Cursor Data Practices

Hi Cursor,

My company as a number of engineers that are interested in your product. I understand that your product has some great security/privacy-oriented features, such as privacy mode and the ability to control indexing. But I’m always concerned about what happens if an engineer doesn’t leverage those settings (humans being prone to mistakes). Can you confirm:

  1. what data Cursor collects in those instances (e.g., is it just embeddings and metadata?);

  2. how long Cursor retains that data

  3. whether Cursor uses that data to train its models or uses that data other than to respond to a request?

Hi Cursor Team,

I just wanted to follow up on my questions above. I saw some previous posts that suggest Cursor only processes customer data in memory (outside of what it transfers to OpenAI); however, since those posts, Cursor seems to have removed those disclosures from its privacy policy, which suggests it now retains data. So I’m hoping to get some transparency into Cursor’s data practices.