When Privacy Mode is off, named third-party inference providers (Baseten, Together AI, Fireworks) may temporarily access and store your prompts and model outputs, with deletion stated to occur after use.
This analysis describes what Cursor's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision discloses that three named third-party companies may access and temporarily store model inputs and outputs, which may include code snippets and prompts, when Privacy Mode is disabled.
Interpretive note: The document does not define 'temporary' or 'after use' in quantitative terms, and does not address whether data processing agreements or international transfer mechanisms are in place for these providers.
The document states that Baseten, Together AI, and Fireworks may temporarily access and store model inputs and outputs when Privacy Mode is off, with the qualifier that this data is deleted after use; the document does not define the duration of 'temporary' storage or specify what 'after use' means operationally.
Cross-platform context
See how other platforms handle Third-Party Inference Provider Temporary Data Access and similar clauses.
Compare across platforms →Monitoring
Cursor has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Some of our inference providers, including Baseten, Together AI, and Fireworks, may temporarily access and store model inputs and outputs to improve our inference performance; this data is deleted after use.— Excerpt from Cursor's Cursor Data Use & Privacy Overview
(1) REGULATORY LANDSCAPE: This provision implicates GDPR Article 28 regarding data processor obligations and the requirement for data processing agreements with sub-processors. CCPA and CPRA disclosure requirements apply to the sharing of user data with named third parties. The document does not state whether data processing agreements with these providers are in place, nor does it address international data transfer mechanisms for EU/EEA data. FTC oversight of third-party data handling representations is also relevant. (2) GOVERNANCE EXPOSURE: Medium. The disclosure names specific providers and characterizes the retention as temporary with deletion after use, which provides more specificity than generic third-party sharing disclosures. However, the document does not define 'temporary' or 'after use,' and does not address what contractual controls govern these providers' handling of the data. (3) JURISDICTION FLAGS: EU/EEA users face heightened exposure: data transfers to US-based inference providers require a valid transfer mechanism under GDPR. The document does not address Standard Contractual Clauses or other transfer mechanisms for Baseten, Together AI, or Fireworks. Enterprise users in regulated industries should assess whether disclosure to these providers is compatible with their confidentiality or regulatory obligations. (4) CONTRACT AND VENDOR IMPLICATIONS: Procurement and vendor management teams should request data processing agreements or sub-processor addenda covering Baseten, Together AI, and Fireworks. The document's assertion of deletion 'after use' should be verified contractually. Organizations subject to GDPR should assess whether sub-processor agreements meet Article 28 requirements. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should request Cursor's sub-processor list and data processing agreements, verify the deletion timeline and mechanism for each named provider, and assess whether this disclosure triggers notification obligations under applicable data protection law.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision discloses that three named third-party companies may access and temporarily store model inputs and outputs, which may include code snippets and prompts, when Privacy Mode is disabled.
The document states that Baseten, Together AI, and Fireworks may temporarily access and store model inputs and outputs when Privacy Mode is off, with the qualifier that this data is deleted after use; the document does not define the duration of 'temporary' storage or specify what 'after use' means operationally.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Cursor.