What is the severity of this clause?

ConductAtlas classifies this Internal Analytics Access to Retained User Logs clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Internal Analytics Access to Retained User Logs — Windsurf

Share 𝕏 Share in Share 🔒 PDF

Monitor governance changes for Windsurf Create a free account to receive the weekly governance digest and monitor one platform for governance changes.

Create free account No credit card required.

ⓘ

This analysis describes what Windsurf's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

The clause establishes that log data and code content are accessible to internal teams and third-party analytics vendors for operational debugging and analytical purposes as a standard data handling practice, with the exception contingent on user election of a specific retention setting.

Consumer impact (what this means for users)

Users whose accounts do not have zero-data retention mode enabled authorize Windsurf to retain and expose their logs and code data to internal dashboarding tools and team members for analytics and debugging purposes. Users who elect zero-data retention mode are excepted from this authorization.

Cross-platform context

See how other platforms handle Internal Analytics Access to Retained User Logs and similar clauses.

Compare across platforms →

Monitoring

Windsurf has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

▸ View Original Clause Language DOCUMENT RECORD

"
Retool (May see code data if not on zero-data retention): We use Retool for dashboards to view usage analytics and aggregate statistics. We may expose logs of data for debugging purposes from users that are not using Zero-data retention mode. Metabase (May see code data if not on zero-data retention): We use Metabase for dashboards to view usage analytics and aggregate statistics. We may expose logs of data for debugging purposes from users that are not using Zero-data retention mode. Tableau (May see code data if not on zero-data retention): We use Tableau for dashboards to view usage analytics and aggregate statistics. We may expose logs of data for debugging purposes from users that are not using Zero-data retention mode. Slack (Sees no code data): We use Slack for internal communications. We may discuss logs of data for debugging purposes from users that are not using Zero-data retention mode.

— Excerpt from Windsurf's Windsurf Security & Data Handling

Provision details

Document information

Document

Windsurf Security & Data Handling

Entity

Windsurf

Document last updated

May 11, 2026

Tracking information

First tracked

May 11, 2026

Last verified

May 12, 2026

Record ID

CA-P-010667

Document ID

CA-D-00783

Evidence Provenance

Source URL

https://windsurf.com/security

Wayback Machine

View archived versions →

Content hash (SHA-256)

712fafa072f4ddaa82cb418bf6718dcc9783559af0681efa6fe16d44b530e852

Analysis generated

May 11, 2026 12:52 UTC

Methodology

summarize_document-v8

Evidence

✓ Snapshot stored ✓ Hash verified

Citation Record

Entity: Windsurf
Document: Windsurf Security & Data Handling
Record ID: CA-P-010667
Captured: 2026-05-11 12:52:11 UTC
SHA-256: 712fafa072f4ddaa…
URL: https://conductatlas.com/platform/windsurf/windsurf-security-data-handling/internal-analytics-access-to-retained-user-logs/
Accessed: May 20, 2026

Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.

Classification

Severity

Medium

Other risks in this policy

Individual User Zero-Data Retention Opt-In medium
AI Model Use Independent of User Selection medium
Bing API Lacks Zero-Data Retention Agreement medium
Internal Tool Access to Code Logs Without Zero-Data Retention medium
Code Ownership and Attribution Filtering medium
HIPAA Compliance and Business Associate Agreement Availability medium

Professional Governance Intelligence

Need to monitor specific governance provisions?

Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies

Start Professional free trial

Or start with Watcher →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Windsurf's Internal Analytics Access to Retained User Logs clause do?

How does this clause affect you?

Is ConductAtlas affiliated with Windsurf?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Windsurf.