Security and Privacy | Windsurf Editor and Codeium extensions

You control your data.

✅ You can opt out of code snippet telemetry at any time.
✅ All communication is encrypted.

Our Security and Privacy

Code is every software engineer's most important Intellectual Property, so we know AI code acceleration must be secure and private. We at Codeium are committed to securing user information and being transparent in the identity and usage of collected data.

Without legal-ese, what does this mean specifically?

All data is protected at rest by major cloud providers and encrypted in transit via SSL to prevent any third party from gaining access to your data during execution. Any paid user automatically has zero data retention enabled, even with any third party APIs used. Enterprise customers have the option of self-hosted deployments, which means Codeium never gets access to any data in the first place.

Codeium collects registration information such as name, email, and time of sign up solely to prevent abuse of the Codeium system by using this information to verify a Codeium extension installation. Codeium does not share or sell this data to any other party, or use this data for any other purpose.

Codeium collects telemetry data such as latency, engagement with features, and suggestion acceptance information. This data is only used to surface usage statistics to the user, detect abuse of the system, evaluate Codeium's impact, and in conjunction with code snippet data, improve the quality of the service. Your data is not shared with, sold to, or used by any other party, company, or product.

Codeium collects code snippet data to be used only for directly improving the functionality, usability, and quality of Codeium (only on Individual Plan). This data can only be directly accessed in extreme cases by authorized members of the Codeium team (2FA) for support requests, and similar to telemetry data, this data is not shared with, sold to, or used by any other party, company, or product. Research has shown that AI codegen rarely regurgitates training data due to user codebase specific stylistic conventions, and anecdotally, exact matching occurs only when there are near-universal implementations or where there is not enough context to derive stylistic effects from. That being said, Codeium does provide users with the option to opt out from allowing Codeium to store (and therefore use) their code snippet data post-inference. We will never train generative models on private data.

For any paying user, Codeium maintains zero data retention on all code snippet data unless explicitly opting in for capabilities such as remote indexing or Forge. For hybrid and self-hosted enterprise customers, we do not retain any code snippet data.

Codeium is proudly SOC2 Type II compliant, making it the leader in AI developer tool privacy and security.

We are committed to announcing any changes to these practices and policies in our Discord Community before enacting said changes.