Compare privacy rights governance provisions between GitHub and Cursor. Provisions are extracted from monitored governance documents and classified by severity.
The policy states GitHub relies on Standard Contractual Clauses for international transfers, which is the standard legal mechanism post-Schrems II; however, adequacy of these transfers depends on supplementary technical and organizational measures that are not detailed in the policy itself.
Consumer impact
EU, UK, and Swiss users' personal data is transferred to the United States and potentially other countries, with Standard Contractual Clauses cited as the legal basis; the sufficiency of those measures depends on supplementary safeguards not fully described in this document.
Opt-out available
No opt-out available
Actual clause text
GitHub may transfer personal data to countries outside of your home country, including to the United States where GitHub is headquartered. For transfers from the EEA, UK, or Switzerland to countries not considered to provide an adequate level of protection, GitHub relies on Standard Contractual Clauses approved by the European Commission. GitHub's Data Protection Officer can be contacted for further information.
AI-extracted from source document. Verify against original for legal use.
This provision places contractual responsibility on users to ensure they do not input regulated data types such as medical records or financial account information into Cursor, which is significant for enterprise users and developers working with sensitive data.
Consumer impact
Under this provision, users who submit HIPAA-regulated health information, PCI-DSS payment card data, or GLBA-regulated financial data to the Service are in breach of these Terms; enterprise teams integrating Cursor into development workflows involving such data categories should establish technical controls to prevent prohibited submissions.
Opt-out available
No opt-out available
Actual clause text
you may not:... (x) send or otherwise provide to Anysphere data or information that is subject to specific protections under applicable laws beyond any requirements that apply to "personal information" or "personal data" generally, such as for illustrative purposes, information that is regulated by the Health Insurance Portability and Accountability Act, the Payment Card Industry Data Security Standard, the Gramm-Leach-Bliley Act, and other U.S. federal, state or foreign laws applying specific security standards
AI-extracted from source document. Verify against original for legal use.
Stripe's arbitration clause is narrower than Amazon's in one key respect: it includes a small claims court carve-out that Amazon's clause does not. PayPal's clause is the most aggressive of the three, explicitly waiving jury trial rights in addition to class action rights. From a compliance perspective, Amazon presents the lowest risk for B2B contracts while PayPal creates the highest exposure for consumer-facing applications subject to CFPB oversight.