What are the institutional and regulatory implications of this document?

(1) REGULATORY LANDSCAPE: This policy engages GDPR and UK GDPR (referencing transfer mechanisms for EEA and UK data flows to US servers and requiring adequate protection), CCPA and US state privacy laws (explicitly referencing rights to know, delete, correct, and the absence of sale or targeted advertising as defined under those laws), and COPPA-adjacent obligations for users under 18. The FTC has jurisdiction over privacy and unfair or deceptive practices for US users. EU data protection autho…

How does Cursor's Cursor Privacy Policy affect users?

The policy establishes that users' submitted code and text inputs and AI-generated suggestions are retained and processed according to stated training preferences, modifiable through account settings. For users on employer-provisioned accounts, the policy authorizes disclosure of account-related information to the employer organization and permits administrators to access and manage the user's service activity and account status.

How often is Cursor's Cursor Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Cursor updates this document?

Yes. Monitor subscribers ($19/month) can add Cursor to their watchlist and receive same-day email alerts whenever this document or any other Cursor document changes.

CA-D-000452

Cursor Privacy Policy

Cursor

Last change detected April 29, 2026 Privacy policy

SHA-256: 8bd4582800da5507b60… 1 version captured 0 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Cursor ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

10 Total

1 High severity

8 Medium severity

1 Low severity

Summary

This document establishes Anysphere Inc.'s data collection and processing practices for the Cursor coding tool, website, and related services. The policy specifies that collected data includes user names, email addresses, payment information, submitted code and text inputs, generated suggestions, IP addresses, device identifiers, and service activity logs. The policy provides that inputs and suggestions are not used for AI model training by default, with exceptions for explicitly authorized feedback and security reviews; users may modify this setting through service controls.

Technical / Legal Breakdown

This document is Anysphere Inc.'s Privacy Policy (last updated October 6, 2025) governing the collection, use, disclosure, and processing of personal data for users of the Cursor software, platform, APIs, and related services at cursor.com. The policy states that Anysphere collects account identifiers (name, email), payment information, user-submitted Inputs and AI-generated Suggestions, device and browser information, IP addresses, log data, usage data, location-derived data, and cookie or pixel-based tracking data; the terms authorize use of this data for service operation, improvement, research, fraud prevention, and legal compliance. Notably, the policy explicitly states that Inputs and Suggestions are not used to train models unless the user has explicitly agreed, the content is flagged for security review, or the user reports it as Feedback; the policy also states Anysphere does not sell or share personal data for cross-contextual behavioral advertising, and does not make decisions based solely on automated processing with significant legal effects. The policy engages GDPR and UK GDPR for EEA and UK users (referencing legally valid transfer mechanisms for cross-border data flows), CCPA and applicable US state privacy laws (referencing rights to know, delete, correct, and opt out of sale or targeted advertising), and COPPA-adjacent obligations (stating the service is not directed at users under 18 and describing account deletion procedures for identified minors). The policy includes a separate carve-out for commercial or enterprise deployments where Anysphere acts as a data processor governed by customer agreements rather than this policy, which is a material distinction for organizations deploying Cursor for employee use.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

High — 1 provision

Enterprise Data Processor Carve-Out Compare →

If your employer or another organization set up your Cursor account, this privacy policy may not apply to you. Instead, how your data is handled is governed by the contract between Anysphere and that organization.

Added May 12, 2026 Standard Seen across 284 platforms

Medium — 8 provisions

AI Training Data Opt-In (Inputs and Suggestions) Compare →

Cursor states it does not use the code or text you type (Inputs) or the AI responses you receive (Suggestions) to train its models by default. This protection has three exceptions: if content is flagged for security review, if you report it as feedback, or if you explicitly opt in.

Added May 12, 2026 Standard Seen across 284 platforms
Business Account Administrator Access Compare →

If you signed up with a work email address, your employer may be able to see your account information and activity. Enterprise account administrators can access and manage how you use Cursor.

Added May 7, 2026 Standard Seen across 284 platforms
Data Sharing with Service Providers and Business Partners Compare →

Cursor shares your personal data with outside companies that help run the service, including cloud hosting, analytics, customer support, payment processing, and AI model providers. These companies are supposed to use your data only for the purposes Cursor directs.

Added May 12, 2026 Standard Seen across 252 platforms
User Rights and Data Subject Requests Compare →

You can request to access, delete, correct, or transfer your personal data by emailing hi@cursor.com. If your request is denied, you can appeal by contacting the same email address.

Added May 12, 2026 Standard Seen across 284 platforms
Cross-Border Data Transfers (EEA and UK Users) Compare →

If you are in the EU, EEA, or UK, your data may be transferred to and processed on servers in the United States and other countries. Cursor states it uses legally valid transfer mechanisms and requires adequate data protection for these transfers.

Added May 12, 2026 Standard Seen across 284 platforms
Privacy Policy Change Notification Compare →

Cursor can update its privacy policy at any time. The only notice required is posting the updated version on the website, and continuing to use Cursor after a change is treated as acceptance of the new terms.

Added May 12, 2026 Standard Seen across 284 platforms
Collection of User Inputs and Code Content Compare →

When you type code, questions, or other content into Cursor and receive AI responses, both what you typed and the AI's response are collected. If your code or messages include personal information about anyone, that information is also collected and may appear in AI-generated responses.

Added May 12, 2026 Standard Seen across 284 platforms
Data Retention Policy Compare →

Cursor keeps your data for as long as needed to run the service and meet legal obligations, with no specific timeframes stated. Some data not visible in your history may still be retained for safety and monitoring purposes.

Added May 12, 2026 Standard Seen across 284 platforms

Low — 1 provision

No Sale or Targeted Advertising Compare →

Cursor states it does not sell your personal data or use it for targeted advertising across different websites or services, as those practices are defined under US state privacy laws like the CCPA.

Added May 10, 2026 Standard Seen across 284 platforms

Monitoring

Cursor has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle Code Inputs Collected Including Personal Data and External Content and similar clauses.

Compare across platforms →