Note: For information about how we collect and use training information to develop our models that power the Service, and your choices with respect to that information, please see our Privacy Overview.

Privacy Policy

Last Updated: June 13, 2025

Introduction

We at Anysphere, Inc. (“Anysphere”, “we” or “us”) are strongly committed to respecting your privacy and keeping secure any information you share with us. This privacy policy (“Privacy Policy”) explains how we collect, use, disclose, and process your personal data when you use Anysphere's software, platform, APIs, Documentation, and related tools, including at the website at www.cursor.com, and all related software made available by Anysphere to build, deploy, host, and manage software projects (“Service”). It also tells you how you can access and update your personal information and describes the data protection rights that may be available under your country's or state's laws. Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge you have been informed of and consent to our practices with regard to your personal information and data.

Please note that this Privacy Policy does not apply where Anysphere acts as a data processor and processes personal data on behalf of commercial customers using our commercial services, for example, if your employer has provisioned a Cursor account for you to use at work. Our use of that data is governed by our customer agreements covering access to and use of those offerings.

1. Personal data we collect

We collect the following categories of personal data:

A. Personal data you provide to us directly

We collect personal data if you create an account to use our Service or communicate with us. This includes:

Account Information: Anysphere collects identifiers, such as your name and email address, when you sign up for an Anysphere account or to receive information about our Service.
Payment Information: We collect your payment information if you seek to access any paid Anysphere products and services.
Inputs and Suggestions: The Service allows you to submit content ("Inputs"), which generate responses ("Suggestions") based on your Inputs. If you include personal data or reference external content in your Inputs, we will collect that information and it may be reproduced in the Suggestions we provide.
Communication Information: If you communicate with us, we collect your name, contact information, and the contents of any messages you send.
Feedback: While using the Service, you may provide feedback, including ideas and suggestions for improvement or rating a Suggestion in response to an Input ("Feedback"). If you provide Feedback on the Service, we may store the entire exchange as part of your Feedback.

B. Personal data we receive from your use of the Service

When you use the Service, we also receive certain technical data automatically. This includes:

Device Information. Your device or browser automatically sends us information about when and how you install, access, or use our Service. This information may include your device type, browser information, operating system information, and mobile network or ISP. This information may depend on your settings and the type of device you use to access the Service.
Log Information. We collect information about how our Service is performing, including your IP address, browser type and settings, error logs, and other ways that you interact with the Service.
Usage Data. We collect information about your use of the Service, such as the dates and times of access, browsing history, search, information about the links you click, pages you view, and other information about how you use the Service, and technology on the devices you use to access the Service.
Cookies & Similar Technologies. We and our service providers utilize cookies, pixels, scripts, or similar technologies to operate and manage the Service and improve your experience. These technologies help us to recognize you, customize or personalize your experience, market additional products or services to you, and analyze and optimize your use of the Service, for example to help maintain your preferences. For more details about how we use these technologies, please visit our Cookie Policy.
Location Information. For security and performance reasons, for example to detect unusual login activity or provide more useful Suggestions, we may determine the geographic location from which your device accesses our Service using information such as your IP address.

C. Information We Do Not Collect

Anysphere does not knowingly collect sensitive or special category personal information, such as genetic data, biometric data for the purposes of uniquely identifying a natural person, health information, or religious information. Additionally, Anysphere does not knowingly collect information from or direct any of our Service or content to children under the age of 18. If we learn or have reason to suspect that a user is under the age of 18, we will investigate and, if appropriate, delete the personal data and/or the account.

2. How we use personal data

We may use personal data for the following purposes:

To provide and maintain the Service, including optional features that enhance functionality and user experience.
To create, manage, and administer your account, including facilitating payments and responding to inquiries.
To improve and develop the Service and conduct research, including debugging and identifying or repairing issues that impair functionality.
To communicate with you, including sending updates, information about the Service, and events.
To prevent, detect, and investigate fraud, abuse, security incidents, and violations of our Terms of Service.
To comply with legal obligations and protect the rights, safety, privacy, and property of users, Anysphere, or third parties.
To investigate and resolve disputes or security issues.
To enforce our Terms of Service and other applicable agreements.

We do not use Inputs or Suggestions to train our models unless: (1) they are flagged for security review (in which case we may analyze them to improve our ability to detect and enforce our Terms of Service), (2) you explicitly report them to us (for example, as Feedback), or (3) you’ve explicitly agreed to their use for training purposes. You can find instructions in the Service on how to manage your preferences regarding the use of Inputs and Suggestions for training.

