You can request to access, delete, correct, or transfer your personal data by emailing hi@cursor.com. If your request is denied, you can appeal by contacting the same email address.
This analysis describes what Cursor's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy identifies a single contact email for all data subject rights requests and appeals, and states that exercising these rights will not result in discriminatory treatment, which is a requirement under CCPA and aligned with GDPR rights provisions.
Interpretive note: The policy does not specify response timelines for rights requests, which may not fully satisfy GDPR or CCPA transparency requirements; actual obligations depend on applicable jurisdiction.
Users can submit data access, deletion, correction, or portability requests to hi@cursor.com; the policy states Anysphere will not discriminate against users for exercising these rights, but the specific response timelines and scope of each right may depend on the user's jurisdiction.
Cross-platform context
See how other platforms handle User Rights and Data Subject Requests and similar clauses.
Compare across platforms →Monitoring
Cursor has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"To exercise any of these rights, you or your authorized agent may contact us at hi@cursor.com. We may request information to verify your identity before processing your request. If we deny your request, you may appeal by emailing the same address. Anysphere will not discriminate against you for exercising any privacy rights available under applicable law.— Excerpt from Cursor's Cursor Privacy Policy
(1) REGULATORY LANDSCAPE: This provision directly engages GDPR Articles 15-22 (rights of access, erasure, rectification, portability, objection, restriction), CCPA Sections 1798.100-1798.125 (consumer rights to know, delete, correct, and non-discrimination), and equivalent US state privacy law frameworks. The FTC and state attorneys general may have enforcement authority over failure to honor rights requests. (2) GOVERNANCE EXPOSURE: Medium. The provision establishes a single email channel for all rights requests without specifying response timelines or the process for verifying authorized agents. GDPR requires response within one month (with possible extension to three months); CCPA requires response within 45 days. The absence of stated timelines in the policy document creates a compliance gap in transparency. (3) JURISDICTION FLAGS: EEA and UK users have rights under GDPR including the right to lodge a complaint with their national data protection authority. California residents have CCPA-specific rights including the right to know, delete, and correct. The policy states rights availability depends on the user's country or state of residence, which is consistent with a tiered rights model but requires Anysphere to operationally track user jurisdictions. (4) CONTRACT AND VENDOR IMPLICATIONS: Organizations that have deployed Cursor for employees and receive inbound data subject access requests from those employees should determine through the customer agreement whether Anysphere assists in fulfilling those requests and on what timeline. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should verify that the hi@cursor.com channel has adequate operational capacity and documented response procedures meeting GDPR and CCPA timing requirements. The authorized agent verification process should be documented. The correction right disclaimer (noting that AI model accuracy cannot be guaranteed) should be evaluated for adequacy under applicable law.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy identifies a single contact email for all data subject rights requests and appeals, and states that exercising these rights will not result in discriminatory treatment, which is a requirement under CCPA and aligned with GDPR rights provisions.
Users can submit data access, deletion, correction, or portability requests to hi@cursor.com; the policy states Anysphere will not discriminate against users for exercising these rights, but the specific response timelines and scope of each right may depend on the user's jurisdiction.
ConductAtlas has identified this type of provision across 2 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Cursor.