On March 25, 2026, GitHub quietly updated its Copilot privacy policy to make interaction data collection — your code, your prompts, the context surrounding them — opt-out by default on Free, Pro, and Pro+ tiers. Developers had thirty days to flip a setting. By April 24, the deadline had passed. If you missed it, the code you have written, refactored, and explained to Copilot since then has been eligible to train future models.1

This is not an isolated incident. In 2025, the AI code editor Cursor logged seven CVEs.2 ChatGPT was the channel through which Samsung engineers leaked proprietary semiconductor source code in 2023 — an incident that triggered a full ban on consumer AI tools at Samsung and a wave of similar policies at Fortune 500 firms.3 Veracode's 2025/2026 industry report found that 45% of AI-generated code contained real security vulnerabilities.4

If you ship code for clients, handle proprietary algorithms, work in a regulated industry, or just take the confidentiality of your own work seriously, this is your problem. The good news is that the tooling caught up. In May 2026, you can run a Copilot-class coding assistant entirely on your Mac, handle confidential documents through a local chat AI, and never send a byte to a third-party server. This guide walks through the full stack.

The Two AI Privacy Problems Developers Actually Have

Most “privacy guides” for developers treat AI as one thing. It is not. Developers use AI for two distinct categories of work, and the privacy solutions for each are completely different.

Problem 1: Inline coding AI. Autocomplete inside the editor, AI-assisted refactoring, generate-from-comment, agentic multi-file edits. Copilot, Cursor, Continue.dev, Tabnine, Codeium. This is where most of the recent controversy lives — because this is the tooling that has the deepest access to your codebase.

Problem 2: Chat-and-document AI. Pasting in an NDA to understand it. Asking about a regulatory requirement before quoting a client. Drafting a sensitive incident postmortem. Explaining a confusing log to a teammate. Working through an architectural decision. This is where ChatGPT, Claude, and Gemini get used — and it is also where developers most often paste the most sensitive material: client emails, contracts, security findings, internal Slack threads, design docs.

The two problems have different solutions. The honest answer for inline coding AI is a local model server like Ollama paired with an editor extension like Continue.dev. The honest answer for chat-and-document AI is an on-device application like Hey Eduardo. We will cover both.

Why both matter. A developer who installs a privacy-first coding assistant but still pastes the client NDA into ChatGPT has solved 30% of the problem. The chat-and-document tier is often where the most legally-sensitive material ends up — and consumer ChatGPT, Claude.ai, and Gemini retain your inputs by default.

What Actually Happened With GitHub Copilot in March 2026

Until March 2026, GitHub Copilot collected “prompts, suggestions, and feedback” from paid users only with opt-in consent. On March 25, GitHub updated the policy to collect this data by default across the Free, Pro, and Pro+ tiers — and use it to train future models. Copilot Business and Enterprise accounts were exempt.1

GitHub gave users a thirty-day window to opt out. By the time most developers noticed (myself included), the window was nearly closed. The backlash on Hacker News and r/programming was significant — but the policy stood.

Around the same period, GitHub injected Copilot promotional pop-ups into roughly 1.5 million open pull requests, leading to a separate apology and rollback.5 Developer sentiment shifted sharply. In a survey published in early 2026, Claude Code received a 46% “most loved” rating among developers, compared to GitHub Copilot's 9%.6 A migration wave is underway.

The deeper point is this: when a tool you depend on for daily work changes its data policy unilaterally, you have two choices — accept the new terms or leave. With cloud-hosted coding AI, the vendor has unilateral control. With local-hosted AI, you do.

46% vs 9%
Claude Code vs GitHub Copilot “most loved” rating among developers, early 20266
7
CVEs logged against Cursor in 2025, plus 30+ vulnerabilities targeting MCP servers in early 20262
45%
of AI-generated code contains real security vulnerabilities, per Veracode 2025/2026 industry data4

Part One: A Privacy-First Stack for Inline Coding AI

For inline coding work (autocomplete, refactoring, chat-in-editor, agentic edits), the practical setup in 2026 is a local model server plus an editor extension that speaks to it. The standard combination is Ollama + Continue.dev.

