alt Hacker NewsIf they turned it on for business orgs, that would blow up fast. The line between "helpful telemetry" and "silent corporate data mining" gets blurry once your team's repo is feeding the next Copilot.
People are weirdly willing to shrug when it's some solo coder getting fleeced instead of a company with lawyers and procurement people in the room. If an account tier is doing all the moral cleanup, the policy is bad.
The individual/corporate asymmetry you're describing is standard across B2B SaaS. Slack, Notion, and Figma all include ML training carve-outs in enterprise DPAs that free users don't get. GitHub isn't doing anything unusual here — they're just doing it with code, which feels more sensitive than documents or messages because it might literally be your employer's IP you're working on from a personal account.
The interesting nuance is the enforcement mechanism. martinwoodward clarified below that exclusion happens at the user level, not the repo level: if you're a member of a paid org, your interaction data is excluded even on a free personal Copilot account. That's actually more protective than I expected — it handles the contractor case where someone works across multiple repos of varying org types.
The remaining ambiguity is temporal: if someone leaves an org, do their historical interactions get retroactively included? Policy answers to that question are hard to verify and even harder to audit.