This is a privacy hell. Under no circumstances, you are okay using cursor without getting your client’s okay. Not only they will pass the prompt to other servers, they will also use their servers to proxy and you cannot guarantee data residency will be honoured. This is the major limitation of Cursor. I doubt anyone in the EU and doing any kind of business with customer data can use this.