Feature request for product/service
Describe the request
Currently, Cursor’s Data Processing Addendum (DPA) is only available as part of the Master Services Agreement (MSA), which appears to be limited to Enterprise plans.
For organizations using Pro or Business plans that are subject to GDPR, APPI (Japan), or other data protection regulations, a DPA is a legal requirement before processing personal data through a third-party service. Without a self-service DPA option, these organizations are forced to either:
- Upgrade to Enterprise (which may not be practical for smaller teams)
- Use Cursor without proper legal safeguards (which creates compliance risk)
- Choose a different tool that offers a DPA at lower tiers
Many SaaS vendors (e.g., Slack, Notion, Atlassian, GitHub) provide a self-service DPA that customers can review and accept online, regardless of plan tier. This is standard practice in the industry.
It would be great if Cursor could offer a similar mechanism — for example, a clickthrough DPA on the website or within the dashboard settings — so that Pro and Business customers can establish the required data processing terms without needing to go through an Enterprise sales process.
This would significantly lower the barrier for adoption in regulated industries and international markets.