Opencode Privacy Policy is Concerning
Opencode's newest privacy policy, which went into effect December 16th, is extremely concerning. It is the polar opposite of their previous stance with not holding any data except for Anthropic and OpenAI's 30-day retention period, and should be especially concerning to all users who use zen or are planning to use the new black subscription.
It basically states that they collect all usage data, can store it "as long as necessary," and they can share it with service providers, business partners, authorized third parties, government/law encforcement when required, and explicitly state that they will use it for marketing purposes. I was actually planning on switching to Opencode black from my Claude Pro plan, but at the very least Claude gives you a very clear 30-day retention number and provide some protections against using the data for marketing purposes. If you care about privacy at all, please spread the word and urge the Opencode team to at least make more clear their data retention policies or even try to change their stance on privacy completely.
Do they collect all of this kinda stuff if you're not using their models?
It's opensource, it's not like you can't look at the code to see what is happening.
I just checked with opencode and the answer is no.
I have found some strange behaviour in terms of privacy in opencode CLI
https://github.com/anomalyco/opencode/issues/8609
I was really surprised seeing how my session data was sent to opencode servers for literally no reason.
There is no step to reproduce the alleged observed behaviour, so I would take that with a grain of salt at first glance. I am not saying it isn't true, but the reporter doesn't provide enough evidences to definitely conclude this is the case.
If you read the issue though you can easily recreate it and in the code it shows the mismatch. While explicit steps to reproduce should be included, if you’re not to see the issue or reproduce it with that info that’s on the reader not the reporter.
I am honestly pretty shocked this happens… really concerning
One thing I don't fully understand: is this about using opencode (the tool), or about using their Zen service?
I’m really not sure, but you can assume both since this is their overall privacy policy for the whole of “Opencode”
One great thing they did (kudos to Dax and team) - is to make it MIT. I think better privacy, especially as local models become more feasible, will be increasingly attractive vs claudecode. If they don't do it, maybe someone can fork and do it. I understand not easy.
From what I can see, privacy policy covers how they handle personal data - i.e. name, email, phone number etc. The Content (Inputs + Outputs) are described in Terms and conditions, and I don't see anything alarming there (so far) - as long as you use third-party or local services, no content is retained by Opencode.
"Other Identifying Information that You Voluntarily Choose to Provide such as information included in conversations or prompts that you submit to AI."
That reads to me like all conversation data is fair game, but let me know if I'm wrong there
I had similar concerns reading the ToS, so I had Claude Code do a security audit on the actual code base (2026/01/18), focusing on CLI use. Specifically, I wanted to know if prompts or data were either directly or indirectly being sent anywhere besides the underlying model provider I am using.
TL;DR: No, when using a third party LLM (i.e., not opencode's LLM) via the CLI, opencode doesn't access any prompts or data unless you use the /share command, or have set a key environmental variable, OPENCODE_AUTO_SHARE; Any stored states, prompts, or data are local to your machine (e.g., ~/<user>/.opencaude/)
Theyre trending in the same trajectory as "Open"AI, Cline etc. Just call it "open" to get community momentum and the once there is sufficient traction, start the fuckery to maximize profits, appease investors etc.
Unlike Claude Code, you can see the source of OpenCode and exactly what they’re collecting.
Unlike Claude Code, you’re not locked into their policies at all. It’s MIT and you can fork it if you want.
Is opencode black open source?
I was referring to if this policy applies to opencode broadly. No idea re: black.
https://www.reddit.com/r/opencodeCLI/s/MO4mwGECH5
I use opencode strictly because I don’t want my local developer tooling to come with vendor / model lock in.
Data is gold
Diamond
Time to use OpenClone
Ok I read all this and IDK. Legal buzzwords don’t mean shit. Code is where it is. All the closed providers of course dgaf.
Now opencode by being a provider probably had some lawyer draft shit to say whatever so they can sell black for $200 a month.
That said, if someone can cite anything reasonable-and that GitHub comment above I couldn’t replicate, then we can do pitchfork sales too.
Meanwhile, grains of salt is warranted at this time…
but it seems they collect only personal tracking data (like user with this IP has N agents and used M features) rather storing the source code. Last one would be very worrying indeed, but it's not listed in privacy policy as data they collect.
Also as you normally do not login in the OpenCode itself, imo it's not a massive risk that they store some usage analytics. Would make sense for them to have some expiration for that data, but I guess it will come with time.
I mean, it's open source, right? You can literally use it to castrate its own code base, and tear out whatever snitch code they put in there.
The opencode zen platform isn't open source, is it? Kinda hard to tell what of our queries they save from looking at the client source code.
I did not dig but the change may be for a few simple reasons:
opencode uses the model of sessions so it may indeed to keep data for a while until the session is close. In theory that could be months. That being said, this is mostly local but that means that months after you started your session, the session's context will still be sent
since opencode uses multiple models, their term probably also need to match the weakest and the real conditions depend on the underlying model(s) you are using.
To clarify, they probably should clearly explain the diff between opencode the cli, the data they may gather from the cli and the data related to the models used for the processing.
nothing is ever free 😂