What is the severity of this clause?

ConductAtlas classifies this Cross-Border Data Transfer to US Servers clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Cross-Border Data Transfer to US Servers — Cursor

Share 𝕏 Share in Share 🔒 PDF

Monitor governance changes for Cursor Create a free account to receive the weekly governance digest and monitor one platform for governance changes.

Create free account No credit card required.

ⓘ

This analysis describes what Cursor's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

EU and UK users have strong data protection rights, but transferring data to the US requires specific legal safeguards — and the policy does not specify which transfer mechanisms (e.g., Standard Contractual Clauses) are in place.

Consumer impact (what this means for users)

The policy states that Cursor collects code Inputs you submit and AI-generated Suggestions, along with IP addresses, device information, log data, and usage and browsing activity within the service. For users on workplace or enterprise accounts, the policy states that account-related information (including email address and account status) may be disclosed to the employer organization, and administrators may access and manage the user's service activity. You can manage your preferences regarding whether Inputs and Suggestions are used for model training through the settings available within the Service.

How other platforms handle this

Midjourney Medium

Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, c...

Adobe Medium

We process and store information in the U.S. and other countries. By using our Services and Software, you authorize Adobe to transfer your personal information across national borders and to other countries where Adobe and its partners operate.

Fastly Medium

When we transfer personal data from the European Economic Area, the United Kingdom, or Switzerland to the United States or other countries that do not provide the same level of data protection, we implement appropriate safeguards, such as Standard Contractual Clauses approved by the European Commiss...

See all platforms with this clause type →

Monitoring

Cursor has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

▸ View Original Clause Language DOCUMENT RECORD

"
Anysphere processes your personal data for the purposes described in this Privacy Policy on servers located in various jurisdictions, including in the United States. While data protection laws vary by country, we apply the protections outlined in this policy to your personal data regardless of where it is processed, and we only transfer data in accordance with legally valid transfer mechanisms. For users in the European Economic Area, ("EEA"), when you access our Service, your personal data may be transferred to our United States servers to other countries outside the EEA and the UK. Where information is transferred outside the EEA or the UK, we require an adequate level of data protection.

— Excerpt from Cursor's Cursor Privacy Policy

Applicable regulations

Provision details

Document information

Document

Cursor Privacy Policy

Entity

Cursor

Document last updated

May 5, 2026

Tracking information

First tracked

May 7, 2026

Last verified

May 12, 2026

Record ID

CA-P-005197

Document ID

CA-D-00452

Evidence Provenance

Source URL

https://www.cursor.com/privacy

Wayback Machine

View archived versions →

Content hash (SHA-256)

1e5849a4a5fbaa739f760d04f8a003ee1ec366c9f4216cb1cb0ea9b8cf9d01f3

Analysis generated

May 7, 2026 17:01 UTC

Methodology

summarize_document-v8

Evidence

✓ Snapshot stored ✓ Hash verified

Citation Record

Entity: Cursor
Document: Cursor Privacy Policy
Record ID: CA-P-005197
Captured: 2026-05-07 17:01:07 UTC
SHA-256: 1e5849a4a5fbaa73…
URL: https://conductatlas.com/platform/cursor/cursor-privacy-policy/cross-border-data-transfer-to-us-servers/
Accessed: May 13, 2026

Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.

Classification

Severity

Medium

Other risks in this policy

AI Training Data Opt-In (Inputs and Suggestions) medium
Enterprise Data Processor Carve-Out high
Business Account Administrator Access medium
Data Sharing with Service Providers and Business Partners medium
User Rights and Data Subject Requests medium
No Sale or Targeted Advertising low

Professional Governance Intelligence

Need to monitor specific governance provisions?

Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies

Start Professional free trial

Or start with Watcher →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Cursor's Cross-Border Data Transfer to US Servers clause do?

Is ConductAtlas affiliated with Cursor?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Cursor.