Windsurf · Windsurf Privacy Policy

User Privacy Rights (US States and EU/UK)

Medium severity
Share 𝕏 Share in Share 🔒 PDF

What it is

Depending on where you live, you may have rights to access, correct, delete, or opt out of certain uses of your personal data — but only if you are in the EU, UK, California, or certain other US states.

Consumer impact (what this means for users)

If you are in the EU, UK, California, or a state with a comprehensive privacy law, you can request access to, correction of, or deletion of your personal data held by Windsurf by contacting privacy@windsurf.com.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Email privacy@windsurf.com to request access to, correction of, or deletion of your personal data. In your email, specify your jurisdiction (e.g., California, EU) and the specific right you are exercising. Windsurf must respond within 45 days (US state laws) or one month (GDPR).
  • Export Your Data
    To request a copy of all personal data Windsurf holds about you, email privacy@windsurf.com and reference your right to data portability under GDPR Article 20 or applicable US state law. Specify that you want data in a machine-readable format.

Cross-platform context

See how other platforms handle User Privacy Rights (US States and EU/UK) and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Users in qualifying jurisdictions have enforceable rights over their personal data, but users in states without comprehensive privacy laws may have no rights at all under this policy.

View original clause language
In some regions (like the U.S., the EEA, Switzerland and the UK), you have certain rights under applicable data protection laws. Your U.S. State Privacy Rights. Some U.S. states provide consumers certain rights regarding

Institutional analysis (Compliance & legal intelligence)

(1) REGULATORY FRAMEWORK: This provision engages GDPR Articles 15-22 (access, rectification, erasure, restriction, portability, objection rights), UK GDPR equivalent provisions, CCPA/CPRA §1798.100-1798.125 (California), Virginia CDPA §59.1-577, Colorado CPA §6-1-1306, Connecticut CTDPA §42-515b, and Texas TDPSA Chapter 541. Each state law has distinct opt-out and response timeline requirements (45 days under most US state laws; one month under GDPR with possible 60-day extension). (2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • State AG
    State attorneys general in California, Virginia, Colorado, Connecticut, and Texas have enforcement authority over state comprehensive privacy laws that grant users rights over their personal data.
    File a complaint →

Provision details

Document information
Document
Windsurf Privacy Policy
Entity
Windsurf
Document last updated
April 29, 2026
Tracking information
First tracked
April 30, 2026
Last verified
April 30, 2026
Record ID
CA-P-004022
Document ID
CA-D-00486
Evidence Provenance
Source URL
https://codeium.com/privacy-policy
Wayback Machine
View archived versions →
SHA-256
ca691298a1c366388f0a1f48ecc65849f0a7d07d6de5b840c646e62cf6239715
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Windsurf | Document: Windsurf Privacy Policy | Record: CA-P-004022
Captured: 2026-04-30 05:21:09 UTC | SHA-256: ca691298a1c36638…
URL: https://conductatlas.com/platform/windsurf/windsurf-privacy-policy/user-privacy-rights-us-states-and-euuk/
Accessed: May 2, 2026
Classification
Severity
Medium
Categories
Unknown

Other provisions in this document