We may aggregate or de-identify personal data so that it no longer identifies you, and use that information for the purposes described above, such as analyzing how the Service is used, improving or adding features, and conducting research. We will maintain de-identified information in its de-identified form and will not attempt to reidentify it, except as required by law.

We may disclose your personal data in the following circumstances:

Service Providers and Business Partners: We may disclose personal data to third-party vendors and service providers who support our business operations and help us deliver the Service. This includes providers of hosting, cloud infrastructure, analytics, customer support, safety monitoring, communications tools, payment processing, compliance services, and other IT functions. These parties process personal data only as necessary to perform services on our behalf, consistent with our instructions and applicable law.
Business Transfers: In the event of a merger, acquisition, restructuring, bankruptcy, or other corporate transaction, personal data may be disclosed to counterparties and advisers as part of due diligence or transferred as part of the transaction.
Legal Compliance and Protection of Rights: We may disclose personal data to government authorities or other third parties if we believe doing so is necessary to: (i) comply with applicable laws, regulations, or legal processes, (ii) respond to lawful requests or investigations, (iii) protect the safety, rights, or property of any person, (iv) prevent fraud, security incidents, or other unlawful activity, (v) enforce our Terms of Service or other legal rights, or (vi) protect Anysphere against legal liability.
Affiliates: We may share personal data with affiliates, meaning an entity that controls, is controlled by, or is under common control with, us. They may use personal data in a manner consistent with this Privacy Policy.
Third-Party Services and Integrations: The Service may include integrations with or links to third-party websites, applications, or services. If you choose to interact with these third parties, your personal data may be disclosed to them directly and governed by their own terms and privacy policies. Our linking or integrating with a third party does not imply endorsement or affiliation.
Business Account Administrators: If you create an account using an email associated with an organization (e.g., your employer), we may disclose account-related information (such as your email address and account status) to that organization. If you're part of a business or enterprise account, administrators may access and manage your use of the Service.
Other Users and Third Parties You Share Information With: Certain features of the Service may allow you to share Inputs, Suggestions, or other content with other users or third-party applications. Any information you voluntarily share with those parties is subject to their respective terms and privacy policies.
With Your Consent: We may disclose personal data when you give us permission to do so, including through features of the Service that are designed to share information.

Subprocessors: For commercial uses of the Service where Anysphere acts as a data processor, you can review the third parties we engage on at trust.cursor.com/subprocessors.

4. Retention

Anysphere retains your personal data only for as long as necessary to operate the Service effectively and to support legitimate business needs such as legal compliance, safety, dispute resolution, and enforcement of our agreements. The appropriate retention period varies depending on the purpose for which the personal data was collected, its sensitivity, potential risks associated with its use or exposure, and any applicable legal requirements.

Your settings may also influence how long we keep certain types of data. For instance, some temporary interactions with the Service may not appear in your history and could be stored for a limited duration for purposes related to safety and system monitoring.

When personal data is no longer needed, Anysphere and its service providers will follow procedures to delete, erase, de-identify, or anonymize it in compliance with applicable laws.

5. Security

We implement commercially reasonable technical and organizational measures designed to protect personal data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, please remember that no method of transmission over the Internet or method of electronic storage is completely secure. You should use caution when deciding what information to share with the Service. We are not responsible for any circumvention of privacy settings or security features on the Service or on third-party websites linked through the Service.

6. Your rights and choices

Depending on where you live and the laws that apply in your country of residence, you may have certain rights in relation to your personal data. These may include the right to access, delete, correct, or transfer your personal data; to object to or restrict how we process it; or to withdraw your consent where processing is based on consent. You may also have the right to lodge a complaint with your local data protection authority.

To exercise any of these rights, you or your authorized agent may contact us at legal@cursor.com. We may request information to verify your identity before processing your request. If we deny your request, you may appeal by emailing the same address. Anysphere will not discriminate against you for exercising any privacy rights available under applicable law.

