When Privacy Mode is off, named third-party inference providers (Baseten, Together AI, Fireworks) may temporarily access and store your prompts and model outputs, with deletion stated to occur after use.
This analysis describes what Cursor's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision discloses that three named third-party companies may access and temporarily store model inputs and outputs, which may include code snippets and prompts, when Privacy Mode is disabled.
Interpretive note: The document does not define 'temporary' or 'after use' in quantitative terms, and does not address whether data processing agreements or international transfer mechanisms are in place for these providers.
The document states that Baseten, Together AI, and Fireworks may temporarily access and store model inputs and outputs when Privacy Mode is off, with the qualifier that this data is deleted after use; the document does not define the duration of 'temporary' storage or specify what 'after use' means operationally.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
We may share your information with third-party vendors and service providers that perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance. We may also share your information with third-party advertising p...
We may also share your personal information with third parties that assist us in providing our services, or where we are under an obligation to report to. But rest assured: we will only ever share your personal information in the limited circumstances described in this Policy.
Monitoring
Cursor has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Some of our inference providers, including Baseten, Together AI, and Fireworks, may temporarily access and store model inputs and outputs to improve our inference performance; this data is deleted after use.— Excerpt from Cursor's Cursor Data Use & Privacy Overview
(1) REGULATORY LANDSCAPE: This provision implicates GDPR Article 28 regarding data processor obligations and the requirement for data processing agreements with sub-processors. CCPA and CPRA disclosure requirements apply to the sharing of user data with named third parties. The document does not state whether data processing agreements with these providers are in place, nor does it address international data transfer mechanisms for EU/EEA data. FTC oversight of third-party data handling representations is also relevant. (2) GOVERNANCE EXPOSURE: Medium. The disclosure names specific providers and characterizes the retention as temporary with deletion after use, which provides more specificity than generic third-party sharing disclosures. However, the document does not define 'temporary' or 'after use,' and does not address what contractual controls govern these providers' handling of the data. (3) JURISDICTION FLAGS: EU/EEA users face heightened exposure: data transfers to US-based inference providers require a valid transfer mechanism under GDPR. The document does not address Standard Contractual Clauses or other transfer mechanisms for Baseten, Together AI, or Fireworks. Enterprise users in regulated industries should assess whether disclosure to these providers is compatible with their confidentiality or regulatory obligations. (4) CONTRACT AND VENDOR IMPLICATIONS: Procurement and vendor management teams should request data processing agreements or sub-processor addenda covering Baseten, Together AI, and Fireworks. The document's assertion of deletion 'after use' should be verified contractually. Organizations subject to GDPR should assess whether sub-processor agreements meet Article 28 requirements. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should request Cursor's sub-processor list and data processing agreements, verify the deletion timeline and mechanism for each named provider, and assess whether this disclosure triggers notification obligations under applicable data protection law.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision discloses that three named third-party companies may access and temporarily store model inputs and outputs, which may include code snippets and prompts, when Privacy Mode is disabled.
The document states that Baseten, Together AI, and Fireworks may temporarily access and store model inputs and outputs when Privacy Mode is off, with the qualifier that this data is deleted after use; the document does not define the duration of 'temporary' storage or specify what 'after use' means operationally.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Cursor.