This analysis describes what Cursor's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Users who supply their own API key may assume their requests go directly to the model provider, but this clause establishes that Cursor's backend remains an intermediary for all requests.
The updated policy clarifies that Cursor maintains zero data retention agreements with all AI model providers and customer data will not be used for training by Cursor. However, the policy now explicitly discloses that model providers may run risk classifiers to detect policy violations, and if your prompts or conversations trigger abuse detectors, your data may be stored for investigation and deleted according to the provider's retention policies. The policy removed the previous blanket statement that code would never be trained on by Cursor or third parties, replacing it with more specific disclosure of abuse detection practices. You can review OpenAI and Anthropic's documentation directly for details on their specific retention policies.
View change record →Regardless of whether a reader uses their own API key, their requests are routed through Cursor's backend infrastructure.
How other platforms handle this
We may need to verify your identity in order to process your information, access, correction, or deletion requests and we reserve the right to confirm your California residency.
our services rely on cookies to function properly, for things like remembering your language preferences.
We maintain administrative, technical, and physical safeguards in accordance with appropriate industry standards that are designed to protect against unauthorized use, disclosure, or access to personal information.
Monitoring
Cursor has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Even if you use your API key, your requests will still go through our backend! That's where we do our final prompt building.— Excerpt from Cursor's Cursor Data Use & Privacy Overview
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Users who supply their own API key may assume their requests go directly to the model provider, but this clause establishes that Cursor's backend remains an intermediary for all requests.
Regardless of whether a reader uses their own API key, their requests are routed through Cursor's backend infrastructure.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Cursor.