Windsurf · Windsurf Privacy Policy

AI Model Training Using Prompts and Outputs

High severity
Share 𝕏 Share in Share 🔒 PDF

What it is

Windsurf uses everything you type into the AI coding assistant — your questions, code snippets, and the AI's responses — to train and improve its AI models.

Consumer impact (what this means for users)

Your AI prompts and the code outputs generated in response are used by Windsurf to train its AI models, meaning sensitive or proprietary code you type into the tool may be retained and used for this purpose.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Email privacy@windsurf.com to request deletion of your personal data including Prompts and Outputs Information. Specify in your email that you are requesting deletion under applicable privacy law (GDPR, CCPA, or your state law).

Cross-platform context

See how other platforms handle AI Model Training Using Prompts and Outputs and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Users may not realize that the code, questions, or sensitive information they submit to the AI tool is being used to train Windsurf's AI models, which could expose proprietary or confidential information.

View original clause language
To train, develop, and improve the artificial intelligence, machine learning, and models that we use to support our Services. We may use your Log and Usage Information and Prompts and Outputs Information for this purpose.

Institutional analysis (Compliance & legal intelligence)

(1) REGULATORY FRAMEWORK: This provision implicates GDPR Article 6(1)(f) (legitimate interests as legal basis for training), Article 13 (transparency obligation to disclose training use at point of collection), and the emerging EU AI Act transparency requirements for general-purpose AI model providers. For California users, CCPA/CPRA §1798.100 and §1798.121 require disclosure of this use and may require an opt-out if deemed a 'sale' or 'sharing' for cross-context behavioral advertising. The FTC Act Section 5 is engaged if the training use is not adequately disclosed. Enforced by relevant EEA DPAs, ICO, CPPA, and FTC. (2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    The FTC has jurisdiction over unfair or deceptive practices related to AI data collection and training use disclosures under FTC Act Section 5.
    File a complaint →

Provision details

Document information
Document
Windsurf Privacy Policy
Entity
Windsurf
Document last updated
April 29, 2026
Tracking information
First tracked
April 30, 2026
Last verified
April 30, 2026
Record ID
CA-P-004016
Document ID
CA-D-00486
Evidence Provenance
Source URL
https://codeium.com/privacy-policy
Wayback Machine
View archived versions →
SHA-256
ca691298a1c366388f0a1f48ecc65849f0a7d07d6de5b840c646e62cf6239715
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Windsurf | Document: Windsurf Privacy Policy | Record: CA-P-004016
Captured: 2026-04-30 05:21:09 UTC | SHA-256: ca691298a1c36638…
URL: https://conductatlas.com/platform/windsurf/windsurf-privacy-policy/ai-model-training-using-prompts-and-outputs/
Accessed: May 2, 2026
Classification
Severity
High
Categories
Unknown

Other provisions in this document