Big tech companies have AI governance committees, in-house lawyers reviewing vendor contracts, and dedicated procurement processes. Freelance developers and small agencies have none of that — but they have the same NDA obligations, the same client IP protection requirements, and arguably more exposure per developer because each project involves a different client's confidential code. This guide is for the developers and agencies who care about doing AI right when no one else is going to enforce it for them.

What Actually Goes Wrong

Three scenarios cover the bulk of developer AI compliance failures:

The NDA breach. Developer signs an NDA with a client. Pastes confidential code, architectural design, or business logic into ChatGPT to get debugging help. The NDA prohibits disclosure of confidential information to third parties. ChatGPT is a third party. Breach.

The IP contamination. Developer uses ChatGPT to help refactor client code. ChatGPT's output may be influenced by other code in its training data, potentially injecting licensed material into the client's codebase. Client now has code of uncertain provenance.

The portfolio problem. Developer's prior client code is in ChatGPT's session history. Current client's code is in the same session. ChatGPT's outputs may bleed information between contexts. Both clients potentially exposed.

The Contract Frame

Unlike regulated professions, developers don't have a single regulatory framework. The constraint is contract — specifically, the NDA, MSA, and engagement letter terms you signed.

Standard NDAs prohibit disclosure of “confidential information” to third parties. Confidential information typically includes the client's source code, business logic, design documents, and any non-public technical details.

Standard MSAs include similar protections plus IP assignment clauses (deliverables become client property) and sometimes warranties that the work doesn't infringe third-party IP.

Submitting client code to consumer AI tools may breach all three provisions. The fact that the disclosure happens via paste-into-chat rather than email-attachment-to-competitor doesn't change the contractual analysis.1

The 2026 reality check: GitHub Copilot made code training opt-out by default in March 2026. Cursor logged 7 CVEs in 2025. ChatGPT is under a federal preservation order on all output logs. The status quo of “just use whatever” for client work has clear contractual and security problems.2

The Two Categories of Developer AI Use

Most developer AI usage splits into two distinct categories with different compliance profiles.

Category A: Inline coding AI. Autocomplete, code generation from comments, refactoring suggestions inside the IDE. Tools: Copilot, Cursor, Tabnine, Codeium, Continue.dev with local models.

Category B: Chat-and-document AI. Reading NDAs, analyzing security findings, drafting client emails, working through architectural decisions, explaining unfamiliar code. Tools: ChatGPT, Claude.ai, Gemini, local chat AI like Hey Eduardo.

The privacy-first stack uses local tools for both categories — Ollama with Continue.dev for the IDE, on-device chat AI for documents and research. See our Developer AI Privacy Guide for the full stack architecture.

Workflow 1: Code Generation and Completion

The use case: writing new code, completing repetitive patterns, generating boilerplate, exploring API integrations.

The AI workflow: AI completes code as you type or generates blocks from natural-language descriptions.

Contract check: Consumer Copilot (post-March 2026) trains on your code by default. Code you write while Copilot is active may be used to improve future Copilot. If the code is your client's confidential property, this may be a contract violation.

Cleanest approach: Local model + Continue.dev for client work. Copilot Business or Enterprise (which don't train on inputs) for client work if your client's contract permits.

Workflow 2: Code Review and Refactoring

The use case: improving existing code — refactoring for clarity, identifying bugs, suggesting performance improvements, modernizing legacy patterns.

The AI workflow: paste code into AI, ask for review, refactoring suggestions, or specific improvements.

Contract check: Client code is confidential. Paste-into-chat creates the disclosure. Same tier rules apply.

Workflow 3: Reading and Understanding Code

The use case: understanding unfamiliar codebases when joining new client engagements, reading library source to understand behavior, decoding legacy patterns.

The AI workflow: paste code, ask for explanation. Particularly valuable for learning new codebases quickly.

Contract check: If the code is open-source or your own, unrestricted. If client confidential code, Tier 2 or 3.

