Skip to content

chore: add shareable section on AI data usage & privacy #2599

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
claudiacodacy wants to merge 2 commits into
base: master
Choose a base branch
from
Open

chore: add shareable section on AI data usage & privacy #2599

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d55bc88
changes suggested by claude
claudiacodacy Feb 27, 2026
627ee50
update on PR comments
claudiacodacy Mar 2, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 29 additions & 9 deletions docs/codacy-ai/codacy-ai.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,30 @@

Codacy AI is a set of optional features integrated into the Software designed to optimise development workflows and elevate code quality standards through automated issue descriptions, actionable recommendations and false-positive detection, is available for the Customer.

Codacy AI utilizes only enterprise-grade instances of OpenAI and Google Gemini services with enhanced security, privacy, and data protection features. Customer Code processed through Codacy AI will not be used by Codacy, OpenAI, or any third-party AI provider for training, improving, or developing artificial intelligence models, machine learning algorithms, or any other automated systems.
For details on how Codacy handles your data when AI features are enabled, see [AI data usage and privacy](#ai-data-usage-and-privacy).

## AI data usage and privacy

This section provides a consolidated overview of how Codacy handles your data when AI features are enabled.

### Model training

Codacy does not use your code, repository contents, or comments to train external AI models. No customer code or review text is incorporated into any model training — this applies to Codacy, OpenAI, Google, Anthropic, or any other third-party AI provider.

Check failure on line 15 in docs/codacy-ai/codacy-ai.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[Microsoft.Dashes] Remove the spaces around ' — '.

Raw Output:
{"message": "[Microsoft.Dashes] Remove the spaces around ' — '.", "location": {"path": "docs/codacy-ai/codacy-ai.md", "range": {"start": {"line": 15, "column": 165}}}, "severity": "ERROR"}

Check failure on line 15 in docs/codacy-ai/codacy-ai.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[Microsoft.Contractions] Use 'doesn't' instead of 'does not'.

Raw Output:
{"message": "[Microsoft.Contractions] Use 'doesn't' instead of 'does not'.", "location": {"path": "docs/codacy-ai/codacy-ai.md", "range": {"start": {"line": 15, "column": 8}}}, "severity": "ERROR"}

### Debug logs

OpenAI and Google retain minimal logs strictly for debugging purposes (e.g., to verify data formatting, delivery, and internal reasoning fields). These logs do not live on Codacy's servers. They:

Check failure on line 19 in docs/codacy-ai/codacy-ai.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[Microsoft.Contractions] Use 'don't' instead of 'do not'.

Raw Output:
{"message": "[Microsoft.Contractions] Use 'don't' instead of 'do not'.", "location": {"path": "docs/codacy-ai/codacy-ai.md", "range": {"start": {"line": 19, "column": 158}}}, "severity": "ERROR"}

Check failure on line 19 in docs/codacy-ai/codacy-ai.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[Microsoft.Foreign] Use 'for example' instead of 'e.g.,'.

Raw Output:
{"message": "[Microsoft.Foreign] Use 'for example' instead of 'e.g.,'.", "location": {"path": "docs/codacy-ai/codacy-ai.md", "range": {"start": {"line": 19, "column": 72}}}, "severity": "ERROR"}

Check warning on line 19 in docs/codacy-ai/codacy-ai.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[Microsoft.Adverbs] Consider removing 'strictly'.

Raw Output:
{"message": "[Microsoft.Adverbs] Consider removing 'strictly'.", "location": {"path": "docs/codacy-ai/codacy-ai.md", "range": {"start": {"line": 19, "column": 39}}}, "severity": "WARNING"}

- Are retained for up to **30 days** when using OpenAI models.
- Are retained for up to **55 days** when using Google Gemini models.
- Follow a low-retention policy and are automatically deleted after the retention period.
- **Do not contain identifiable information** — no repository names, user identifiers, or organization identifiers are stored in these logs.

Check failure on line 24 in docs/codacy-ai/codacy-ai.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[Microsoft.Dashes] Remove the spaces around ' — '.

Raw Output:
{"message": "[Microsoft.Dashes] Remove the spaces around ' — '.", "location": {"path": "docs/codacy-ai/codacy-ai.md", "range": {"start": {"line": 24, "column": 48}}}, "severity": "ERROR"}

### AI providers

Codacy AI uses enterprise-grade instances of [OpenAI](https://openai.com/policies/api-data-usage-policies) and [Google Gemini](https://cloud.google.com/gemini/docs/discover/data-governance) with enhanced security, privacy, and data protection features. Please refer to each provider's data governance documentation for further detail.

If you have additional questions or compliance requirements, contact us at <support@codacy.com>.

## AI Features

Expand Down Expand Up @@ -32,8 +55,7 @@

**Data usage and privacy**

- To generate an AI-enhanced comment, Codacy only processes the specific issue context: the issue line plus up to ten lines before and ten lines after that line. No additional repository data is sent or used.
- Codacy does not use your code, repository contents, or comments to train external AI models. No customer code or review text is incorporated into model training.
To generate an AI-enhanced comment, Codacy only processes the specific issue context: the issue line plus up to ten lines before and ten lines after that line. No additional repository data is sent or used. For full details on data handling, see [AI data usage and privacy](#ai-data-usage-and-privacy).

### Smart False Positive Triage

Expand All @@ -55,9 +77,8 @@

**Notes**

- Codacy does not use your code, repository contents, or comments to train external AI models. No customer code or review text is incorporated into model training.
- To detect a Possible False Positive, Codacy only processes the specific issue context: one request per file with issues. No additional repository data is sent or used.
- Prompts are neither stored nor visible by anyone
- To detect a possible false positive, Codacy only processes the specific issue context: one request per file with issues. No additional repository data is sent or used.
- For full details on data handling, see [AI data usage and privacy](#ai-data-usage-and-privacy).

<div id="pr-reviewer"></div>

Expand Down Expand Up @@ -114,6 +135,5 @@

**Notes**

- Codacy does not use your code, repository contents, or comments to train external AI models. No customer code or review text is incorporated into model training.
- To enrich the review, the git diff of the Pull Request as well as some related files' contents can be sent as context. No data is stored on our side, or used to train any models.
- Prompts are neither stored nor visible by anyone
- To enrich the review, the git diff of the pull request as well as some related files' contents can be sent as context.
- For full details on data handling, see [AI data usage and privacy](#ai-data-usage-and-privacy).
Loading