Cursor states it does not sell your personal data or use it for targeted advertising across different websites or services, as those practices are defined under US state privacy laws like the CCPA.
This analysis describes what Cursor's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision addresses CCPA and US state privacy law opt-out rights directly; by stating it does not engage in these practices, Anysphere asserts that no opt-out mechanism is required for these specific uses.
The policy states personal data is not sold or shared for cross-contextual behavioral advertising; this means users do not need to exercise a CCPA opt-out for sale or sharing, as the policy asserts these activities do not occur.
How other platforms handle this
There is certain information that we collect automatically from your use of our online Services and from your device(s) used to access those Services, for example by using the types of technologies discussed in the 'Online Analytics' section below. This information includes your IP address, page vie...
We share personal information with third-party advertising and marketing partners, and with social media companies, to provide you with targeted ads, promotions, and offers both on and off our platforms. Under California law, some of these disclosures may constitute a 'sale' or 'sharing' of personal...
We may share your personal information with third-party advertising partners to provide you with advertisements we believe you may find of interest. We do not control these third parties' tracking technologies or how they may be used. If you have questions about an advertisement or other targeted co...
Monitoring
Cursor has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"No sale or targeted advertising: We do not "sell" or "share" personal data for cross-contextual behavioral advertising, and we do not process personal data for "targeted advertising" purposes (as those terms are defined under applicable US state privacy laws). We also do not process sensitive personal data for the purposes of inferring characteristics about a consumer.— Excerpt from Cursor's Cursor Privacy Policy
(1) REGULATORY LANDSCAPE: This provision directly addresses CCPA definitions of 'sale' and 'sharing' of personal data (California Civil Code Section 1798.140), as well as analogous definitions in Virginia VCDPA, Colorado CPA, Connecticut CTDPA, and other US state privacy laws. The FTC and California Privacy Protection Agency (CPPA) have enforcement authority. The assertion that these practices do not occur is a material representation that could be subject to regulatory scrutiny if data flows to advertising technology vendors are later identified. (2) GOVERNANCE EXPOSURE: Low to medium. The explicit no-sale and no-targeted-advertising statement is a clear compliance position. However, the policy does disclose disclosure of data to analytics providers and third-party integrations, which may warrant evaluation against the definitions of 'sale' or 'sharing' under specific state laws depending on whether any consideration flows to or from those parties. (3) JURISDICTION FLAGS: California CPPA enforcement is the primary jurisdiction of heightened concern. Virginia, Colorado, Connecticut, Texas, and other US states with comprehensive privacy laws have similar definitions that this provision addresses. (4) CONTRACT AND VENDOR IMPLICATIONS: Procurement teams should confirm that analytics and third-party integration vendors receiving personal data are operating under service provider or processor agreements that prevent them from using data for their own advertising purposes, which would otherwise constitute a 'sale' or 'sharing' under CCPA. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should verify that all third-party data disclosures are operationally consistent with the no-sale representation, including reviewing analytics provider agreements for data use restrictions. If any advertising-adjacent technology is later deployed, the policy would require updating and potentially regulatory notification.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
We read the privacy policies and terms of service of 38 AI platforms. Here is what they say about training, retention, arbitration, and liability.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision addresses CCPA and US state privacy law opt-out rights directly; by stating it does not engage in these practices, Anysphere asserts that no opt-out mechanism is required for these specific uses.
The policy states personal data is not sold or shared for cross-contextual behavioral advertising; this means users do not need to exercise a CCPA opt-out for sale or sharing, as the policy asserts these activities do not occur.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Cursor.