Workflow 4: Documentation

The use case: generating code comments, README files, API documentation, architecture decision records, onboarding documentation.

The AI workflow: feed AI the code and context, get drafted documentation.

Contract check: Documentation about client code is client-confidential. Tier 2 or 3.

Workflow 5: Research and Architecture Decisions

The use case: researching technical decisions — database choice, framework selection, architecture patterns. Discussing trade-offs.

The AI workflow: discuss problems abstractly with AI, get pros/cons and recommendations.

Contract check: Abstract architecture discussions with no client identifiers — Tier 1 fine. Architecture decisions specific to client business requirements — Tier 2 or 3.

Workflow 6: Client Communication and Documentation

The use case: drafting client emails, status updates, incident postmortems, explanation of technical issues for non-technical clients.

The AI workflow: provide context, ask for client-appropriate drafts.

Contract check: Client communications and incident details are client-confidential. Tier 2 or 3.

46% vs 9%
Claude Code “most loved” rating vs Copilot in 2026 — privacy concerns driving migration
45%
of AI-generated code contains real security vulnerabilities (Veracode)
100K+
GitHub stars on Ollama — fastest dev-tool adoption curve in 2026

The Three-Tier System for Developers and Agencies

Tier 1 — Public AI: Approved for general technical research with no client-specific content, learning new technologies, contributing to your own personal projects, drafting public-facing technical content. Prohibited for any client code or NDA-covered material.

Tier 2 — Enterprise AI with contracts: Copilot Business, Copilot Enterprise, ChatGPT Enterprise, Claude for Enterprise. Approved for client work if your client's contract permits and the vendor agreement includes zero-retention provisions appropriate for your NDA terms.

Tier 3 — On-Device AI: Local coding stack (Ollama + Continue.dev) plus on-device chat AI (Hey Eduardo). Approved for any client work without restriction. Cleanest contract compliance because no third party receives client material.

Sample MSA Addendum Language

Update your standard MSA or engagement letter to address AI use proactively. Suggested language:

“Contractor may use artificial intelligence tools to assist with code generation, analysis, research, and related tasks. For any work involving Client's confidential information, source code, or proprietary material, Contractor will use AI tools that either (a) operate entirely on Contractor's local hardware so that Client information is not transmitted to any third party, or (b) are subject to written agreements with the AI vendor prohibiting use of Client information for model training and requiring deletion of inputs after processing. Contractor reviews all AI-generated work product before delivery and remains fully responsible for its accuracy and quality. Contractor warrants that deliverables will not contain code knowingly derived from any third-party copyrighted source without appropriate license.”

For sophisticated enterprise clients, expect this kind of language to be explicitly required in the next round of MSA negotiations.

The Code Provenance Question

AI-generated code may incorporate patterns from training data of unknown license status. For deliverables under MSA warranties about non-infringement, this creates legal risk that doesn't exist when you write the code yourself.

Mitigation: review AI-generated code for fitness, originality, and recognizability before integrating into deliverables. For code that's recognizably similar to specific open-source projects, verify licensing compatibility or rewrite.

Part of our AI by Profession cluster: See the pillar guide. For the broader developer AI privacy stack, see our Developer AI Privacy Guide. For the architectural foundation, see the On-Device AI pillarand our Developers landing page.

Sources & Citations

  1. Linklaters. “Protecting Proprietary Algorithms in 2026.” techinsights.linklaters.com
  2. GitHub Blog. “Updates to GitHub Copilot interaction data usage policy.” March 25, 2026. github.blog
  3. NxCode. “Is GitHub Copilot Getting Worse in 2026?” nxcode.io
  4. Lakera. “Cursor Vulnerability CVE-2025-59944.” lakera.ai
  5. SitePoint. “Local vs Cloud AI Coding: Latency, Privacy & Performance.” sitepoint.com
  6. The Hacker News. “Cursor AI Code Editor Flaw.” September 2025. thehackernews.com