If you deploy on Vercel, your code might already be opted into AI model training.

You have until March 31, 2026 to opt out.

How to opt out right now

Go to Team Settings → Data Preferences. Toggle off AI model training.

This takes less than a minute. Do it before March 31, 2026 11:59:59 PST.

After that date, any data ingested while you were opted in may have been used. Opting out later only stops future collection. You can opt back in if you change your mind, but the data that was already collected is gone.

Now that you've handled that, let me explain what actually happened and what it means.

What changed?

Vercel updated their Terms of Service in March 2026. The update allows them to use customer code and Vercel agent chat data to train AI models.

Two things happen when you're opted in:

First, Vercel uses your code and agent conversations to improve their own AI models.

Second, Vercel shares your code with third-party AI providers for training their models.

They say personal information, environment variables, and API keys are anonymized and redacted before use. But your application logic, architecture, and business rules are included in the training dataset.

Who is affected?

Hobby plan users: opted in by default. This includes most students, indie developers, and side project builders.

Vercel has millions of developers on free-tier plans. Most will never read a TOS update email.

Trial Pro plan users: opted in by default.

Paid Pro plan users: opted out by default, but can opt in through Team Settings.

Enterprise plan users: excluded from AI model training entirely.

If you're on a Hobby plan and haven't changed any settings, you are currently opted in.

Is your code actually at risk?

Vercel says they anonymize sensitive data before using it for training. Environment variables, API keys, and account details are stripped.

But the code itself? Your functions, your API routes, your application structure? That's included.

Whether this matters depends on what you're building.

A personal blog template? Low risk.

A SaaS application with proprietary business logic? Real risk.

The question isn't whether Vercel will leak your secrets. The question is whether you're comfortable with your code becoming training data for AI models you don't control.

Are you locked into Vercel?

This depends on how deeply you've integrated with Vercel-specific features.

Quick way to evaluate:

You're NOT locked in if:

• Your app runs with next start on a standard Node.js server
• You use standard Postgres or another portable database
• Your image processing uses standard libraries rather than Vercel's Image Optimization API
• You don't depend on Vercel KV, Vercel Blob, or Vercel Edge Config

You ARE locked in if:

• Your application relies on Vercel Edge Functions with Vercel-specific APIs
• You use Vercel's ISR caching layer extensively
• You depend on Vercel KV or Vercel Blob for storage
• Your build process relies on Vercel-specific configuration that doesn't work elsewhere

First group? Migrating is a weekend project.

Second group? Plan for a longer migration. Start by replacing proprietary dependencies one at a time.

What are the best Vercel alternatives in 2026?

If the TOS change pushed you to evaluate alternatives, here are the realistic options.

Full-stack applications

This is where most developers hit a wall after leaving Vercel.

Your app isn't just a frontend. You have backends, databases, workers, cron jobs. Suddenly you're stitching together 3 different services and managing infrastructure you didn't sign up for.

We built Quave ONE Direct for exactly this.

Push your code and it runs. Built-in observability, automatic SSL, one-click rollbacks, managed databases, and support for multiple cloud providers.

Your code is yours. We don't use it to train AI models. We don't share it with third parties. There's no opt-out setting because there's nothing to opt out of.

We also migrate you for free. No 6-month project. Our engineering team handles it.

See how it works: https://quave.one/solutions/direct

Frontend and static sites

Cloudflare Pages is a strong alternative. Generous free tier, fast global CDN, and Next.js support that has improved significantly.

Worth testing with your specific setup to see if everything you need works out of the box.

Other full-stack options

Railway and Render are popular options. Both have good developer experience and work well for many use cases.

The tradeoff is that they run on a single cloud provider, which means less flexibility as you grow.

Maximum control

Self-host with Coolify or Dokploy on a VPS. You own everything.

The tradeoff is that you're also responsible for everything: updates, security, scaling, monitoring.

Should you leave Vercel?

That depends on your situation.

But let's be clear about what happened: free-tier users were opted in by default, with a short window to opt out before data collection begins.

The terms are public and the mechanism to opt out exists. But most users won't see the email or know to act on it.

If you stay: opt out now, start reducing Vercel-specific dependencies over time, and make sure your app can run elsewhere.

Portability isn't paranoia. It's engineering discipline.

If you leave: replace proprietary Vercel features first, then move hosting. Don't try to do everything at once.

What to do next

Vercel's March 2026 TOS update allows AI model training on customer code.

Hobby and trial plans are opted in by default. The opt-out deadline is March 31, 2026.

Go do it now if you haven't.

The bigger lesson: every proprietary feature you adopt from any platform is leverage they hold over you.

Build portable, stay portable, and read the TOS updates that show up in your inbox.

Your code is your intellectual property. Choose platforms that treat it that way.

Quave ONE Direct gives you full-stack deployment simplicity with built-in observability, multi-cloud support, and real human support. Your code stays yours. No AI training. No data sharing. No opt-out deadlines.

See how it works: https://quave.one/solutions/direct