Windsurf replaced technical documentation about their Devin AI product with a comprehensive security and data handling disclosure. The previous document described Devin's vulnerability remediation capabilities; the updated document now describes Windsurf's organizational security practices, including encryption, access controls, employee authentication requirements, third-party audits (SOC 2 Type II certification obtained March 2024), and a vulnerability disclosure program. This shift establishes explicit statements about how Windsurf handles data security, operational monitoring, and employee access to production systems.
+11 added
· 26 modified
a7e6dc4f1515…
June 2, 2026
v1
No material change detected
· -170 removed
· 26 modified
bcb9b134abe8…
May 16, 2026
v1low
Windsurf updated its Security & Data Handling policy on May 16, 2026 to disclose two practices involving data exposure. The policy now states that Windsurf uses Raindrop, a third-party service, to view usage analytics and aggregate statistics, and that users not using Zero-data retention mode may have their logs exposed for debugging purposes. Previously, this disclosure was not present in the policy.
+2 added
235c9ffbc1b2…
May 11, 2026
v1
Initial snapshot — monitoring begins
889b76dd82a3…
Diff links and change records available with Monitor
Compare versions side-by-side and access full change records for every document ConductAtlas monitors.