privacy

GitHub Copilot Will Train on Your Code Starting April 24 - Here's How to Opt Out

GitHub's new data policy uses Free, Pro, and Pro+ user interactions to train AI models by default. Your private repo code while using Copilot is fair game unless you disable it.

Code displayed on a dark computer screen

GitHub just announced a major change to how it handles your code: starting April 24, 2026, interaction data from Copilot Free, Pro, and Pro+ users will be used to train AI models by default. If you haven’t explicitly opted out, your code snippets, prompts, and accepted suggestions become training data.

The policy update affects millions of developers who use Copilot’s free and individual tiers. Enterprise and Business users are excluded, as are students and teachers using educational access.

What Data Gets Collected

The scope is broad. According to GitHub’s official FAQ, the following “interaction data” will feed into model training:

  • Code snippets you accept or modify from suggestions
  • Inputs sent to Copilot, including your prompts
  • Code context surrounding your cursor when Copilot activates
  • Comments and documentation you write
  • File names and repository structure
  • Navigation patterns within your codebase
  • Chat conversations with Copilot
  • Feedback signals like thumbs up/down ratings

That’s essentially everything developers feed into Copilot during active use.

The Private Repository Problem

GitHub emphasizes that “private repository content at rest” isn’t used for training. But here’s the catch: the moment you open a file and Copilot activates, that code becomes interaction data.

As one analysis puts it: “There’s a distinction between stored code and working code that should make developers skeptical.”

Even more concerning: Copilot processes local files including .env files that may contain API keys or database credentials. The policy lacks explicit safeguards for credential handling in interaction data.

Corporate IP at Risk

Here’s a scenario GitHub doesn’t address well: if an individual developer contributes to a corporate repository using a personal Copilot Free account, that interaction data could enter the training pipeline even if the company has Enterprise protections.

The Enterprise exemption protects organizational accounts, but not individual developers working on those repos with personal subscriptions.

Developer Reaction

The community response has been overwhelmingly negative. According to The Register, GitHub’s community discussion shows 59 thumbs-down votes versus just 3 positive reactions. Only Martin Woodward, GitHub’s VP of Developer Relations, endorsed the change.

The core complaint: opt-out defaults favor GitHub, not developers. Critics argue that using code for AI training should require explicit consent, not buried settings.

How to Opt Out

If you want to keep your code out of GitHub’s training pipeline, here’s what to do before April 24:

  1. Go to github.com/settings/copilot/features
  2. Under Privacy, disable “Allow GitHub to use my data for AI model training”
  3. Save your settings

If you previously opted out of interaction data collection for product improvements, GitHub says your preference is preserved and you don’t need to take action.

Worth noting: Help Net Security reports that data may still be shared with GitHub affiliates, including Microsoft. The policy explicitly excludes third-party AI providers, but the Microsoft relationship remains intact.

Who’s Exempt

You don’t need to worry about this change if you’re using:

  • Copilot Business
  • Copilot Enterprise
  • Student/Teacher access through GitHub Education

These tiers retain existing contractual protections and won’t have their data used for training.

Alternatives Worth Considering

If this policy change is a dealbreaker, several alternatives offer more privacy-friendly approaches:

Self-hosted options:

  • Tabby - Open-source, self-hosted AI coding assistant with full data control
  • Continue - Supports local models through Ollama

Privacy-focused commercial:

  • Tabnine - Offers local deployment and private cloud hosting options
  • Cody by Sourcegraph - Enterprise self-hosted deployments available

For complete local control, tools built on Ollama with models like CodeLlama or DeepSeek Coder keep all your code on your own machine.

What This Means

GitHub built Copilot on publicly available code from its platform. Now it’s extending that approach to actively used code from paying customers. The justification is straightforward: “real-world data equals smarter models,” as GitHub’s CPO Mario Rodriguez reportedly stated.

But the opt-out default shifts the burden to developers who may not realize their code is being harvested. Given that interaction data includes code from private repositories during active use, the “private repos are safe” messaging feels incomplete at best.

If you use Copilot Free, Pro, or Pro+, check your settings now. April 24 is less than a month away.