01Trust Score

Windsurf

Week 2026-W20 · 15 May 2026 Vendor-Neutral

70 /100 Mostly Positive

★ ★ ★ ★ ★

3.4/5 (4137)

↓ PDF Report

WHY THIS SCORE

The overall trust score of (see deterministic score) reflects a vendor with strong security foundations but significant data privacy and operational transparency gaps. Compliance scored (see deterministic score) due to verified SOC2 Type II, HIPAA BAA availability, and FedRAMP High in progress. However, Legal/IP scored (see deterministic score), primarily due to the undisclosed AI training data policy and opaque data retention, which are critical enterprise area warranting further due diligences. Financial health scored (see deterministic score), indicating stability from recent funding but tempered by community reports of billing issues. Community trust scored (see deterministic score), reflecting positive product sentiment offset by widespread dissatisfaction with pricing changes and support. To improve this score, Windsurf must explicitly clarify its AI training data policy with an opt-out and resolve reported billing and support issues.

AUDITOR SUMMARY

Strength: Windsurf offers a highly capable AI-native IDE with robust security certifications (SOC 2 Type II, HIPAA, FedRAMP High in progress) and flexible deployment options, making it a strong contender for accelerating developer productivity in secure environments.

Trust Score 70/100 CONDITIONAL

Est. Annual Cost $58000 100 users / yr

Top Risk HIGH Reliability Overall: Medium

Priority Action AI Training Data Policy Not Explicitly Disclosed in ToS ↓ PDF · TCO · Hardening

Enterprise Verdict

! Conditional Approval

Risk: Medium 50 sources

Priority Action

AI Training Data Policy Not Explicitly Disclosed in ToS

This report updates every week. Weekly AI vendor intelligence — trust scores, contract red flags, competitive shifts.

02Top Risks

Risk Assessment

Seven-category enterprise risk analysis derived from community and vendor signals. Each card shows the evidence tier and the underlying finding.

High Reliability Community Data

Public documentation buyers may want to verify availability of specific uptime commitments or reliability history.

Medium Cost Predictability Community Data

Enterprises should negotiate fixed-rate contracts and monitor pricing changes for overage risks.

High Vendor Lock-in Community Data

Data export status unclear. Integration score: 0/100. Webhooks available, reducing lock-in risk.

Source

Medium Support Quality Community Data

Insufficient public community reviews to verify support quality. Standard support channels (email/documentation) are assumed.

Medium Data Privacy Community Data

Compliance score: 86/100. GDPR status: unknown. Encryption at rest: yes.

Low Compliance Posture Community Data

SOC 2: type_ii. ISO 27001: none. Overall compliance score: 86/100.

Medium AI Transparency Verified

No training on user data detected. Code ownership terms unclear. Legal/ToS risk score: 65/100.

Source

Verified — Confirmed by vendor documentation Community — Derived from community reports

Due Diligence Alerts

Priority reviews, recommended inquiries, and verified strengths — based on 95+ community data points

Recommended Inquiry Critical AI Training Data Policy Not Explicitly Disclosed in ToS

Sources: Web Community Evidence

Recommended Inquiry High 94 Chromium CVEs Identified in Security Audits

Sources: Web Community Evidence

Recommended Inquiry High Recurring Billing Disputes and Unresponsive Support

Sources: Web Community Evidence ×3

Recommended Inquiry High SLA Terms Not Publicly Disclosed — Request MSA Before Procurement

