This analysis describes what Cursor's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision clarifies that self-supplied API keys do not provide data isolation from Cursor's systems, which may be contrary to user expectations about API key use and affects how Privacy Mode settings apply to such requests.
With Privacy Mode disabled, the document states Cursor may store and use codebase data, prompts, editor actions, and code snippets to improve AI features and train models, and may share prompts and telemetry with third-party inference providers. Users who supply their own API keys should note the document states their requests still route through Cursor's backend for prompt building, regardless of API key source. You can enable Privacy Mode in Cursor's settings to apply zero data retention at the model-provider level and prevent your code from being used as training data.
How other platforms handle this
When you use an application built by a third-party that uses our API, that third-party operator may collect your personal data and have their own privacy policies that govern how they use it. OpenAI is not responsible for the privacy practices of these third-party operators. We recommend reviewing t...
If you access our generative AI services through the API, you're also responsible for ensuring your use, and the use by those who access the services through your platform, complies with our usage policies. You must implement appropriate safeguards to prevent prohibited uses by your users.
Your use of third-party APIs available through the RapidAPI platform is subject to the applicable API provider's terms of service, and you agree to comply with such terms. RapidAPI is not responsible for any third-party APIs or their terms.
Monitoring
Cursor has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Even if you use your API key, your requests will still go through our backend! That's where we do our final prompt building.— Excerpt from Cursor's Cursor Data Use & Privacy Overview
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision clarifies that self-supplied API keys do not provide data isolation from Cursor's systems, which may be contrary to user expectations about API key use and affects how Privacy Mode settings apply to such requests.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Cursor.