The rights available to you may include:

Right to know what categories of personal data we collect, the purposes for which we use it, and the types of third parties with whom we share it.
Access and portability, meaning you can request a copy of the personal data we hold about you and, where applicable, ask us to provide it in a portable format.
Deletion of personal data collected from you in connection with your use of the Service, subject to certain exceptions.
Correction of inaccurate personal data we maintain about you. Please note that while we’ll make reasonable efforts to address correction requests, due to the nature of our models, we cannot guarantee the accuracy of Suggestions generated by the Service.
Objection to certain types of processing. Where applicable, we will stop processing unless we have legitimate legal grounds to continue.
Restriction of our processing of your personal data in limited circumstances, such as while a correction request is pending.
Withdrawal of consent, where the legal basis for our processing is based on your consent. Withdrawal does not affect the lawfulness of prior processing.
No automated decisions: Anysphere does not make decisions based solely on automated processing that impact your legal rights or has similarly significant effects (e.g. your healthcare or financial circumstances).
No sale or targeted advertising: We do not “sell” or “share” personal data for cross-contextual behavioral advertising, and we do not process personal data for “targeted advertising” purposes (as those terms are defined under applicable US state privacy laws). We also do not process sensitive personal data for the purposes of inferring characteristics about a consumer.

Anysphere processes your personal data for the purposes described in this Privacy Policy on servers located in various jurisdictions, including in the United States. While data protection laws vary by country, we apply the protections outlined in this policy to your personal data regardless of where it is processed, and we only transfer data in accordance with legally valid transfer mechanisms. For users in the European Economic Area, (“EEA”), when you access our Service, your personal data may be transferred to our United States servers to other countries outside the EEA and the UK. Where information is transferred outside the EEA or the UK, we require an adequate level of data protection.

7. Jurisdiction-Specific Disclosures

Some jurisdictions require specific disclosures regarding how we handle your personal data. The table below supplements this Privacy Policy by providing additional details about the purpose of data collection, type of data collected, and legal basis. For more information, see “Personal data we collect,” “How we use personal data,” and “Retention” above.

Purpose	Type of Data	Legal Basis
To provide, maintain, and facilitate the Service offered through your Anysphere account, as governed by our Terms of Service	Identity and contact data Payment information Feedback Inputs and Suggestions	Contract
To provide optional features that enhance the Service and user experience	Identity and contact data Feedback Inputs and Suggestions	Legitimate interests: it is in Anysphere’s and its users’ legitimate interests to improve the Service and expand functionality for users
To communicate with you, including for Service updates and event information	Identity and contact data Communication information Technical information	Contract: for service-related communications Consent: for marketing and other non-essential communications that are shared for specific purposes that are communicated to you
To create and administer your Anysphere account	Identity and contact data Payment information Feedback	Contract
To facilitate payments for Anysphere products and services	Identity and contact data Payment information	Contract
To prevent and investigate fraud, abuse, policy violations, unauthorized access, and to comply with Anysphere’s legal obligations	Identity and contact data Payment information Inputs and Suggestions Technical information	Legitimate interests: it is in Anysphere’s and its users’ legitimate interests to protect Anysphere and its users’ privacy and security Legal obligation
To investigate and resolve disputes	Identity and contact data Inputs and Suggestions Feedback	Legitimate interests: it is in Anysphere’s and its users’ legitimate interests to resolve disputes related to the Service Legal obligation
To investigate and resolve security issues	Identity and contact data Feedback Technical information Inputs and Suggestions	Legitimate interests: it is in Anysphere’s and its users’ legitimate interests to maintain Service integrity and user safety Legal obligation
To debug and repair errors affecting functionality	Identity and contact data Feedback Technical information	Legitimate interests: it is in Anysphere’s and its users’ legitimate interests to ensure stable and reliable operation
To improve the Service and conduct research (excluding model training)	Identity and contact data Feedback Technical information Inputs and Suggestions	Legitimate interests: it is in Anysphere’s and its users’ legitimate interests to evaluate use of the Service and its products and features
To improve the Service and conduct research (including model training)	Feedback Inputs and Suggestions	Consent: for user-submitted Feedback Legitimate interests: it is in Anysphere’s and its users’ legitimate interests to evaluate use of the Service models, which may inform model development and refinements.
To enforce our Terms of Service	Identity and contact data Inputs and Suggestions Technical information	Contract Legitimate interests: to preserve the integrity and usability of the platform

8. Privacy policy changes

We may update this Privacy Policy from time to time. When we do, we will publish an updated version and effective date at the top of this page, unless another type of notice is legally required. Your continued use of this site after any change in this Privacy Policy will constitute your acceptance of such change.

9. Contacting us

We encourage you to contact us at legal@cursor.com if you have any questions about this Privacy Policy.