Does Windsurf train on my code?

Only if you are not on Zero Data Retention. Windsurf states that code submitted by ZDR-mode users is never trained on. Without ZDR, code snippets and trajectories may be logged and used as training data. ZDR is the default for team and enterprise plans, so the training question comes down to whether ZDR is enabled on your account, which individual users must turn on themselves.

Is Zero Data Retention on by default for me?

Only if you are on a team or enterprise plan. Those default to ZDR. On an individual plan, ZDR is off until you opt in from your profile or privacy settings. Until you do, your code may be logged and eligible for training, so the first step for an individual user who cares about retention is to enable ZDR before continuing to build.

Does turning off telemetry stop Windsurf sending my code?

No. Telemetry and AI inference are separate. Disabling telemetry stops behavioral usage analytics, but it does not stop your code being transmitted for AI processing. During a Cascade session, Windsurf sends file contents and surrounding context to remote servers for inference regardless of the telemetry switch. To limit retention, the relevant control is Zero Data Retention, not the telemetry toggle.

What should I do before submitting an app built in Windsurf?

Enable Zero Data Retention if you are on an individual plan, then focus on the binary. Rotate any API key you hardcoded while building, move secrets server-side, and scan the compiled APK, AAB, or IPA for hardcoded secrets before submission. Retention settings govern what Windsurf keeps, but a leaked key in your shipped build is the exposure that actually reaches attackers.

Does Windsurf keep my code or prompt data?

Before you submit an app you built in Windsurf, it is fair to ask where your code and prompts went. The answer turns on one setting, Zero Data Retention, and on individual plans that setting is not on by default.

Short answer

It depends on Zero Data Retention. Windsurf's security documentation states that code submitted by zero-data-retention users is never trained on, and that ZDR guarantees code is never serialized or stored in plaintext on its servers or by its subprocessors. ZDR is the default for team and enterprise plans. On an individual plan it is off until you opt in, and without it your code snippets may be logged and used as training data. Even with ZDR on, your code is visible in memory while each request runs.

What you should know

ZDR is the deciding setting: with it on, code is not stored in plaintext and is not trained on.
Individual plans are not ZDR by default: you opt in from your profile settings, or your code may be retained.
Team and enterprise plans default to ZDR: code-derived data is not persisted for those accounts.
In memory is not the same as stored: even under ZDR, code is in memory for the life of the request and briefly for prompt caching.
Telemetry is a separate switch: turning it off stops usage analytics, not the code sent for AI inference.

Does Windsurf train on your code?

Only if you are not on Zero Data Retention. Windsurf states plainly that code submitted by ZDR-mode users will never be trained on. For non-ZDR users the policy is different: code snippets and user trajectories may be logged, in Windsurf's description to a BigQuery instance inside its cloud, where they can be used as training data. So the training question reduces to a single account setting, and the safe answer for anyone unsure is to confirm ZDR is on before continuing. The setting lives under the privacy section of Windsurf's settings, and it applies to future requests, so anything sent before you enabled it followed whatever policy was active at the time. That is why enabling it on day one of a project is safer than flipping it the day before you submit.

What does Zero Data Retention actually guarantee?

It guarantees that code is not persisted in plaintext, not that code never reaches the cloud. Windsurf defines ZDR as a mode where code or code-derived data is never serialized and stored in plaintext at its servers or subprocessors. The important caveat is in the same documentation: the code is still visible to the servers in memory for the lifetime of the request, and may exist for a slightly longer period, on the order of minutes to hours, for prompt caching. ZDR is the default for team and enterprise plans, and individual users can turn it on from their profile. The guarantee is about storage and training, not about whether the request touches a server. That distinction matters for a regulated app: ZDR limits what is stored and trained on, but if your prompts include customer data or secrets, that data still moves through the provider's memory during inference. The safer habit is to avoid pasting sensitive values into prompts at all, so that even the in-memory window never holds something you would not want to leave your machine.

What happens on an individual plan by default?

By default, an individual plan is not in Zero Data Retention. That means code snippets and trajectories from your sessions may be logged and retained, and may be used as training data, until you opt in. The fix is one setting: open your Windsurf profile or privacy settings and enable Zero Data Retention. The table summarizes how the plan and settings change what happens to your code.

Plan or setting	Is your code stored or trained on?
ZDR on (team and enterprise default)	Not serialized or stored in plaintext; never trained on
Individual plan, ZDR off (default)	Code snippets and trajectories may be logged and used
Individual plan, ZDR opted in	Same protection as team ZDR
Telemetry off	Stops usage analytics only, not code sent for inference
Any Cascade request	File contents sent to the server; in memory for the request

Does turning off telemetry stop my code being sent?

No. Telemetry and AI inference are separate channels with different effects. Telemetry is opt-out behavioral analytics, and disabling it stops usage data collection, but it does not stop your code being transmitted for AI processing. During a Cascade session, Windsurf sends the file contents and surrounding context referenced in your prompt to remote servers for inference, regardless of the telemetry switch. If your goal is to limit what is retained, the lever is Zero Data Retention, not the telemetry toggle. Treat the two as answers to different questions: telemetry is about whether Windsurf studies how you use the editor, and Zero Data Retention is about whether your code is kept and trained on. Changing one says nothing about the other.

What to watch out for

The trap is assuming the defaults protect you. On an individual plan the default is not ZDR, so a developer who never changed a setting may have code logged and eligible for training. Turn ZDR on first. The second point is that retention settings do not address the exposure that matters most at submission: a key you hardcoded while building still compiles into your app and ships to every user, no matter how the editor handled it. A pre-submission scan such as PTKD.com (https://ptkd.com) reads the compiled APK, AAB, or IPA for hardcoded secrets and other binary-level issues against OWASP MASVS, which is the layer where a leftover key actually becomes exploitable. Rotate any secret that was ever hardcoded, and keep live secrets out of client code.

What to take away

Whether Windsurf keeps your code depends on Zero Data Retention: with it on, code is not stored in plaintext and is not trained on.
Individual plans are not ZDR by default, so opt in from your profile; team and enterprise plans default to ZDR.
Disabling telemetry stops usage analytics only, not the code Windsurf sends for AI inference.
Retention settings do not protect a hardcoded key in your binary, so rotate any exposed secret and confirm the build with a pre-submission scan such as PTKD.com before submitting.