This analysis describes what Windsurf's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The provision establishes an operational framework where model selection occurs at the system level rather than per-request, enabling Windsurf to allocate processing tasks to OpenAI infrastructure based on internal routing logic while limiting data persistence through contractual safeguards with the subprocessor.
The updated document establishes explicit commitments about how Windsurf protects data and manages security. The terms state that all data transmission is encrypted in transit and at rest, that access to production systems is restricted to a small number of employees or contractors based on business roles, and that production systems are monitored via logging, error handling, and monitoring dashboards. The document discloses that Windsurf obtained SOC 2 Type II certification as of March 2024 and that all employees and contractors are required to use multi-factor authentication and receive annual security training. These disclosures describe organizational practices rather than establishing new user-facing rights or obligations.
View change record →Users operating under standard settings may have requests processed through OpenAI models without explicit per-request confirmation, though the terms establish that data is not retained by OpenAI. Organizations with enterprise administration access can opt out of OpenAI model usage entirely through administrative controls.
How other platforms handle this
By submitting or posting User Content on or through the Services, you grant us a worldwide, non-exclusive, royalty-free license (with the right to sublicense) to use, copy, reproduce, process, adapt, modify, publish, transmit, display and distribute such User Content in any and all media or distribu...
By making any User Content available to Calm, you hereby grant to Calm a non-exclusive, transferable, sublicensable, worldwide, royalty-free, license to use, store, publish, translate, reproduce, adapt, copy, modify, create derivative works based upon, publicly display, publicly perform, and distrib...
By submitting User Material you hereby grant Headspace an irrevocable, perpetual, non-exclusive, royalty free, worldwide license to use, telecast, copy, perform, display, edit, distribute and otherwise exploit the User Material you post on the Products, or any portion thereof, and any ideas, concept...
Monitoring
Windsurf has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We offer the optionality of using OpenAI's models for various AI requests. We may leverage OpenAI models independent of user selection for processing other tasks (e.g. for summarization). We have a zero data retention agreement with OpenAI. Enterprise administrators can disable use of OpenAI models for their organization.— Excerpt from Windsurf's Windsurf Security & Data Handling
We read the privacy policies and terms of service of 38 AI platforms. Here is what they say about training, retention, arbitration, and liability.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The provision establishes an operational framework where model selection occurs at the system level rather than per-request, enabling Windsurf to allocate processing tasks to OpenAI infrastructure based on internal routing logic while limiting data persistence through contractual safeguards with the subprocessor.
Users operating under standard settings may have requests processed through OpenAI models without explicit per-request confirmation, though the terms establish that data is not retained by OpenAI. Organizations with enterprise administration access can opt out of OpenAI model usage entirely through administrative controls.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Windsurf.