Is GitHub Copilot safe with your data?
GitHub Copilot
GitHub (Microsoft)
Strong disclosure · medium confidence
GitHub Copilot earns an A (78/100) because it discloses its data practices clearly.
#3
of 211 apps ranked
78
score · Coding avg 47
+31
vs category average
GitHub Copilot trains user inputs by default with opt-out available; Business/Enterprise tiers exclude inputs from training; users own outputs; limited third-party sharing (ads/analytics with opt-out); data deletion within 90 days post-cancellation; minimal security controls disclosed.
What GitHub Copilot's privacy policy and terms of service say about your data
Training Use
Inputs train models by default unless user opts out through account settings; Business/Enterprise tier excluded from foundation-model training entirely
User Rights
Full deletion right (90 days post-cancellation), data portability, access, correction, and objection rights all explicitly listed
Output Ownership
Users own outputs; GitHub does not share with third-party AI providers for their independent training
Transparency Gaps
Security controls described only as 'appropriate' without naming specific measures; no breach notification timeline; AI-log transient retention only disclosed for paid tiers
What the policy is silent or vague on
- Not stated: shorter retention for AI conversation logs
- Not stated: its security safeguards
- Not stated: breach notification
- Only partial: keeping user inputs out of model training
GitHub Copilot privacy rating
Details
- Category
- Coding
- Modalities
- text
- Processes biometrics
- No
- Policy last updated
- 2026-04-27
- Region scored
- Global / US-default
- Last assessed
- 2026-07-08
Documents examined
Other coding apps
Each grade reflects our analysis of what an app states in its public privacy policy and terms as of the assessment date. It measures the transparency of those documents, not the company's actual data practices, security, or compliance. Grades are our opinion, offered for general information. Full disclaimer.