What you need on your Mac

  • Apple Silicon Mac (M1, M2, M3, or M4) — Metal GPU acceleration is what makes this feel instant. Intel Macs work but slowly.
  • At least 16 GB RAM for the smaller coding models; 24+ GB if you want to run the larger 14B+ models for harder problems.
  • About 10 GB of disk space per model you keep installed.

The 10-minute setup

  1. Install Ollama. Download from ollama.com or run brew install ollama. It installs a local model server that listens on localhost:11434.
  2. Pull a coding model. In your terminal:
    ollama pull deepseek-coder-v2:16b
    Or, for a smaller and faster option:
    ollama pull qwen2.5-coder:7b
    DeepSeek-Coder-V2 was pre-trained on 87% code across 2 trillion tokens and benchmarks comparable to GPT-4 (2024) on coding tasks.7
  3. Install Continue.dev in your editor. Available for VS Code, JetBrains, and others. In settings, point it at your local Ollama endpoint (http://localhost:11434) and the model you pulled.
  4. Verify. Open any file, trigger Continue's chat panel (Cmd+L by default), ask “what does this file do?” and confirm the response feels responsive and accurate.

That is the entire setup. Total time, including downloads, is typically 10–15 minutes on a reasonable home internet connection. The tooling has improved dramatically — in 2024, an equivalent setup took 3+ days of fiddling with CUDA dependencies and quantization formats.8

What you get vs what you give up

You get: Code completion and chat that runs entirely on your Mac, with no network traffic. No subscription fees. No usage caps. No vendor policy changes. The model file lives on your hard drive; you control when (and whether) you update it.

You give up: The very newest cloud models will outperform the best local coding models on the hardest problems. The 200K+ context windows of Claude 4 are not (yet) practical to run locally. For agentic multi-file operations across very large codebases, cloud-hosted Cursor or Claude Code remain ahead. The gap closed dramatically from 2024 to 2026 — but it is not zero.

The pragmatic answer: Use local for the 90% of daily coding where speed and privacy matter most. Reach for a cloud tool only when the problem genuinely exceeds what your local model can handle, and when the code you are working on is not subject to confidentiality obligations.

Part Two: A Privacy-First Stack for Chat-and-Document AI

The inline coding piece gets most of the privacy attention, but most developers — especially freelancers, agency staff, and engineers at client-services firms — actually do more sensitive AI work outside the editor than inside it.

Examples:

  • Pasting a client NDA into ChatGPT to understand what you just signed.
  • Asking Claude about a regulatory requirement before quoting a SOC 2 client.
  • Dropping in a security audit finding to draft a remediation plan.
  • Pasting an angry client email into AI to figure out the right response.
  • Asking about a piece of confidential design documentation.
  • Drafting an incident postmortem that references customer data.
  • Translating a poorly-written client requirement into engineering tasks.

Every one of these is a disclosure to a third party. Under consumer ChatGPT, Claude.ai, or Gemini terms, your inputs may be retained, may be reviewed by employees, and may be used to train future models. ABA Formal Opinion 512 (in the legal context) and parallel guidance from professional bodies make clear that submitting confidential client information to public AI tools may constitute an unauthorized disclosure.9 The ethical guidance applies to attorneys and CPAs explicitly, but the underlying principle — do not share confidential material with third parties without authorization — applies to any professional bound by contract or NDA.

And in February 2026, a federal court ruled in United States v. Heppnerthat conversations with public AI platforms carry no expectation of privacy and are not protected by attorney-client privilege or work product doctrine. The court held that AI platforms have no confidentiality obligation, so submitting privileged or proprietary material to them constitutes voluntary disclosure to a third party.10

The solution: on-device chat AI

For the chat-and-document tier, the solution is an application that runs the AI model on your own machine. The same architectural principle as Ollama — but packaged as a chat-and-document application rather than a server-and-IDE toolchain.

This is exactly the gap Hey Eduardo fills, and the reason we built it. The model lives on your Mac. When you paste in an NDA, a contract, a customer email, or any other sensitive material, that text never travels off your device. There is no server to subpoena, no vendor agreement to interpret, no privacy policy to monitor for unilateral changes. The architecture makes privacy structural rather than contractual.

