I'm having a hard time determining if my private repo code is used for training their models. The GitHub Copilot VS Code Extension states:
> Your code is yours. We follow responsible practices in accordance with our Privacy Statement to ensure that your code snippets will not be used as suggested code for other users of GitHub Copilot.
IIRC, I think this statement gave me the initial reassurance I needed to use Copilot many months ago, however I feel like this could be deceptively reassuring. Does it mean they can use my code for training and suggestions to other users after changing the variable names?
I tried to dig deeper. The section on "Private repositories" in their Privacy Policy [1] says: "GitHub personnel does not access private repository information without your consent", with exceptions for security, customer support, and legal obligations. Again, this feels deceptively reassuring, since GitHub personnel and GitHub's AI services are separate entities.
In their Privacy Policy, "Code" falls under the definition of "Personal Data" (User Content and Files) [2], and they go on to list lots of broad ways the data can be used and shared.
Unless I've missed anything, and as other commenters have said much more succinctly, I have to assume that there's a real possibility that my private repo code is used to train their models.
> Your code is yours. We follow responsible practices in accordance with our Privacy Statement to ensure that your code snippets will not be used as suggested code for other users of GitHub Copilot.
IIRC, I think this statement gave me the initial reassurance I needed to use Copilot many months ago, however I feel like this could be deceptively reassuring. Does it mean they can use my code for training and suggestions to other users after changing the variable names?
I tried to dig deeper. The section on "Private repositories" in their Privacy Policy [1] says: "GitHub personnel does not access private repository information without your consent", with exceptions for security, customer support, and legal obligations. Again, this feels deceptively reassuring, since GitHub personnel and GitHub's AI services are separate entities.
In their Privacy Policy, "Code" falls under the definition of "Personal Data" (User Content and Files) [2], and they go on to list lots of broad ways the data can be used and shared.
Unless I've missed anything, and as other commenters have said much more succinctly, I have to assume that there's a real possibility that my private repo code is used to train their models.
[1] https://docs.github.com/en/site-policy/privacy-policies/gith...
[2] https://docs.github.com/en/site-policy/privacy-policies/gith...