BBAA Atlas

Does Codeium / Windsurf train on your data?

Codeium · AI coding assistant · official site ↗

Depends on your planZDR / DPA on enterpriseOpt-out available
Does Codeium / Windsurf train its models on your data?
It depends — Codeium / Windsurf trains on consumer/free-tier data by default but excludes business, enterprise and API tiers.
Code submitted by zero-data-retention users is never trained on. ZDR is the default for Teams/Enterprise, while individual users opt in from their profile; non-ZDR individual usage can have code-containing logs stored.
Can you opt out?
Individual users opt in to zero-data-retention mode from their profile page; Teams and Enterprise have ZDR on by default. On Free/Pro you can also disable telemetry under Settings. Enterprise admins get explicit 'train on customer code' controls and data-residency (US/EU) selection that lower tiers don't expose.
Zero retention / DPA
Zero-data-retention mode guarantees code or code-derived data is never serialized or stored in plaintext on Codeium's servers or subprocessors, and ZDR users' code is never trained on. ZDR is default for Teams/Enterprise and opt-in for individuals. HIPAA BAAs are offered for significant implementations.
What the listicles get wrong
The nuance content farms miss: 'never trains on your code' is precisely scoped to zero-data-retention mode. ZDR is default only for Teams/Enterprise — individuals must enable it, and without it code-bearing logs can persist. Granular 'train on customer code' / data-residency controls are exposed only on Enterprise.

Verdict by plan tier

Individual (Free / Pro)Trains unless you opt outZDR is opt-in from the profile page; without it, logs containing code snippets may be stored, so enable ZDR (and disable telemetry) to guarantee no training.
Teams / EnterpriseNo trainingZero-data-retention mode is on by default, so submitted code is never serialized, stored in plaintext, or trained on; admins control a 'train on customer code' toggle.
Last verified 2026-06-01confidence: medium· Terms change — confirm directly with Codeium before sending confidential data.

Get notified when this changes

We track Codeium / Windsurf's data-training and retention policy. Leave your email and we'll send one note if it changes.

One email per change. No newsletter, no selling your address.

Frequently asked questions

Does Codeium / Windsurf train its AI models on my data?
It depends — Codeium / Windsurf trains on consumer/free-tier data by default but excludes business, enterprise and API tiers. Code submitted by zero-data-retention users is never trained on. ZDR is the default for Teams/Enterprise, while individual users opt in from their profile; non-ZDR individual usage can have code-containing logs stored.
Can I opt out of Codeium / Windsurf training on my data?
Individual users opt in to zero-data-retention mode from their profile page; Teams and Enterprise have ZDR on by default. On Free/Pro you can also disable telemetry under Settings. Enterprise admins get explicit 'train on customer code' controls and data-residency (US/EU) selection that lower tiers don't expose.
Does Codeium / Windsurf offer zero data retention (ZDR) or a DPA?
Zero-data-retention mode guarantees code or code-derived data is never serialized or stored in plaintext on Codeium's servers or subprocessors, and ZDR users' code is never trained on. ZDR is default for Teams/Enterprise and opt-in for individuals. HIPAA BAAs are offered for significant implementations.
Is Codeium / Windsurf safe to use with confidential or proprietary data?
It depends on your plan tier. Individual (Free / Pro): ZDR is opt-in from the profile page; without it, logs containing code snippets may be stored, so enable ZDR (and disable telemetry) to guarantee no training. Teams / Enterprise: Zero-data-retention mode is on by default, so submitted code is never serialized, stored in plaintext, or trained on; admins control a 'train on customer code' toggle. Always confirm current terms with Codeium before sending confidential data — this is cited public information, not legal advice.

Sources

Windsurf Security
https://windsurf.com/security
Supports: Code data submitted by zero-data-retention-mode users will never be trained on; ZDR guarantees code is never serialized or stored in plaintext on servers/subprocessors; ZDR is default for Teams/Enterprise and opt-in for individuals.dated: 2025-03-11
Codeium Security & Privacy
https://codeium.com/security
Supports: Codeium does not use customer code for model training under its standard policy; completions and interactions are processed and discarded, with stronger contractual ZDR guarantees on enterprise plans.dated: 2026-06-01
This page is cited public information, not legal or compliance advice. Whether Codeium / Windsurf trains on your data, and any zero-retention or DPA option, can depend on your specific plan, region and contract. Always confirm current terms with Codeium before sending confidential or proprietary data.

Check another AI tool

Amazon Q DeveloperDepends on your planReplit AIDepends on your planSourcegraph CodyDoesn’t train on your dataTabnineDoesn’t train on your dataAdobe FireflyDoesn’t train on your dataCanva (Magic Studio)Depends on your plan

Browse all 34 AI tools →