Copilot privacy & security: what data is sent, retention, training use, and secure settings checklist

[qualityStackAILearning]

Select Topic Area

General

Copilot Feature Area

General

Body

Hi everyone,
I’m evaluating GitHub Copilot and I want to understand the privacy/security and data-handling clearly before using it more deeply. I’m not sharing any code, repo names, screenshots, or account-specific details here. I’m looking for general guidance and official documentation links.

1. What data is sent (scope of context)

For Copilot code completions, what context can be sent (current file, nearby lines, other open files/tabs, entire workspace, repo index, terminal output)?

For Copilot Chat, what additional context can be included compared to completions?

For Agent/coding agent and PR/code review features, is the context limited to the diff/PR content, or can it pull broader repository/workspace context?

Does Copilot ever read untracked files, ignored files, or environment variables/secrets as part of context?

2. Storage and retention

Are prompts/code/context stored by GitHub or model providers? If yes, how long (retention period)?

Is retention different for completions vs chat vs agent vs PR review?

Are telemetry/diagnostics logs stored separately from content (code/prompt), and what is retained in each?

3. Training / product improvement defaults

Is any prompt/code used for training or improving models by default for individual users?

If opt-out/controls exist, what is the default setting and where exactly are the toggles documented?

4. Model/provider handling

Copilot can route to different models. Do privacy/retention guarantees remain the same across model providers, or do they vary?

Is there documentation about “zero data retention” or equivalent terms for providers used by Copilot?

5. Access boundaries and exposure risks

Can private repository content ever be exposed to other users in any form?

Under what conditions (if any) could GitHub staff access content, and what controls/audit protections exist?

6. “Secure setup” checklist (recommended settings)

Could someone share a recommended secure configuration checklist (with doc links) for minimizing exposure, such as:

Settings/toggles to reduce context scope for completions/chat/agent

Any setting to ensure prompts/code are not used for training/model improvement

Recommended settings for PR reviews / agent features if you want minimal repo scanning

7. Excluding sensitive files/folders

Is there a supported way to exclude specific paths/files (e.g., secrets, configs) from being used as context by Copilot?

If exclusions are IDE-specific, what are the recommended approaches for VS Code and JetBrains?

8. Verification / auditability

Is there any way to verify what Copilot actually used as context for a request (logs/indicators/audit view)?

If no, what is the recommended way to validate that sensitive files are not being included?

If anyone can point to the most authoritative GitHub docs/pages/policies for the above, I’d really appreciate it. Thank you.

[armorer-labs]

One framing that helps with secure configuration checklists is to separate what data can enter model context from what actions the resulting model output can influence. Teams often focus on one side and not the other.\n\nFor example, even a relatively narrow context scope can still be risky if the agent can trigger high-impact actions with weak approval boundaries. And conversely, strong execution gating still leaves privacy questions if prompts, code, logs, screenshots, or terminal output are being retained or routed more broadly than expected.\n\nSo a practical checklist usually wants at least four buckets:\n- context scope (what can be read / attached)\n- retention / training / logging behavior\n- tool and action permissions\n- approval / review boundaries for high-impact operations\n\nThat split makes it easier to reason about privacy and security without flattening them into one vague concern.