Sources: Web Community Evidence

Recommended Inquiry High Tenant Isolation Model Not Publicly Documented

Sources: Web Community Evidence

03Security & Compliance

Security & Compliance

SOC 2 ✓ Certified

ISO 27001 ✕ Not found

GDPR Not documented

HIPAA ✓ BAA

Data Security

Encryption (At Rest): AES-256

Encryption (In Transit): TLS

Security Features

✓ SSO SAML 2.0

⚠ MFA Methods not specified in public documentation

✓ Audit Logs 90 days

✓ Vulnerability Disclosure

IT Hardening Guide

Deployment Checklist

For Enterprise Hybrid tier, deploy the Docker Compose application on a customer-managed instance (EC2, GCE, Azure VM, on-prem) within your cloud or network. Configure Cloudflare Tunnel Client to establish a persistent, secure tunnel between customer-managed data-retaining instance and Windsurf's compute layer. For Enterprise Self-hosted tier, deploy as a Docker Compose application or via Helm chart within a private cloud or on-prem datacenter. Connect the Self-hosted tier to a customer's private trusted LLM-endpoint (e.g., AWS Bedrock, Azure OpenAI, Google VertexAI) to ensure no traffic routes past customer firewalls. Enable Single Sign-On (SSO) via SAML (Microsoft Entra, Okta, Google Workspaces) for all enterprise users. For enterprise accounts, disable use of OpenAI, Anthropic, Google Cloud Vertex API, and xAI models if zero data retention agreements are not sufficient. Explicitly enable the Bing API for web search functionality only if its data retention policy is acceptable, as Windsurf does not have a zero data retention agreement with Bing. Ensure Zero-data retention mode is enabled for individual plans if required, as it is opt-in for these users.

Last verified: 15 May 2026

Legal & IP Risk

Legal Entity: Exafunction, Inc. (doing business as Codeium)

Jurisdiction: Mountain View, CA, USA

IP Ownership

User Code: Not documented in public ToS

Training Data: Not documented in public ToS

Liability & Indemnification

IP Indemnification: Not documented in public ToS

Liability Cap: Not documented in public ToS

Warranty: Not documented in public ToS

Exit Terms

📤

Data Export Not documented in public ToS

🗑️

Deletion Not documented in public ToS

ToS Red Flags

Critical

Directly impacts data confidentiality and intellectual property, posing significant compliance risks for regulated industries.

High

Lack of clear data retention periods complicates compliance with data privacy regulations like GDPR and CCPA.

High

Creates ambiguity regarding legal rights to code produced by the AI, potentially leading to disputes and IP loss.

High

Exposes the enterprise to unknown financial and operational risks in case of service failures or breaches.

Legal Risk Score:

65/100

Data & Migration Lock-in Risk

Risk Level Medium

Data Portability (likely JSON/Markdown for code, proprietary for agent states)

Switching Cost Estimate 4-8 weeks of engineering time

Lock-in Factors

Deep integration of agentic workflows within the Windsurf IDE.
Proprietary format for agent session states and memories.
Reliance on Windsurf's specific multi-model routing and optimization features.
Lack of explicit data export guarantees for all data types.

Migration risk is medium due to the deep integration of Windsurf's agentic features within its IDE. While code itself is portable, the proprietary nature of agent session states and memories could make switching to an alternative AI IDE time-consuming. The absence of explicit data export guarantees for all data types further complicates exit planning.

Enterprise Contract Intelligence

DPA availability, data residency, and contract risk signals for procurement teams

📄 Data Processing Agreement Available

View DPA ↗

A Data Processing Addendum (DPA) is publicly available. It is essential to review this document to ensure it includes explicit clauses prohibiting the use of customer data for AI model training and specifies data retention periods, as these are critical gaps in the privacy policy.

🌐 Data Residency Customer-Controlled

Default: United States

United StatesEU (Frankfurt, Germany)United Kingdom

Windsurf offers data hosting in the United States and an EU cluster in Frankfurt, Germany, with AWS GovCloud for FedRAMP High customers. Standard Contractual Clauses (SCCs) are used for cross-border data transfers. Customers can control data residency through deployment options (Hybrid/Self-hosted).

⚠️ Contract Risk Medium Lock-in (65/100)

Unilateral change right: Yes ⚠ Data export on exit: No ⚠

⚠ 4 contract risk flags — click to review

⚠ Vendor reserves the right to use prompts and outputs for AI model training without explicit opt-out.

⚠ Lack of specific data retention periods in the privacy policy.

⚠ Undisclosed IP ownership for AI-generated code.

⚠ Absence of publicly disclosed SLA terms and liability caps.

The contract risk is elevated due to the vendor's right to use customer data for AI model training, opaque data retention, and unclear IP ownership. The absence of a public SLA and liability caps further increases enterprise exposure. Procurement teams must negotiate a comprehensive MSA and DPA to mitigate these risks.

