OpenAI acquired the Windsurf editor from Codeium in May 2025 for roughly $3 billion. That ownership change is the single most relevant update for anyone asking whether Windsurf is safe to use in 2026, because the privacy policy and data-handling terms now sit under a different corporate parent than when you last checked.
The short answer: Windsurf is safe to use as a development tool. Your code is sent to servers for AI completions but is not stored or used for training. The catch is the same one that applies to every AI IDE: the code it generates is not production-ready without a security review.
TL;DR
Windsurf sends code to inference servers during completions; Codeium states it is not stored or used for training. The May 2025 OpenAI acquisition changed the corporate owner, so verify you are reading the current privacy policy at windsurf.com, not the archived Codeium terms. Generated code needs a security audit before production: hardcoded secrets, missing auth checks, and insecure defaults are common in AI-written code regardless of which IDE produced it.
What is Windsurf?
Windsurf is an AI-powered IDE originally built by Codeium. Like Cursor, it is a full VS Code fork with integrated completions, multi-file editing ("Cascade"), and an AI chat panel. Codeium launched it in late 2024 as a competitor to Cursor; OpenAI acquired the product in May 2025.
What Changed: The OpenAI Acquisition
In May 2025, OpenAI purchased the Windsurf editor product from Codeium for approximately $3 billion. Codeium retained its VS Code extension business and its enterprise contracts; OpenAI took the Windsurf editor.
What this means for your code privacy:
- Privacy policy: The Codeium privacy policy that governed Windsurf at launch no longer necessarily applies. Check windsurf.com for the current terms before sharing sensitive code.
- Data residency: OpenAI's standard infrastructure is US-based. If you are in the EU and care about GDPR data residency, confirm whether Windsurf now offers EU data processing.
- Enterprise contracts: If you signed a Codeium enterprise agreement before the acquisition, verify with your account team which entity now holds your DPA.
Codeium's VS Code extension is a separate product and was not acquired by OpenAI. If you use the extension rather than the Windsurf IDE, the Codeium privacy policy still applies.
Our Verdict
What's Good
- Code not used for model training (stated policy)
- SOC 2 Type II certified (Codeium; verify post-acquisition)
.codeiumignoreto exclude sensitive files- Enterprise VPC deployment option
- Strong free tier
What to Watch
- Ownership transferred to OpenAI: review current privacy policy
- AI-generated code has frequent security gaps
- All code context sent to cloud servers
- Enterprise contracts need post-acquisition re-confirmation
- EU data residency terms need verification
Privacy and Data Handling
What Windsurf Sends to Servers
When you trigger a completion or send a chat message, Windsurf sends:
- The current file being edited (trimmed to relevant context)
- Related files identified by the IDE's context engine
- Your prompt text
It does not continuously upload your entire codebase. You control context scope via .codeiumignore: add any file containing secrets, PII, or proprietary logic that you never want to leave your machine.
Telemetry Settings
Windsurf collects usage telemetry (feature usage, error reports) separately from code context. You can disable code-telemetry in Settings > Privacy. Basic crash telemetry cannot be fully disabled on the free tier but contains no code content.
Codeium's Historical Privacy Record
Before the acquisition, Codeium maintained:
- No code storage beyond the inference request
- No training on user code
- SOC 2 Type II certification with annual audits
These commitments are cited in the Windsurf marketing materials. Whether they carry forward verbatim under OpenAI ownership is something to confirm in the current terms.
Security of AI-Generated Code
Windsurf's AI produces code with the same reliability ceiling as any LLM. In CheckYourVibe scans of apps built primarily with AI IDEs, the most common issues are:
| Risk | How Often We See It | What to Do |
|---|---|---|
| Hardcoded API keys or secrets | High | Scan before committing; use environment variables |
| Missing authentication on routes | High | Explicitly prompt for auth, then verify |
| SQL injection via string interpolation | Medium | Ask for parameterized queries in the prompt |
| XSS in user-facing output | Medium | Review all output-rendering code |
| Insecure CORS or CSP configuration | Medium | Audit headers in any web-facing project |
AI completions follow the pattern they see in your codebase. If your early code skips auth checks or uses string SQL, the AI will keep doing the same. Set the pattern correctly in early files.
Windsurf vs Cursor vs Copilot
| Aspect | Windsurf | Cursor | Copilot |
|---|---|---|---|
| Parent company (2026) | OpenAI | Anysphere | GitHub/Microsoft |
| Training on user code | No (stated) | Opt-out available | Opt-out/Business tier |
| SOC 2 | Yes (Codeium; verify) | Yes | Business/Enterprise |
.gitignore-style exclusions | .codeiumignore | .cursorignore | Yes |
| Free tier | Yes (generous) | Limited | No (trial only) |
Using Windsurf Safely
- Add a
.codeiumignorethat excludes.env, credential files, and any directory with PII or regulated data. - Review auth in every generated route. AI IDEs frequently scaffold API endpoints without checking who is calling them.
- Scan before deploying. Run a security scan on the finished project, not just on individual files as you write them.
- Re-read the current privacy policy. The acquisition means the document you read a year ago may be outdated.
- For regulated data: Confirm post-acquisition enterprise terms with your account rep before using Windsurf on HIPAA or PCI-scoped code.
Is Windsurf safe to use for production code?
Windsurf is safe to use as a coding tool. Your code is processed on servers for AI completions but is not used for model training. The risk is in what the tool generates, not in the tool itself. AI code routinely skips auth checks, hardcodes secrets, and omits input validation. Run a scan before you ship.
What is Windsurf's privacy policy after the OpenAI acquisition?
OpenAI acquired Windsurf from Codeium in May 2025. The Codeium privacy policy that originally governed Windsurf may no longer be the operative document. Check windsurf.com for current terms. The core commitment (no training on user code) was carried forward in OpenAI's acquisition communications, but verify the specifics in writing if you are processing sensitive data.
Does Windsurf send my code to the cloud?
Yes, code context is sent to inference servers when you trigger completions or chat. It is not a continuous upload of your repo. Add sensitive files to .codeiumignore to keep them out of the context window entirely.
Is Windsurf safe for enterprise code?
Windsurf has SOC 2 Type II coverage and offers enterprise plans with stricter data processing agreements and VPC deployment options. For regulated industries, verify post-acquisition terms and confirm your compliance team accepts the current telemetry profile.
Windsurf IDE security: what does the SOC 2 audit cover?
SOC 2 Type II audits Codeium's security controls, availability, and confidentiality commitments over a 6-12 month period. It covers access controls, encryption in transit and at rest, and data handling procedures. It does not audit the security of code the AI generates. That responsibility is yours.
Built with Windsurf? Scan before you ship.
CheckYourVibe catches hardcoded secrets, missing auth, and insecure configs in AI-generated code.