Cursor shares your personal data with outside companies that help run the service, including cloud hosting, analytics, customer support, payment processing, and AI model providers. These companies are supposed to use your data only for the purposes Cursor directs.
This analysis describes what Cursor's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy authorizes disclosure of personal data to a broad range of third-party categories, including model providers and analytics companies; the subprocessor list at trust.cursor.com/subprocessors provides additional detail for commercial users.
Personal data including account identifiers, usage data, and potentially Inputs may be disclosed to third-party cloud, analytics, model, and support vendors. The policy states these parties process data only as necessary and consistent with applicable law, but individual subprocessors are not named in this policy.
How other platforms handle this
We may share your personal data with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to do that work. We may also share your personal data with advertising partners to display relevant advertising to y...
We may share your personal information with third-party vendors and service providers that perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance.
In order to provide you with services, Valve needs to share some data with the publisher or developer of the game (for example to verify your ownership of the game and register your Steam ID with the publisher), or with other third parties that Valve works with to provide services to you. Valve will...
Monitoring
Cursor has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We may disclose personal data to third-party vendors and service providers who support our business operations and help us deliver and improve the Service. This includes third-party hosting, cloud infrastructure, model, analytics, customer support, safety monitoring, communications, payment processing, compliance services, and IT providers. These parties process personal data only as necessary to perform services on our behalf, consistent with our and your instructions and applicable law.— Excerpt from Cursor's Cursor Privacy Policy
(1) REGULATORY LANDSCAPE: This provision engages GDPR Article 28 (written processor agreements), CCPA service provider agreement requirements, and standard contractual obligations governing onward data transfers. The reference to model providers as a disclosed category is notable for AI governance frameworks and may engage emerging EU AI Act obligations depending on the nature of model processing. (2) GOVERNANCE EXPOSURE: Medium. The categories disclosed are broad (hosting, cloud, model, analytics, customer support, safety monitoring, communications, payment, compliance, IT) but this range is consistent with commonly observed practices for SaaS AI platforms. The policy states constraints on subprocessor use ('only as necessary') but individual subprocessors are not named within this policy document. (3) JURISDICTION FLAGS: EEA and UK organizations must assess whether Anysphere's processor agreements with each subprocessor meet GDPR Article 28 requirements and whether appropriate transfer mechanisms cover onward transfers. The subprocessor notification mechanism (trust.cursor.com/subprocessors) should be reviewed for change notification procedures. California users should confirm the service provider agreement terms prevent cross-context behavioral advertising use. (4) CONTRACT AND VENDOR IMPLICATIONS: Procurement teams should review the subprocessor list for any vendors that raise additional risk (e.g., model providers processing Inputs, analytics providers receiving browsing and usage data). The policy does not specify whether subprocessors are authorized to use data for their own purposes beyond service delivery. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should maintain a mapping of which subprocessors receive which categories of personal data, monitor the subprocessor list for changes, and assess whether model provider subprocessors require additional contractual protections for Inputs containing sensitive information.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy authorizes disclosure of personal data to a broad range of third-party categories, including model providers and analytics companies; the subprocessor list at trust.cursor.com/subprocessors provides additional detail for commercial users.
Personal data including account identifiers, usage data, and potentially Inputs may be disclosed to third-party cloud, analytics, model, and support vendors. The policy states these parties process data only as necessary and consistent with applicable law, but individual subprocessors are not named in this policy.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Cursor.