Windsurf Data Compliance

v20260311

windsurf-data-handling

Guides teams to block Windsurf/Codeium from touching secrets, redact sensitive inputs, set retention policies, and disable telemetry so PII stays out of AI indexes.

Windsurf DataPrivacy Compliance PII Telemetry Security AIConfig

Get Skill

52 downloads

Overview

Windsurf Data Handling

Overview

Control what code and data Windsurf (Codeium) Cascade AI can access in your workspace. Covers file exclusion patterns, sensitive content filtering, telemetry management, and workspace privacy configuration.

Prerequisites

Windsurf IDE installed
Understanding of Codeium data processing
Repository with sensitive files identified
Team agreement on AI data boundaries

Instructions

Step 1: Exclude Sensitive Files from AI Indexing

// .windsurf/settings.json - Privacy configuration
{
  "codeium.indexing.excludePatterns": [
    "**/.env*",
    "**/credentials*",
    "**/secrets/**",
    "**/*.pem",
    "**/*.key",
    "**/*.p12",
    "**/serviceAccountKey*",
    "**/.aws/**",
    "**/.gcloud/**",
    "**/terraform.tfstate*",
    "**/*.tfvars",
    "**/vault-config*"
  ],
  "codeium.indexing.maxFileSize": 524288,  # 524288 = configured value
  "codeium.enableTelemetry": false
}

Step 2: Create Workspace Ignore File

# .codeiumignore - Files Codeium/Windsurf will never process
# Similar to .gitignore syntax

# Secrets and credentials
.env
.env.*
credentials.json
serviceAccountKey.json
*.pem
*.key
*.p12

# Customer data
data/customers/**
exports/**
backups/**

# Sensitive configuration
config/production.json
config/secrets.yaml

# Large binary files (waste of indexing)
*.zip
*.tar.gz
*.sqlite
*.db

Step 3: Environment Variable Safety

// Prevent secrets from appearing in Cascade suggestions
// .windsurf/patterns.md

/**
 * IMPORTANT: Environment Variable Patterns
 *
 * When Cascade suggests code with environment variables:
 * - Always use process.env.VARIABLE_NAME, never hardcode values
 * - For local development, use .env files (which are excluded from AI)
 * - Never paste actual secret values into Cascade chat
 *
 * Safe pattern:
 * ```
 * const apiKey = process.env.API_KEY!;
 * ```
 *
 * Unsafe pattern (never do this):
 * ```
 * const apiKey = "sk-abc123..."; // NEVER
 * ```
 */

Step 4: Telemetry and Data Controls

// .windsurf/settings.json - Telemetry controls
{
  "codeium.enableTelemetry": false,
  "codeium.enableSnippetTelemetry": false,
  "telemetry.telemetryLevel": "off",

  "codeium.autocomplete": {
    "enable": true,
    "languages": {
      "plaintext": false,
      "markdown": false,
      "json": false,
      "yaml": false,
      "env": false
    }
  }
}

Error Handling

Issue	Cause	Solution
Secret in AI suggestion	Secret was in indexed file	Add to `.codeiumignore`
Large file slowing AI	Binary indexed	Add file extension to exclude patterns
Telemetry sending data	Not disabled	Set `enableTelemetry: false`
AI suggests hardcoded key	No workspace rules	Add patterns about env vars to rules file

Examples

Quick Privacy Audit

# Check what files Windsurf would index
find . -type f \
  -not -path '*/node_modules/*' \
  -not -path '*/.git/*' \
  -name '*.env*' -o -name '*.key' -o -name '*.pem' \
  | head -20
# All found files should be in .codeiumignore

Resources

Output

Configuration files or code changes applied to the project
Validation report confirming correct implementation
Summary of changes made and their rationale

Info

Category Development

Name windsurf-data-handling

Version v20260311

Size 3.95KB

Source jeremylongshore/claude-code-plugins-plus-skills

Updated At 2026-03-12