Quick Security Checklist
Before using any AI coding tool with real code, complete this checklist.
Before You Start
Section titled “Before You Start”- Enable privacy/ghost mode if available
- Create exclusion rules for sensitive files
- Disable telemetry where possible
- Use unique API keys (not production keys)
- Review privacy policy for training/retention
- Verify jurisdiction is acceptable
File Exclusions
Section titled “File Exclusions”Create .cursorignore, .aiderignore, or equivalent:
# Secrets.env**.pem*.keysecrets/credentials/
# Client codeclients/*/
# Sensitive datadata/production/Tool-Specific Settings
Section titled “Tool-Specific Settings”Cursor
Section titled “Cursor”- Settings → Privacy Mode → Enable
- Create
.cursorignorefile - Settings → Telemetry → Disable
- Use BYOK (your own API keys)
- Settings → Telemetry → Opt-out
Continue.dev
Section titled “Continue.dev”- Use local models (Ollama)
- No cloud = no data leaves machine
Claude Code
Section titled “Claude Code”- Enterprise plan for privacy mode
- Consumer plans have training ON by default
Red Flags
Section titled “Red Flags”| Warning Sign | Risk |
|---|---|
| No privacy policy | Unknown data handling |
| Training “enabled by default” | Your code used for training |
| No exclusion mechanism | Can’t protect sensitive files |
| China jurisdiction | Different legal protections |
Quick Privacy Ranking
Section titled “Quick Privacy Ranking”| Tool | Privacy Level |
|---|---|
| Continue.dev + Ollama | Maximum (local) |
| Zed + BYOK | High (your API terms) |
| Cursor Teams | High (zero retention) |
| Cursor Pro | Medium (30-day retention) |
| Claude Code (consumer) | Low (training ON) |
Next Steps
Section titled “Next Steps”- Privacy Comparison — detailed tool comparison
- Privacy Deep Dive — technical details