Cursor DPA, sub-processor agreements, and data flow

I’m investigating whether Cursor may be suitable for our developers, but we have very strict AI guidelines. I noticed that your terms do not contain a data processing agreement (DPA). Is this something you are working on?

I am concerned about the use of public third party generative AI, and would need guarantees that any code or prompts are not used for training or enhancing a model.

It would be very useful to see a data flow diagram with respect to this, and obtain a copy of your SOC 2 Type II report to understand the architecture and sub-processor agreements in more depth.

Who can I talk to to obtain these?

Thanks,
Steve

I have a similar request for my organization and have sent an email to hi@cursor.so to get help on matters like these, I have yet to receive a response.