7 min readAI Dev Review
How to evaluate AI coding tool privacy claims
Every vendor says they don't train on your code. Some are telling the truth. Here's how to tell.
SecurityPrivacy
'We don't train on your code' is table stakes marketing. What actually matters is the contractual and technical layers underneath, and most privacy pages hide the details you need.
Questions worth answering
- Where is inference performed and by which sub-processors?
- How long is prompt and completion data retained, and can retention be set to zero?
- Is there a signed DPA available on the plan you're on, not just the enterprise tier?
- Are model providers isolated per tenant or shared?
Red flags
Vague 'we care about your privacy' copy with no data-flow diagram. Retention buried in a sub-processor's terms. Zero-retention available only on a call with sales.
Green flags
Public SOC 2 or ISO 27001 report. Explicit sub-processor list. Configurable retention on every plan.
Comments
0 repliesJoin the conversation
Sign in to leave a comment on "How to evaluate AI coding tool privacy claims".
Loading comments…