I’m investigating whether Cursor may be suitable for our developers, but we have very strict AI guidelines. I noticed that your terms do not contain a data processing agreement (DPA). Is this something you are working on?
I am concerned about the use of public third party generative AI, and would need guarantees that any code or prompts are not used for training or enhancing a model.
It would be very useful to see a data flow diagram with respect to this, and obtain a copy of your SOC 2 Type II report to understand the architecture and sub-processor agreements in more depth.
I have a similar request for my organization and have sent an email to [email protected] to get help on matters like these, I have yet to receive a response.
Same for us. After asking two times already for a DPA and or Standard Contractual Clauses I always got a response with public links to security, terms and privacy.
Dear colleagues that read this in the future, I’ve been through this process with our DPO, and it turns out that we did not end up needing a DPA at all.
A Subprocessors list that makes it easy to trace back the different sub-vendors
Terms of use which lay out the details regarding judicial arbitrage, fair use, and auditing
Privacy policy that goes into detail about their no-store no-train policy on Business plan.
All these combined (especially 1&2) basically answer all the questions that DPA would answer and can replace a DPA easily.
I wish that Cursor was a bit more informed about these requirements, as they literally already have everything in place, just not in a single formalized DPA.
P.S. There is a remaining question about generated code ownership and intellectual property. A DPA might (or might not) cover that depending on your use case. In my case it was enough to specify:
Cursor itself does not hold / take away the rights to intellectual property.
Look at each LLM model’s policy, and declare which one are “safe” to use by your team (In my case Claude, Deepseek and cursor models).
Just to follow up, section 6.2 of our Terms of Use explains that any code or code edits (known as ‘suggestions’) are owned by you, and we have no ownership to the code you write in Cursor, including when assisted by our AI.