Cursor · Cursor Data Use & Privacy Overview · View original document ↗

Codebase indexing uploads code to Cursor servers

Medium severity High confidence Explicitdocumentlanguage Common · 300 of 352 platforms
Share 𝕏 Share in Share 🔒 PDF
Monitor governance changes for Cursor Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.

This analysis describes what Cursor's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

Codebase indexing is an opt-in action that results in code being transmitted to Cursor's servers, which affects where the user's code resides.

Recent Activity

This document changed recently

Medium Jun 10, 2026

The updated policy clarifies that Cursor maintains zero data retention agreements with all AI model providers and customer data will not be used for training by Cursor. However, the policy now explicitly discloses that model providers may run risk classifiers to detect policy violations, and if your prompts or conversations trigger abuse detectors, your data may be stored for investigation and deleted according to the provider's retention policies. The policy removed the previous blanket statement that code would never be trained on by Cursor or third parties, replacing it with more specific disclosure of abuse detection practices. You can review OpenAI and Anthropic's documentation directly for details on their specific retention policies.

View change record →

Consumer impact (what this means for users)

If the reader chooses to index their codebase, their code will be uploaded to Cursor's servers in small chunks.

How other platforms handle this

GitHub Medium

GitHub Codespaces and github.dev offer Visual Studio Code in a web browser, where some telemetry is collected by default.

ZipRecruiter Medium

authorize ZipRecruiter to connect your account to the account of a "Connected Site" (e.g., Google, LinkedIn, Monster, Facebook or Twitter), we may be able to access information you have provided to the Connected Site...

NVIDIA NIM Medium

telemetry information collected includes: (i) microservice settings, (ii) usage data and (iii) hardware environment.

See all platforms with this clause type →

Monitoring

Cursor has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Get Monitor Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
If you choose to index your codebase, Cursor will upload your codebase in small chunks to our server to compute embeddings

— Excerpt from Cursor's Cursor Data Use & Privacy Overview

Applicable regulations

EU AI Act
European Union
California AB 2013 AI Training Data Transparency
US-CA
CCPA/CPRA
California, USA
Connecticut Data Privacy Act Amendments
US-CT
ePrivacy Directive
European Union
FTC Act Section 5
United States Federal
GDPR
European Union
Indiana Consumer Data Protection Act
US-IN
Kentucky Consumer Data Protection Act
US-KY
Universal Opt-Out Mechanism Expansion 2026
US

Provision details

Document information
Document
Cursor Data Use & Privacy Overview
Entity
Cursor
Document last updated
May 11, 2026
Tracking information
First tracked
July 9, 2026
Last verified
July 9, 2026
Record ID
CA-P-059549
Document ID
CA-D-00764
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
b99e852f1ad6e7f2138edb3e355e61411f60e79b811fb2af6c88fcd7ff48ef25
Analysis generated
July 9, 2026 14:51 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: Cursor
Document: Cursor Data Use & Privacy Overview
Record ID: CA-P-059549
Captured: 2026-07-09 14:51:27 UTC
SHA-256: b99e852f1ad6e7f2…
URL: https://conductatlas.com/platform/cursor/cursor-data-use-privacy-overview/provision/CA-P-059549/codebase-indexing-uploads-code-to-cursor-servers/
Accessed: July 12, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
Medium
Categories

Other risks in this policy

Related Analysis

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Get Compliance

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Cursor's Codebase indexing uploads code to Cursor servers clause do?

Codebase indexing is an opt-in action that results in code being transmitted to Cursor's servers, which affects where the user's code resides.

How does this clause affect you?

If the reader chooses to index their codebase, their code will be uploaded to Cursor's servers in small chunks.

How many platforms have this type of clause?

ConductAtlas has identified this type of provision across 300 platforms. See the full comparison.

Is ConductAtlas affiliated with Cursor?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Cursor.