Windsurf · Windsurf Privacy Policy

Security Disclaimer and Risk Allocation

Medium severity
Share 𝕏 Share in Share 🔒 PDF

What it is

Windsurf says it uses security measures but explicitly tells you that data transmission is 'at your own risk' and they cannot guarantee your data will not be stolen or compromised.

Consumer impact (what this means for users)

Windsurf explicitly disclaims responsibility for data breaches or unauthorized access, stating that your data transmission is 'at your own risk,' which may limit your legal recourse if your personal data or code is stolen.

Cross-platform context

See how other platforms handle Security Disclaimer and Risk Allocation and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

The statement that data transmission is 'at your own risk' is a significant liability disclaimer that may affect your ability to hold Windsurf accountable in the event of a data breach.

View original clause language
We have implemented appropriate technical and organizational security measures designed to protect the security of any Personal Information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security, and improperly collect, access, steal, or modify your information. Although we will do our best to protect your Personal Information, transmission of Personal Information to and from our Services is at your own risk. You should only access the Services within a secure environment.

Institutional analysis (Compliance & legal intelligence)

(1) REGULATORY FRAMEWORK: Security obligations are governed by GDPR Article 32 (appropriate technical and organizational measures), CCPA/CPRA §1798.150 (private right of action for data breaches involving unencrypted personal information), FTC Act Section 5 (reasonable security as consumer protection requirement), and applicable state breach notification laws (California Civil Code §1798.82, NY SHIELD Act, Texas Bus. & Com. Code §521.053). The 'at your own risk' language is directly at odds with GDPR Article 32's non-delegable security obligations. (2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    The FTC enforces reasonable security standards under FTC Act Section 5 and has held that security disclaimers do not eliminate a company's obligation to protect consumer data.
    File a complaint →
  • State AG
    State attorneys general enforce breach notification laws and reasonable security requirements under statutes like the California CCPA, NY SHIELD Act, and Texas Bus. & Com. Code §521.
    File a complaint →

Provision details

Document information
Document
Windsurf Privacy Policy
Entity
Windsurf
Document last updated
April 29, 2026
Tracking information
First tracked
April 30, 2026
Last verified
April 30, 2026
Record ID
CA-P-004024
Document ID
CA-D-00486
Evidence Provenance
Source URL
https://codeium.com/privacy-policy
Wayback Machine
View archived versions →
SHA-256
ca691298a1c366388f0a1f48ecc65849f0a7d07d6de5b840c646e62cf6239715
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Windsurf | Document: Windsurf Privacy Policy | Record: CA-P-004024
Captured: 2026-04-30 05:21:09 UTC | SHA-256: ca691298a1c36638…
URL: https://conductatlas.com/platform/windsurf/windsurf-privacy-policy/security-disclaimer-and-risk-allocation/
Accessed: May 2, 2026
Classification
Severity
Medium
Categories
Unknown

Other provisions in this document