Skip to content
Agentic Engineering Primer

Privacy Comparison

Privacy characteristics of major AI coding tools.

Comparison Matrix

Section titled “Comparison Matrix”
ToolOpen SourcePrivacy ModeTrainingRetentionJurisdiction
CursorNoYesOpt-out30d*US
ZedYesYes (BYOK)NeverNoneUS
WindsurfNoYes (ZDR)NeverZeroUS/EU
CopilotNoYesOpt-outVariesUS
Continue.devYes100% localNeverNoneNone
Claude CodeNoEnterpriseON**30d-5yUS
AiderYesBYOKDependsDependsNone

*Non-Business plans
**Consumer accounts since August 2024

Truly Private Options

Section titled “Truly Private Options”

For maximum privacy, use local models:

SetupPrivacyQuality
Continue.dev + OllamaMaximum85-90%
Zed + OllamaMaximum85-90%
OpenCode + OllamaMaximum85-90%

No data leaves your machine. Trade-off: requires capable local hardware (24GB+ VRAM for the best local coding models).

Hidden Gotchas

Section titled “Hidden Gotchas”
ToolGotcha
Cursor30-day retention even with Privacy Mode (non-Business)
Claude CodeTraining ON by default for consumer accounts
AnthropicMust opt-out within 30 days or data used for training
Azure OpenAI30-day abuse monitoring (waivable)

By Use Case

Section titled “By Use Case”

Personal Projects

Section titled “Personal Projects”

Any tool is fine. Enable privacy mode if available.

Client Work (NDA)

Section titled “Client Work (NDA)”
  • Safe: Continue.dev + local, Zed + BYOK
  • Acceptable: Cursor Teams, Windsurf Enterprise
  • Avoid: Claude Code (consumer), any tool with training enabled

Enterprise/Regulated

Section titled “Enterprise/Regulated”
  • Required: Cursor Enterprise, Windsurf Enterprise, or self-hosted
  • Verify: DPA, subprocessors, audit logs, SSO/SCIM

Jurisdiction Notes

Section titled “Jurisdiction Notes”
LocationRisks
USCLOUD Act, FISA 702
EUGenerally stricter protections
ChinaPIPL, data localization requirements

For EU companies: Consider Schrems II implications with US tools.

Next Steps

Section titled “Next Steps”