Do AI coding tools expose my private code?

Updated
Short answer

Depends on the tool's data-retention policy. Cursor, GitHub Copilot (Business tier), and Claude Code with enterprise settings don't train on your code. Consumer tiers of some tools might. Check each vendor's data policy; prefer vendors with explicit 'zero-data-retention' enterprise endpoints.

Vendor-by-vendor data-retention landscape in 2026:

**Cursor** - Default: code used for completion, not retained for training - Privacy Mode: stricter non-retention

**GitHub Copilot** - Individual: some telemetry + training opt-out available - Business / Enterprise: content exclusions, no training on your code

**Claude Code / Anthropic API** - Zero-data-retention endpoint available on Enterprise + Team tiers - Consumer tier: may be used to improve service

**OpenAI Codex / GPT APIs** - API by default: not used for training (changed 2023)

**Lovable / Bolt / v0 / Replit** - Varies by tier — read each vendor's policy - Some use code for feature training at free tier

Actionable: 1. For any code you wouldn't paste in a public GitHub repo, use only vendors with enterprise zero-data-retention 2. Exclude sensitive data (PII, customer credentials) via `.cursorignore` / `.gitignore` / vendor-specific mechanisms 3. Keep an inventory of every AI vendor you use + the data-retention terms of each

People also ask

Is AI-generated code safe?
No — 45-62% of AI-generated code contains at least one security bug when the prompt is security-neutral. With explicit s
Can ChatGPT hack my app?
ChatGPT itself won't autonomously hack you, but an attacker using ChatGPT can. LLMs lower the skill floor for attack res