Cursor shares your personal data with outside companies that help run the service, including cloud hosting, analytics, customer support, payment processing, and AI model providers. These companies are supposed to use your data only for the purposes Cursor directs.
This analysis describes what Cursor's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy authorizes disclosure of personal data to a broad range of third-party categories, including model providers and analytics companies; the subprocessor list at trust.cursor.com/subprocessors provides additional detail for commercial users.
Personal data including account identifiers, usage data, and potentially Inputs may be disclosed to third-party cloud, analytics, model, and support vendors. The policy states these parties process data only as necessary and consistent with applicable law, but individual subprocessors are not named in this policy.
How other platforms handle this
We may share your personal information with third parties in the following circumstances: With service providers who perform services on our behalf, such as data analytics, marketing, customer service, and technology services. With financial partners, including banks, brokerage firms, and payment pr...
We may share your information with third parties that perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance. We may also share your information with business partners who offer products or services that...
We may share your personal information with our affiliates, meaning entities that control, are controlled by, or are under common control with Consensys. We also share information with service providers who assist in operating our services, subject to confidentiality obligations.
Monitoring
Cursor has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may disclose personal data to third-party vendors and service providers who support our business operations and help us deliver and improve the Service. This includes third-party hosting, cloud infrastructure, model, analytics, customer support, safety monitoring, communications, payment processing, compliance services, and IT providers. These parties process personal data only as necessary to perform services on our behalf, consistent with our and your instructions and applicable law.— Excerpt from Cursor's Cursor Privacy Policy
(1) REGULATORY LANDSCAPE: This provision engages GDPR Article 28 (written processor agreements), CCPA service provider agreement requirements, and standard contractual obligations governing onward data transfers. The reference to model providers as a disclosed category is notable for AI governance frameworks and may engage emerging EU AI Act obligations depending on the nature of model processing. (2) GOVERNANCE EXPOSURE: Medium. The categories disclosed are broad (hosting, cloud, model, analytics, customer support, safety monitoring, communications, payment, compliance, IT) but this range is consistent with commonly observed practices for SaaS AI platforms. The policy states constraints on subprocessor use ('only as necessary') but individual subprocessors are not named within this policy document. (3) JURISDICTION FLAGS: EEA and UK organizations must assess whether Anysphere's processor agreements with each subprocessor meet GDPR Article 28 requirements and whether appropriate transfer mechanisms cover onward transfers. The subprocessor notification mechanism (trust.cursor.com/subprocessors) should be reviewed for change notification procedures. California users should confirm the service provider agreement terms prevent cross-context behavioral advertising use. (4) CONTRACT AND VENDOR IMPLICATIONS: Procurement teams should review the subprocessor list for any vendors that raise additional risk (e.g., model providers processing Inputs, analytics providers receiving browsing and usage data). The policy does not specify whether subprocessors are authorized to use data for their own purposes beyond service delivery. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should maintain a mapping of which subprocessors receive which categories of personal data, monitor the subprocessor list for changes, and assess whether model provider subprocessors require additional contractual protections for Inputs containing sensitive information.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy authorizes disclosure of personal data to a broad range of third-party categories, including model providers and analytics companies; the subprocessor list at trust.cursor.com/subprocessors provides additional detail for commercial users.
Personal data including account identifiers, usage data, and potentially Inputs may be disclosed to third-party cloud, analytics, model, and support vendors. The policy states these parties process data only as necessary and consistent with applicable law, but individual subprocessors are not named in this policy.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Cursor.