceptable use policies for Sourcegraph deployments, and should consider data loss prevention controls to prevent inadvertent submission of sensitive data. 5) COMPLIANCE CONSIDERATIONS: Legal teams should confirm that employee training and technical controls are in place to prevent inadvertent submission of sensitive personal data through Sourcegraph's AI coding features.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes a policy-level commitment not to collect sensitive data categories, but the qualifier 'intentionally' means that if such data is inadvertently submitted through code repositories or prompts, the policy does not guarantee it will not be processed.
Sourcegraph states it does not intentionally collect sensitive personal data, but users who submit code or prompts containing embedded sensitive data (such as health records or biometric identifiers) should be aware that the 'not intentionally' qualifier means inadvertent processing is not explicitly excluded.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Sourcegraph Cody.