Compare data usage governance provisions between GitHub and Cursor. Provisions are extracted from monitored governance documents and classified by severity.
This provision clarifies the data governance structure within organizational deployments, allocating responsibility and control authority between GitHub and the organization, which affects compliance obligations and data handling authority within the enterprise context.
Consumer impact
Under this clause, members of organization or enterprise accounts are subject to data access and processing by their organization's administrator, as the organization retains data controller status and authority over member personal data while GitHub processes that data according to the organization's instructions.
Opt-out available
No opt-out available
Actual clause text
If you use GitHub as part of an organization or enterprise account, your organization's administrator may have access to your personal data. GitHub processes personal data on behalf of the organization in its capacity as a data processor, and the organization is the data controller responsible for the personal data of its members.
AI-extracted from source document. Verify against original for legal use.
This clause establishes Cursor's operational data practice boundaries under state privacy law frameworks, limiting the categories of data monetization and behavioral profiling activities the service conducts, which affects the scope of permissible data uses under the agreement.
Consumer impact
Users operate under terms where Cursor's data processing excludes sale or sharing for cross-contextual behavioral advertising, targeted advertising activities as legally defined, and sensitive data inference operations. This restricts the range of secondary uses Cursor may apply to personal data collected during service provision.
Opt-out available
No opt-out available
Actual clause text
No sale or targeted advertising: We do not "sell" or "share" personal data for cross-contextual behavioral advertising, and we do not process personal data for "targeted advertising" purposes (as those terms are defined under applicable US state privacy laws). We also do not process sensitive personal data for the purposes of inferring characteristics about a consumer.
AI-extracted from source document. Verify against original for legal use.
Stripe's arbitration clause is narrower than Amazon's in one key respect: it includes a small claims court carve-out that Amazon's clause does not. PayPal's clause is the most aggressive of the three, explicitly waiving jury trial rights in addition to class action rights. From a compliance perspective, Amazon presents the lowest risk for B2B contracts while PayPal creates the highest exposure for consumer-facing applications subject to CFPB oversight.