Turning on Privacy Mode prevents your code from being used to train Cursor's or any third party's AI models, though Cursor may still store some code data to deliver features.
This analysis describes what Cursor's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes Privacy Mode as the operative mechanism for preventing code and prompt data from being used as AI training data, but notes that even with Privacy Mode on, Cursor may retain some code data for feature delivery purposes.
Interpretive note: The scope of code data that Cursor may retain for 'extra features' even when Privacy Mode is enabled is not defined in this document, creating ambiguity about the completeness of the training opt-out.
Users who enable Privacy Mode receive a stated guarantee that no code will be trained on by Cursor or third parties, though the document does not specify which feature-related code data may still be stored or for how long.
How other platforms handle this
California law gives residents the right to know what personal information we collect, use, share or sell; to delete personal information under certain circumstances; to opt-out of the sale or sharing of their personal information; to correct inaccurate personal information; to limit the use and dis...
If you would like to opt out of the disclosure of your personal information for purposes that could be considered "sales" for those third parties' own commercial purposes, or "sharing" or processing for purposes of targeted advertising, please visit the following link, which is also available in the...
Zendesk complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. When Zendesk transfers personal data from the EU, UK, or Switzerland to the United ...
Monitoring
Cursor has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"If you enable "Privacy Mode" in Cursor's settings: zero data retention will be enabled for our model providers. Cursor may store some code data to provide extra features. None of your code will ever be trained on by us or any third-party.— Excerpt from Cursor's Cursor Data Use & Privacy Overview
(1) REGULATORY LANDSCAPE: This provision implicates GDPR Articles 6 and 9 regarding lawful basis for processing and the principle of data minimization, particularly the assertion that some code data may still be stored even when Privacy Mode is enabled. The FTC Act is relevant to the accuracy and completeness of the opt-out representation. Enforcement authorities include the FTC and relevant EU data protection authorities. The document does not specify a legal basis for the residual code data storage under Privacy Mode, which may require evaluation under GDPR. (2) GOVERNANCE EXPOSURE: Medium. The provision makes a categorical commitment that no code will be trained on when Privacy Mode is enabled, but qualifies it with a carve-out for storing some code data for features. The scope of that carve-out is not defined in this document, creating potential ambiguity about the completeness of the opt-out. (3) JURISDICTION FLAGS: EU/EEA users and California residents face heightened exposure because the scope of residual data storage under Privacy Mode is undefined, and the document does not specify a legal basis or retention period for that storage. Enterprise deployments in regulated industries such as financial services or healthcare should assess whether this carve-out is compatible with their data handling obligations. (4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise procurement teams should confirm in contract schedules whether Privacy Mode is the default for their deployment and what specific data categories fall under the feature-delivery carve-out. The document does not address whether enterprise agreements provide additional contractual protections beyond this overview. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should document the default state of Privacy Mode for their organization's accounts, obtain clarification from Cursor on which data is retained under the feature-delivery carve-out, and assess whether that retention requires a data processing agreement or privacy notice update.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes Privacy Mode as the operative mechanism for preventing code and prompt data from being used as AI training data, but notes that even with Privacy Mode on, Cursor may retain some code data for feature delivery purposes.
Users who enable Privacy Mode receive a stated guarantee that no code will be trained on by Cursor or third parties, though the document does not specify which feature-related code data may still be stored or for how long.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Cursor.