Cursor · Cursor Terms of Service

Usage Data Collection and Disclosure

Medium severity
Share 𝕏 Share in Share 🔒 PDF

What it is

Cursor collects data about how you use the service — including logs and interaction data — and can share anonymized versions of this data with third parties. Your actual code and AI outputs are excluded from this.

Consumer impact (what this means for users)

Cursor collects and internally analyzes technical logs and behavioral data about your use of the platform, and shares anonymized versions of this data with third parties — the scope of 'Usage Data' and the effectiveness of de-identification are not independently verified in this document.

Cross-platform context

See how other platforms handle Usage Data Collection and Disclosure and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

While Content is excluded, Usage Data includes behavioral and interaction logs that could reveal sensitive information about your development patterns, workflows, and tooling — and this data is shared with third parties in aggregated form.

View original clause language
Anysphere may: (i) collect, analyze, and otherwise process Usage Data internally for its business purposes, including for security and analytics, to enhance the Service, and for other development and corrective purposes; and (ii) disclose Usage Data to third parties only in an aggregated and/or de-identified form and in a manner that does not identify you. "Usage Data" means technical logs, data, and learnings about Customer's use of and interactions with the Service, but excludes Content.

Institutional analysis (Compliance & legal intelligence)

1. REGULATORY FRAMEWORK: This provision engages GDPR Article 6(1)(f) (legitimate interests) as the likely lawful basis for Usage Data processing, and Article 89 for anonymized/aggregated data processing. CCPA §1798.140(o) defines 'personal information' broadly and may encompass Usage Data depending on its identifiability. The FTC Act Section 5 applies to representations about de-identification — the FTC has stated that de-identified data that can be re-identified remains personal data subject to privacy representations. The EU AI Act (Recital 47) addresses data used to improve AI systems. 2.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    The FTC has enforcement authority over privacy representations and de-identification claims under Section 5 of the FTC Act, particularly where re-identification of shared data is possible.
    File a complaint →

Provision details

Document information
Document
Cursor Terms of Service
Entity
Cursor
Document last updated
April 29, 2026
Tracking information
First tracked
April 30, 2026
Last verified
April 30, 2026
Record ID
CA-P-004347
Document ID
CA-D-00453
Evidence Provenance
Source URL
https://www.cursor.com/terms-of-service
Wayback Machine
View archived versions →
SHA-256
43f1d1b81f2bbb689af2a3a9e66bd45d4b0226b8fabfcd5adee69e1049877d90
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Cursor | Document: Cursor Terms of Service | Record: CA-P-004347
Captured: 2026-04-30 08:53:33 UTC | SHA-256: 43f1d1b81f2bbb68…
URL: https://conductatlas.com/platform/cursor/cursor-terms-of-service/usage-data-collection-and-disclosure/
Accessed: May 2, 2026
Classification
Severity
Medium
Categories
Unknown

Other provisions in this document