playbooks

home / skills / jeremylongshore / claude-code-plugins-plus-skills / windsurf-code-privacy

windsurf-code-privacy skill

/plugins/saas-packs/skill-databases/windsurf/skills/windsurf-code-privacy

This skill helps configure Windsurf code privacy settings, data retention, and compliance policies to safeguard regulatory requirements across deployments.

npx playbooks add skill jeremylongshore/claude-code-plugins-plus-skills --skill windsurf-code-privacy

Review the files below or copy the command above to add this skill to your agents.

Files (5)
SKILL.md
1.9 KB
---
name: "windsurf-code-privacy"
description: |
  Configure code privacy and data retention policies. Activate when users mention
  "code privacy", "data retention", "privacy settings", "data governance",
  or "gdpr compliance". Handles privacy and data protection configuration. Use when working with windsurf code privacy functionality. Trigger with phrases like "windsurf code privacy", "windsurf privacy", "windsurf".
allowed-tools: Read,Write,Edit
version: 1.0.0
license: MIT
author: "Jeremy Longshore <[email protected]>"
---

# Windsurf Code Privacy

## Overview

This skill enables comprehensive privacy configuration for Windsurf deployments. It covers data transmission controls, retention policies, regional compliance settings, and code exclusion patterns. Proper privacy configuration ensures your organization meets GDPR, CCPA, and other regulatory requirements while using AI-assisted development tools.

## Prerequisites

- Windsurf Enterprise subscription
- Organization administrator access
- Compliance requirements documented
- Legal/security team approval
- Understanding of data residency needs

## Instructions

1. **Assess Requirements**
2. **Configure Data Handling**
3. **Set Up Exclusions**
4. **Enable Regional Compliance**
5. **Document and Monitor**


See `{baseDir}/references/implementation.md` for detailed implementation guide.

## Output

- Privacy configuration files
- Data exclusion patterns
- Retention policy documentation
- Compliance reports

## Error Handling

See `{baseDir}/references/errors.md` for comprehensive error handling.

## Examples

See `{baseDir}/references/examples.md` for detailed examples.

## Resources

- [Windsurf Privacy Guide](https://docs.windsurf.ai/admin/privacy)
- [GDPR Compliance Documentation](https://docs.windsurf.ai/compliance/gdpr)
- [Data Retention Best Practices](https://docs.windsurf.ai/guides/retention)

Overview

This skill configures privacy and data retention for Windsurf deployments to ensure code and telemetry are handled per policy. It centralizes settings for data transmission, retention windows, regional residency, and code exclusion patterns. Use it to align Windsurf behavior with GDPR, CCPA, and internal compliance requirements.

How this skill works

The skill inspects your Windsurf organization settings and generates privacy configuration files and retention rules based on documented requirements. It creates exclusion patterns to prevent sensitive code from being sent to AI services, enforces regional residency options, and outputs compliance reports. It also produces implementation artifacts you can apply or review with legal and security teams.

When to use it

  • Onboarding a Windsurf Enterprise account to enforce data governance
  • When implementing GDPR, CCPA, or other regional compliance controls
  • Before enabling AI code assistance that might transmit source code
  • When defining or auditing data retention and deletion policies
  • When you need to exclude sensitive files, secrets, or directories from processing

Best practices

  • Start by documenting legal and security requirements and map them to retention/processing rules
  • Use granular exclusion patterns (paths, file types, regex) rather than wholesale blocking where possible
  • Test configurations in a staging org before applying to production to validate behavior
  • Enable monitoring and periodic audits to detect drift in retention or exclusion rules
  • Keep a versioned record of privacy configs and the approvals from legal/security

Example use cases

  • Create retention policies that remove telemetry after 30, 90, or 365 days depending on data class
  • Define exclusion patterns to block test fixtures, secret files, or proprietary modules from being sent for analysis
  • Configure regional residency so logs and telemetry remain in specified cloud regions for compliance
  • Generate a compliance report summarizing active retention rules and exclusion patterns for an audit

FAQ

Do I need an admin account to use this skill?

Yes. Organization administrator access is required to apply privacy and retention configurations across Windsurf deployments.

Can I exclude specific files or patterns from AI processing?

Yes. The skill supports detailed exclusion patterns by path, file type, and regular expression to prevent sensitive code from being transmitted or stored.