Cursor Data Use & Privacy Overview

This document is Cursor's 'Data Use & Privacy Overview,' last updated October 20, 2025, published by Anysphere, Inc., governing how user code, prompts, and related data are handled depending on the privacy settings selected within the Cursor AI code editor. The document states that with Privacy Mode enabled, zero data retention is applied at the model-provider level and no code will be trained on by Cursor or any third party; with Privacy Mode disabled, the terms authorize Cursor to use and store codebase data, prompts, editor actions, code snippets, and other code data to improve AI features and train models, and to share prompts and limited telemetry with explicitly selected model providers. A notable operational distinction is the disclosure that even when users supply their own API keys, requests still route through Cursor's backend for prompt building, which means user-supplied API key usage does not bypass Cursor's data pipeline; additionally, inference providers including Baseten, Together AI, and Fireworks may temporarily access and store model inputs and outputs when Privacy Mode is off, with deletion stated to occur after use. The document engages GDPR and CCPA frameworks given its global user base and the nature of code data, which may contain personal data in jurisdictions where source code or prompts are treated as personal information; the footnote carve-out stating that data will not be shared with model providers for accounts created before October 15, 2025, creates a class-based data treatment distinction that may require evaluation under notice and consent requirements. The document references but does not reproduce a full Privacy Policy at cursor.com/privacy and a security page at cursor.com/security, meaning this overview is not the complete governing document for data practices.