Does AI train on your code? What each tool does with your repo
Jul 15, 2026 · 9 min read · By Maya Cohen, Engineering
Whether an AI coding tool trains on your code depends almost entirely on which tier you bought, not which vendor you bought from. As of July 2026, the same company will often train on a free user's interactions and contractually promise not to touch an enterprise customer's. GitHub may use Copilot Free, Pro and Pro+ interactions unless you opt out, while Business and Enterprise are excluded. AWS may use Amazon Q free-tier content for model training, but states it does not use Q Developer Pro content. Cursor keeps your code out of training only when Privacy Mode is switched on.
That pattern is the thing to internalize. "Does vendor X train on my code?" is the wrong question, because it has no single answer. The right question is "does the specific plan I am about to put on a corporate card train on my code, and is the setting on by default?"
Where each tool stands, July 2026
Every line below comes from the vendor's own documentation, read in July 2026. This is a category that changes with a changelog entry and no announcement, so confirm on the vendor's page before you sign anything.
| Tool | Trains on your code? | The detail that matters |
|---|---|---|
| GitHub Copilot | Depends on tier | Free, Pro and Pro+ interactions may be used unless you opt out. Business and Enterprise are excluded. |
| Cursor | Only if you leave Privacy Mode off | With Privacy Mode enabled, Cursor guarantees code is not used for training by them or their model providers. It is a setting, so someone has to set it. |
| Amazon Q Developer | Depends on tier | Free-tier content may be used for service improvement including model training, with an opt-out through AWS Organizations policy or IDE settings. AWS states it does not use Q Developer Pro content. |
| Claude Code | No, on Team and Enterprise | Anthropic states no model training on your content by default for Team and Enterprise. The consumer-tier default is not stated on the pricing page. |
| Tabnine | No | Advertises zero code retention: no storage, no training on your code, no sharing with third parties. |
| Aider | Not by Aider | Aider is a local open-source tool with no cloud service. Your exposure is whatever your chosen model provider does, so the question moves to them. |
| Replit | Public Repls only | Uses only public Repls for analytics and AI training, anonymized with PII removed. Private code imported from GitHub needs a paid plan to stay private. |
| Agentcode | No | We do not train on your code on any plan. |
Why the free tier is the leak
The uncomfortable part of that table is that the risk usually walks in through the free tier, not through procurement. Security review happens when a team buys something. It does not happen when one engineer installs a free extension on a Tuesday to try it out, and that is precisely the tier where training defaults are most likely to be on.
So the practical exposure in most companies is not the tool the CTO signed off on. It is the four free accounts nobody knows about, pointed at the same private repo, on plans whose terms permit training unless somebody found the checkbox. If you are trying to work out what your company actually uses, start there rather than with the contracts.
Training is not the only question worth asking
Teams fixate on training because it sounds like the scariest outcome: my code, in someone else's model, forever. It is a real concern. But in day-to-day terms it is often the less consequential of the two questions you should be asking.
The other one is what the tool is allowed to do without a human. An agent that opens a pull request and stops is a fundamentally smaller risk than one permitted to merge, because review remains a real gate rather than a policy written down somewhere. Retention terms tell you what happens to your code after the fact. Permissions tell you what can happen to your main branch tonight. Both belong in the same review, and only one of them usually gets there.
Questions to ask before you buy
- Which tier are we actually buying, and what does that tier say? Not the vendor's headline privacy page. The terms attached to the plan on the invoice.
- Is the protective setting on by default, or does someone have to enable it? Cursor's Privacy Mode and the Amazon Q opt-out both require an action. Defaults are the only policy most people ever experience.
- What happens on the free tier? Assume some engineers are on it, because they usually are.
- Can the tool merge, or only propose? This is the question with same-day consequences.
- If the tool is local, whose model is it calling? A local CLI moves the question to your model provider; it does not remove it.
Teams with a real compliance obligation, rather than a general preference for privacy, usually need this written down rather than remembered: which vendor commitment covers which requirement, at which tier, and what happens when the vendor changes it. That is ordinary obligation and control tracking, and it is worth doing properly before an auditor asks, because "we think the paid plan does not train" is not an answer that survives contact with one.
What we do
Agentcode does not train on your code, on any plan. There is no tier where that changes and no setting you have to find. The agent connects to your GitHub or GitLab repo, works the task, runs your tests, and opens a pull request. It cannot merge. That last part is a design decision rather than a default: review is the point, so removing it was never on the table.
If you want the wider picture on which tools fit which job, including the ones that beat us at specific things, read the best AI for coding guide. If your concern is the quality of what the agent writes rather than what happens to your repo, is AI generated code safe for production covers that side, and the enterprise requirements page collects what procurement usually asks for.