We are not claiming Hey Eduardo replaces Copilot or Cursor for inline coding — it does not. We are saying that the chat-and-document tier of your daily AI usage, the one where most of the legally-sensitive material actually ends up, deserves the same privacy architecture you would apply to your inline coding.

Tool-by-Tool Privacy Assessment for Developers

A quick reference for the most commonly used developer AI tools and where they sit on the privacy spectrum, as of May 2026.

Inline coding AI

  • GitHub Copilot (Free / Pro / Pro+): Code training is opt-out by default as of March 2026. Check your settings now. Copilot Business and Enterprise are exempt and remain the recommended tier for any work involving client code.1
  • Cursor: Has a privacy mode that prevents code from being retained, but the architecture still routes prompts through Cursor's servers. Seven 2025 CVEs and 30+ MCP-related vulnerabilities in early 2026 raise concerns about the broader attack surface.2,11
  • Tabnine: Offers a self-hosted option for teams; pricing targets enterprises. Solid choice when local isn't practical.
  • Ollama + Continue.dev (recommended for sensitive code):Fully local. Model on disk, inference on your hardware. No vendor in the loop. Setup is 10 minutes.

Chat-and-document AI

  • ChatGPT (consumer): Inputs may be used for training unless you disable in settings. Subject to legal discovery — OpenAI is under a May 2025 federal preservation order to retain output log data indefinitely.12
  • Claude.ai / Gemini consumer: Similar consumer-tier policies. Stronger privacy contracts available on their enterprise tiers.
  • Enterprise tiers (ChatGPT Enterprise, Claude for Enterprise, etc.):With proper contracts (zero retention, no training), suitable for client data. Requires negotiation and documentation.
  • On-device chat AI (Hey Eduardo and similar): Model runs on your Mac. Data does not leave the device. Suitable for any client work without additional vendor diligence — there is no vendor receiving data.

“The architecture makes privacy inevitable, not just promised. We literally cannot see what you're working on because it never reaches us.”

— On the design principle behind on-device AI

The Recommended Stack for Sensitive Client Work

Based on the May 2026 landscape, here is the stack we recommend for developers who handle confidential client code or sensitive material:

  1. Inline coding: Ollama + DeepSeek-Coder-V2 or Qwen2.5-Coder + Continue.dev. Reach for a cloud tool only when the local model demonstrably cannot solve the problem AND the code involved is not subject to confidentiality obligations.
  2. Chat-and-document: Hey Eduardo or an equivalent on-device application. Use this for NDAs, contracts, client emails, audit findings, design documentation, incident postmortems, regulatory research — anything that contains client information or proprietary material.
  3. Research with no sensitive context: Consumer ChatGPT, Claude, or Gemini are fine when the prompt contains nothing identifying a client or proprietary work. Generic library documentation, general architecture questions, language-specific syntax — all fair game.
  4. Team and agency work: Add an internal “approved tools” list specifying which tools are permitted for which categories of work. Update your client engagement letters to disclose AI usage and confirm that confidential material is handled through tools without third-party retention.

What to Tell Your Clients

If you handle code or material covered by an NDA, a master services agreement, or a similar contract, your AI usage may already be a contractual issue. Most NDAs prohibit disclosure of confidential information to third parties without consent. Submitting that information to a cloud AI tool may be a disclosure under your contract.

We recommend adding language similar to this to your client engagement letters or MSA AI addendum (adapt for your jurisdiction and engagement type):

“Contractor may use artificial intelligence tools to assist with code generation, analysis, research, and related tasks. For any work involving Client's confidential information, source code, or proprietary material, Contractor will use AI tools that either (a) operate entirely on Contractor's local hardware so that Client information is not transmitted to any third party, or (b) are subject to written agreements with the AI vendor prohibiting use of Client information for model training and requiring deletion of inputs after processing. Contractor reviews all AI-generated work product before delivery and remains fully responsible for its accuracy and quality.”

This serves two purposes. It transparently discloses your AI usage (most sophisticated clients will appreciate the clarity). And it documents your privacy posture so that, if a question arises later, you have written evidence of your standards.

The Compromises (Be Honest About These)

Going privacy-first is not free. Three real trade-offs to plan for:

Capability gap. The very best cloud coding models, run with the largest context windows, will outperform anything you can run locally on a 16GB Mac. Most of your work will not notice. Some edge cases will. Decide in advance which categories of work justify the trade-off.

