Do AI coding tools expose my private code?

Short answer

Depends on the tool's data-retention policy. Cursor, GitHub Copilot (Business tier), and Claude Code with enterprise settings don't train on your code. Consumer tiers of some tools might. Check each vendor's data policy; prefer vendors with explicit 'zero-data-retention' enterprise endpoints.

Vendor-by-vendor data-retention landscape in 2026:

**Cursor** - Default: code used for completion, not retained for training - Privacy Mode: stricter non-retention - Enterprise: SOC 2 Type 2, BAA available

**GitHub Copilot** - Individual: some telemetry + training opt-out available - Business / Enterprise: content exclusions, no training on your code - Enterprise: SOC 2, ISO, HIPAA-eligible

**Claude Code / Anthropic API** - Zero-data-retention endpoint available on Enterprise + Team tiers - Consumer tier: may be used to improve service

**OpenAI Codex / GPT APIs** - API by default: not used for training (changed 2023) - Enterprise: additional SOC 2 + BAA options

**Lovable / Bolt / v0 / Replit** - Varies by tier — read each vendor's policy - Some use code for feature training at free tier

Actionable: 1. For any code you wouldn't paste in a public GitHub repo, use only vendors with enterprise zero-data-retention 2. Exclude regulated data (PHI, PII, customer credentials) via `.cursorignore` / `.gitignore` / vendor-specific mechanisms 3. Publish your own AI Bill of Materials listing every AI vendor you use + your contract with each

People also ask

Is AI-generated code safe?
No — 45-62% of AI-generated code contains at least one security bug when the prompt is security-neutral. With explicit s
Can ChatGPT hack my app?
ChatGPT itself won't autonomously hack you, but an attacker using ChatGPT can. LLMs lower the skill floor for attack res