New risk signals detected weekly. Weekly AI vendor intelligence — trust scores, contract red flags, competitive shifts.

04Community Signals

Community Evidence

Sentiment analysis and recurring issues from developer & enterprise community signals this week.

Recurring Issues

Billing disputes and refund delays 🟠 Community 3 mentions high → Stable

Enterprise Impact: Direct financial risk through incorrect billing and potential operational disruption due to unresolved account access. Damages trust and increases administrative overhead.

Implement robust billing system checks and improve customer support response times and resolution processes for financial inquiries. Provide clear communication channels for billing disputes.

Sources: Reddit Reddit Reddit

Removal of free AI models and pricing model changes 🟠 Community 4 mentions high ↗ Worsening

Enterprise Impact: Increases cost unpredictability and forces unexpected budget reallocations. May lead to vendor lock-in for users reliant on previously free features, impacting adoption and retention.

Provide clearer communication on pricing changes and offer grandfathered pricing or transitional support for existing free-tier users. Ensure transparent quota consumption metrics.

Sources: Reddit Reddit Reddit Web

Security concerns with Chromium CVEs 🟠 Community 1 mentions high → Stable

Enterprise Impact: Exposes the enterprise to potential security breaches and requires significant internal resources for vulnerability management and patching, increasing operational overhead.

Provide a public roadmap for addressing Chromium CVEs and offer clear guidance on mitigation strategies for enterprise users. Consider a more secure base for the IDE.

Sources: Web

MCP protocol security vulnerability 🟠 Community 1 mentions medium → Stable

Enterprise Impact: Could allow malicious actors to inject or modify tools during an AI agent session, leading to unauthorized actions or data exfiltration. Requires robust client-side validation.

Enhance the MCP client to detect and alert on unauthorized tool list modifications during a session. Implement cryptographic signing for tool manifests.

Sources: HN

Source Highlights This Week

Specific signals from GitHub, Hacker News, and Reddit — what the community is actually saying

👀

Analysis Pending

Community signals collected this week. Analysis and synthesis will be available in the next report update.

🔗 GitHub Issues & PRs

feat(sdk): adopt 2026 cross-tool agent-instruction file conventions (AGENTS.md, GEMINI.md, .cursor/rules/*.mdc, .windsurf/rules/*.md)

7 comments Bug 7 comments — high community engagement

feat: Make AI config support Windsurf and Claude and other tools.

2 comments Discussion 2 comments — high community engagement

Add Windsurf rules and README for Keystone

2 comments Discussion 2 comments — high community engagement

🔥 Hacker News

A History of IDEs at Google

Story Score 0 — active HN discussion

A History of IDEs at Google

Story Score 0 — active HN discussion

A History of IDEs at Google

Story Score 0 — active HN discussion

💬 Reddit

Need help with Windsurf refund/cancellation — charged twice, accounts inaccessible, ticket #39581

r/windsurf

Windsurf has now completely removed all free models.

r/windsurf

An open-source Windsurf extension so you appear on a globe when you code

r/windsurf

05Financial Impact

Financial Impact Panel

Cost intelligence and pricing signals for enterprise procurement decisions

Pricing data from public sources — enterprise rates differ. Verify with vendor.

TCO Calculator

Pricing Not Available

Enterprise pricing information could not be obtained for this vendor. This may be due to custom/private pricing models or limited publicly available data.

Don't evaluate blind next quarter. Weekly AI vendor intelligence — trust scores, contract red flags, competitive shifts.

Learn more about our Audit Methodology →

Independent analysis — signals aggregated from GitHub, Reddit, HN, Stack Overflow, Twitter/X, G2 & Capterra. Not affiliated with any vendor. Corrections?

Windsurf

Enterprise Verdict

Risk Assessment

Due Diligence Alerts

Security & Compliance

Data Security

Security Features

IT Hardening Guide

Deployment Checklist

Legal & IP Risk

IP Ownership

Liability & Indemnification

Exit Terms

ToS Red Flags

Data & Migration Lock-in Risk

Enterprise Contract Intelligence

Community Evidence

Source Highlights This Week

Analysis Pending

Financial Impact Panel

TCO Calculator

Pricing Not Available

Download PDF Report