What is the severity of this clause?

ConductAtlas classifies this International Data Transfers clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Do other platforms have similar clauses?

Yes. ConductAtlas has identified similar International Data Transfers clauses across approximately 49 other tracked platforms. You can compare how platforms differ on this clause type in the cross-platform comparison view.

International Data Transfers — Cursor

Share 𝕏 Share in Share 🔒 PDF

Monitor governance changes for Cursor Create a free account to receive the weekly governance digest and monitor one platform for governance changes.

Create free account No credit card required.

ⓘ

This analysis describes what Cursor's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

EEA and UK users have stronger data protection rights under GDPR and UK GDPR, and international transfers of their data require specific legal safeguards; this clause confirms transfers occur but does not name the specific transfer mechanisms used.

⚠

Interpretive note: The policy does not specify which legally valid transfer mechanisms are in use, such as Standard Contractual Clauses or the EU-US Data Privacy Framework, which limits the ability to independently verify compliance.

Consumer impact (what this means for users)

The policy states that Cursor collects code Inputs you submit and AI-generated Suggestions, along with IP addresses, device information, log data, and usage and browsing activity within the service. For users on workplace or enterprise accounts, the policy states that account-related information (including email address and account status) may be disclosed to the employer organization, and administrators may access and manage the user's service activity. You can manage your preferences regarding whether Inputs and Suggestions are used for model training through the settings available within the Service.

How other platforms handle this

Mistral AI Medium

Customer authorized Mistral AI to transfer Personal Data to any country deemed to have an adequate level of data protection by the European Commission. Customer also authorizes Mistral AI to perform International Data Transfers to (a) on the basis of adequate safeguards in accordance with Applicable...

Unity Medium

Personal data collected by Unity may be transferred to and processed in countries outside of the European Economic Area, including the United States, where data protection laws may differ from those in your country. Where we transfer personal data from the EEA or the UK, we rely on appropriate safeg...

Upwork Medium

When we transfer personal data outside the European Economic Area, United Kingdom, or Switzerland, we use appropriate safeguards, including Standard Contractual Clauses approved by the European Commission, to ensure your data is protected.

See all platforms with this clause type →

Monitoring

Cursor has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

▸ View Original Clause Language DOCUMENT RECORD

"
Anysphere processes your personal data for the purposes described in this Privacy Policy on servers located in various jurisdictions, including in the United States. While data protection laws vary by country, we apply the protections outlined in this policy to your personal data regardless of where it is processed, and we only transfer data in accordance with legally valid transfer mechanisms. For users in the European Economic Area, ("EEA"), when you access our Service, your personal data may be transferred to our United States servers to other countries outside the EEA and the UK. Where information is transferred outside the EEA or the UK, we require an adequate level of data protection.

— Excerpt from Cursor's Cursor Privacy Policy

Applicable regulations

CCPA/CPRA

California, USA

Connecticut Data Privacy Act Amendments

US-CT

FTC Act Section 5

United States Federal

GDPR

European Union

Indiana Consumer Data Protection Act

US-IN

Kentucky Consumer Data Protection Act

US-KY

Universal Opt-Out Mechanism Expansion 2026

Provision details

Document information

Document

Cursor Privacy Policy

Entity

Cursor

Document last updated

May 5, 2026

Tracking information

First tracked

May 7, 2026

Last verified

May 12, 2026

Record ID

CA-P-008156

Document ID

CA-D-00452

Evidence Provenance

Source URL

https://www.cursor.com/privacy

Wayback Machine

View archived versions →

Content hash (SHA-256)

1e5849a4a5fbaa739f760d04f8a003ee1ec366c9f4216cb1cb0ea9b8cf9d01f3

Analysis generated

May 7, 2026 17:01 UTC

Methodology

summarize_document-v8

Evidence

✓ Snapshot stored ✓ Hash verified

Citation Record

Entity: Cursor
Document: Cursor Privacy Policy
Record ID: CA-P-008156
Captured: 2026-05-07 17:01:07 UTC
SHA-256: 1e5849a4a5fbaa73…
URL: https://conductatlas.com/platform/cursor/cursor-privacy-policy/international-data-transfers/
Accessed: May 13, 2026

Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.

Classification

Severity

Medium

Other risks in this policy

AI Training Data Opt-In (Inputs and Suggestions) medium
Enterprise Data Processor Carve-Out high
Business Account Administrator Access medium
Data Sharing with Service Providers and Business Partners medium
User Rights and Data Subject Requests medium
No Sale or Targeted Advertising low

Related Analysis

Meta Removed 438 Sentences From Its Privacy Policy. Here Is What Disappeared.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
23andMe Is Bankrupt. What Happens to Your DNA Now?
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.

Professional Governance Intelligence

Need to monitor specific governance provisions?

Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies

Start Professional free trial

Or start with Watcher →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Cursor's International Data Transfers clause do?

How many platforms have this type of clause?

ConductAtlas has identified this type of provision across 49 platforms. See the full comparison.

Is ConductAtlas affiliated with Cursor?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Cursor.