Cursor collects technical logs and data about how you use the Service (but not your actual code or AI suggestions) and may share this usage information with third parties, provided it is aggregated or de-identified so it does not identify you individually.
This analysis describes what Cursor's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision distinguishes Usage Data from Content (code inputs and suggestions), authorizing Anysphere to collect and process interaction and log data for business purposes and to share it with third parties in aggregated or de-identified form.
Interpretive note: The scope of 'learnings' within the Usage Data definition is not exhaustively defined, and whether aggregated or de-identified disclosures satisfy GDPR or CCPA standards depends on the technical de-identification methodology applied, which is not described in the document.
Under this provision, Anysphere may collect technical logs and interaction data about how users use the Service and share that data with third parties in aggregated or de-identified form; the definition of Usage Data expressly excludes Content (Inputs and Suggestions), so code and AI outputs are not covered by this sharing authorization unless the user opts in to training under Section 1.3.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
Monitoring
Cursor has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Anysphere may: (i) collect, analyze, and otherwise process Usage Data internally for its business purposes, including for security and analytics, to enhance the Service, and for other development and corrective purposes; and (ii) disclose Usage Data to third parties only in an aggregated and/or de-identified form and in a manner that does not identify you. "Usage Data" means technical logs, data, and learnings about Customer's use of and interactions with the Service, but excludes Content.— Excerpt from Cursor's Cursor Terms of Service
REGULATORY LANDSCAPE: The collection and disclosure of Usage Data engages GDPR Articles 5 and 6 (lawful basis and data minimization), CCPA provisions governing the sale or sharing of personal information, and FTC guidance on de-identification standards. The assertion that disclosed data is aggregated or de-identified does not automatically satisfy GDPR or CCPA de-identification standards, which require that re-identification not be reasonably possible; applicable law and regulatory guidance may impose stricter requirements than contractual assertions. GOVERNANCE EXPOSURE: Medium. The scope of 'technical logs, data, and learnings about Customer's use of and interactions with the Service' is not exhaustively defined, which creates ambiguity about what specific data points are captured. The exclusion of Content from Usage Data is protective, but the breadth of 'learnings' as a category warrants review, particularly where such learnings might constitute inferred or derived information about user behavior. JURISDICTION FLAGS: EU/EEA users may require a lawful basis assessment for Usage Data collection under GDPR. California users may evaluate whether aggregated or de-identified data disclosures constitute a 'sale' or 'sharing' under CCPA, though de-identified data that meets CCPA's de-identification standards is generally exempt. Organizations in multiple jurisdictions should assess which local data protection frameworks apply to technical log collection. CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers should request clarity on what specific data fields are captured as Usage Data and what third parties receive aggregated or de-identified disclosures. Data Processing Agreements required under GDPR should address the scope of Usage Data processing and confirm that Anysphere's de-identification practices meet regulatory standards. COMPLIANCE CONSIDERATIONS: Data mapping exercises should document the categories of Usage Data collected, the legal basis for processing, and the identity or categories of third parties receiving aggregated disclosures. Privacy impact assessments may be warranted for EU-based deployments. Compliance teams should confirm that Anysphere's de-identification methodology satisfies applicable regulatory standards before treating disclosed Usage Data as outside the scope of GDPR or CCPA obligations.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision distinguishes Usage Data from Content (code inputs and suggestions), authorizing Anysphere to collect and process interaction and log data for business purposes and to share it with third parties in aggregated or de-identified form.
Under this provision, Anysphere may collect technical logs and interaction data about how users use the Service and share that data with third parties in aggregated or de-identified form; the definition of Usage Data expressly excludes Content (Inputs and Suggestions), so code and AI outputs are not covered by this sharing authorization unless the user opts in to training under …
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Cursor.