This analysis describes what Cursor's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The clause establishes a categorical restriction on the types of regulated information that may be processed through the service, requiring users to maintain compliance responsibility for data subject to sector-specific security regimes that impose obligations exceeding the service's standard data handling practices.
Users are contractually obligated to exclude regulated data categories from submission to the service. This mechanism places responsibility on users to identify and withhold data classified under heightened protection regimes (health information, payment card data, financial records, etc.) rather than relying on Anysphere's processing infrastructure for such information.
How other platforms handle this
Please note that we do not knowingly sell the personal information of minors under 16 years of age without legally-required affirmative authorization. Please note that we do not knowingly sell the personal information of minors under 16 years of age.
Don't claim to be human when directly and sincerely asked, use AI to deceive people about its fundamental nature, or impersonate real people or organizations in misleading ways.
You may not use Runway's tools to build or support systems designed for mass surveillance, tracking of individuals without their consent, or the unlawful monitoring of protected groups or activities.
Monitoring
Cursor has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"(x) send or otherwise provide to Anysphere data or information that is subject to specific protections under applicable laws beyond any requirements that apply to "personal information" or "personal data" generally, such as for illustrative purposes, information that is regulated by the Health Insurance Portability and Accountability Act, the Payment Card Industry Data Security Standard, the Gramm-Leach-Bliley Act, and other U.S. federal, state or foreign laws applying specific security standards— Excerpt from Cursor's Cursor Terms of Service
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The clause establishes a categorical restriction on the types of regulated information that may be processed through the service, requiring users to maintain compliance responsibility for data subject to sector-specific security regimes that impose obligations exceeding the service's standard data handling practices.
Users are contractually obligated to exclude regulated data categories from submission to the service. This mechanism places responsibility on users to identify and withhold data classified under heightened protection regimes (health information, payment card data, financial records, etc.) rather than relying on Anysphere's processing infrastructure for such information.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Cursor.