Privacy & Governance
Individual Copilot is useful for personal productivity. Copilot Business and Copilot Enterprise change the privacy posture by adding organization-level contractual protections, retention defaults, policy controls, and admin visibility for teams using Copilot inside VS Code and other clients.
Plain-English Answer
The biggest enterprise difference is that the organization, not each individual developer, controls the privacy and governance defaults.
GitHub says it does not use Copilot Business or Copilot Enterprise data to train GitHub's models. Individual subscribers can opt out, but the enterprise posture is a plan-level commitment rather than a personal preference.
For Business and Enterprise customers using Copilot through an IDE for chat and code completions, GitHub's default is that prompts and suggestions are not retained.
Enterprise owners can control feature and model availability, public-code matching behavior, previews, and related Copilot settings across the enterprise or delegate them to organizations.
GitHub says Copilot Enterprise now supports a US data residency option, with EU residency and FedRAMP Moderate support planned next. Regulated teams should confirm eligibility before making policy decisions.
Side-by-Side
Use this table when deciding what actually changes for a developer working in VS Code.
| Privacy Area | Individual Copilot | Business / Enterprise Copilot | Why It Matters |
|---|---|---|---|
| Model training | Interaction data may be used to train and improve models unless the individual opts out. | Business and Enterprise data is not used to train GitHub's models. | Enterprise removes this from individual preference management. |
| IDE retention defaults | Governed by individual subscriber terms and settings. | For IDE chat and code completions, prompts and suggestions are not retained by default. | The VS Code workflow gets a stronger default data-minimization posture. |
| Contractual data terms | Handled under GitHub terms for individual subscribers. | Business and Enterprise customers can use GitHub's Data Protection Agreement. | This supports enterprise privacy, procurement, and compliance review. |
| Public-code matching | The user can manage their own suggestions-matching-public-code setting. | Admins can enforce or delegate public-code matching policy across organizations. | Teams can apply one consistent rule for license and provenance risk. |
| Feature and model access | The individual chooses from features and models available to their subscription. | Enterprise owners can control available Copilot features, previews, and model choices. | Security teams can limit high-risk or preview behavior before rollout. |
| Sensitive repository content | Developers must manage their own habits and local project boundaries. | Organizations can configure content exclusion so selected files are ignored by Copilot. | Secrets, regulated material, and internal-only files can be kept out of context. |
| Visibility and auditability | Visibility is primarily personal. | Organizations and enterprises get usage metrics, code generation dashboards, and audit logs. | Leaders can monitor adoption and governance without inspecting private code directly. |
| Data residency and compliance | Depends on the individual product terms and account setup. | Copilot Enterprise has a US data residency option, with EU residency and FedRAMP Moderate listed by GitHub as planned. | This matters for regulated teams that need regional controls or formal authorization paths. |
Admin Layer
Enterprise Copilot is less about a different VS Code button and more about managed defaults around the button.
Enterprise owners can set policies centrally or allow organization owners to choose. This can cover feature availability, model access, and preview participation.
Organizations can exclude files from Copilot context. That is useful for secrets, generated files, regulated data, customer-specific material, or code that should never be sent as prompt context.
The public-code matching filter can suppress suggestions that match public GitHub code above GitHub's matching threshold. In enterprise settings, admins can apply that choice consistently.
Enterprise reporting helps teams understand adoption, generated-code activity, and policy changes without relying on informal developer self-reporting.
Developer View
The day-to-day UI may look familiar, but the data handling changes behind the session.
When a developer signs into VS Code with an account licensed through Copilot Business or Enterprise, the session uses the organization's Copilot entitlement and policies. That means the enterprise settings for model access, retention defaults, public-code matching, and content exclusions can apply while the developer works in the editor.
This does not remove every privacy responsibility. Developers should still avoid pasting unnecessary secrets, customer data, credentials, or production incidents into prompts. Enterprise controls reduce risk and create enforceable defaults; they do not replace source control hygiene, least privilege, or secrets management.
Reference Links
These official pages are the basis for the privacy and governance claims above.