title: "Security & Privacy" description: "How Copilot handles your code data, telemetry options, and security best practices" section: "Copilot" readTime: "4 min"

Security & Privacy

By default, GitHub Copilot Free includes telemetry. You can opt out:

Disable telemetry: Set telemetry.telemetryLevel to off in VS Code settings
Adjust code suggestion matching: Visit GitHub Copilot Settings to control whether suggestions matching public code are allowed
Organization-managed: In enterprise plans, telemetry settings may be controlled by your administrator

Copilot sends code context to GitHub's servers to generate suggestions
GitHub does not use your private code to train models (paid plans)
Free plan users: review the GitHub Copilot Free terms for current data usage terms
Code snippets are not stored beyond the session context window

Prevent specific files or patterns from being used as context:

Organization admins can set content exclusion policies in GitHub org settings
Per-repository: add exclusion patterns in the repository's Copilot settings
Excluded files are not sent to the AI as context

Enterprise and Business plan admins can:

Never paste credentials, API keys, or secrets into chat prompts — treat prompts like code in a shared repo
Always review AI-generated code before accepting — AI can introduce subtle vulnerabilities
Watch for common vulnerabilities in generated code: SQL injection, XSS, hardcoded secrets, missing input validation
Use the Review smart action to request an AI security review of selected code
Keep the Copilot extension updated — security fixes are released regularly