Setup investment. Local AI takes a Saturday afternoon to set up properly the first time. Cloud tools take ninety seconds. The investment amortizes quickly if you use AI daily — but it is an investment.

Hardware costs. If your current Mac is older or has less than 16GB of RAM, you may need to upgrade for the local coding model story to work well. For the chat-and-document tier (smaller models, simpler tasks), any modern Apple Silicon Mac is sufficient.

Local LLM tooling is in a phase of rapid improvement. The trade-offs of early 2026 are not the trade-offs of late 2026. Plan to revisit your stack quarterly.

Why This Matters Beyond Compliance

The compliance argument for privacy-first AI is real and increasingly unavoidable. But it is not the only argument.

The deeper argument is about who controls your tools. When the AI you depend on for daily work is hosted by a third party, that party has unilateral authority over the policy under which you operate. GitHub's March 2026 Copilot change is the most visible recent example, but it is not the first and will not be the last. Every cloud-hosted developer tool eventually changes terms, raises prices, deprecates features, or pivots its product in ways that affect its users.

Local tooling — Ollama, Continue.dev, Hey Eduardo, and the broader ecosystem of on-device AI — gives you back the property of stability. The model on your disk will work the same way next month as it does today. Its terms cannot change. Its pricing is your electricity bill. Its privacy policy is whatever you make of your own operating system.

For developers who think of their tools as extensions of their craft, that stability is worth something. For developers who handle other people's confidential material, it is the only defensible default.

The May 2026 toolchain for privacy-first AI development is mature enough to adopt today. The setup is a one-time afternoon. The benefits — to your compliance posture, your client relationships, and the stability of your daily workflow — are continuous. If you have not already, this week is a good week to make the switch.

If you want the chat-and-document piece handled for you without configuring anything, Hey Eduardo is a one-click download for Mac and runs entirely on your device. The model lives on your hard drive. Your data stays on your machine. Always.

Sources & Citations

  1. GitHub Blog. “Updates to GitHub Copilot interaction data usage policy.” March 25, 2026. github.blog
  2. Lakera. “Cursor Vulnerability — CVE-2025-59944.” 2025. lakera.ai; The Hacker News. “Cursor AI Code Editor Flaw Enables Silent Code Execution.” September 2025. thehackernews.com
  3. Bloomberg. “Samsung Bans Generative AI Use by Staff After ChatGPT Data Leak.” May 2023. bloomberg.com
  4. Veracode. “Industry Report on AI-Generated Code Security — 45% Vulnerability Rate.” 2025/2026.
  5. The Register. “GitHub backs down, kills Copilot pull-request ads after backlash.” March 30, 2026. theregister.com
  6. NxCode. “Is GitHub Copilot Getting Worse in 2026? What Changed & Why Devs Are Switching.” 2026. nxcode.io
  7. DEV Community. “How to Run DeepSeek Locally in 2026: Ollama, LM Studio & vLLM Setup Guide.” 2026. dev.to
  8. SitePoint. “Run Local LLMs 2026 — Complete Developer Guide.” 2026. sitepoint.com
  9. American Bar Association. “Ethical Obligations to Protect Client Data when Building AI Tools.” americanbar.org; ABA Formal Opinion 512 (July 2024). americanbar.org
  10. Chapman and Cutler LLP. “Federal Court Rules That AI-Generated Documents Are Not Protected by Privilege (US v. Heppner).” February 2026. chapman.com
  11. The Hacker News. “Critical MCP Server Vulnerabilities Disclosed — Early 2026.” thehackernews.com
  12. Huntress. “What the OpenAI Court Order Means for Cybersecurity and Privacy.” May 2025. huntress.com
  13. SitePoint. “Local vs Cloud AI Coding: Latency, Privacy & Performance Guide.” 2026. sitepoint.com
  14. iCreativez. “8 Best Local LLM Setups for Privacy-Conscious Freelancers.” 2026. icreativez.com
  15. Linklaters. “Protecting Proprietary Algorithms in 2026: A Strategic Imperative.” 2026. techinsights.linklaters.com