Retention of cloud agent sessions

Support Help
, , ,
1

I understand that local comversations/agent runs are only stored locally. Notably meaning that any manually input data or tool call results which might contain my customer’s sensitive privacy data, is not stored in your cloud infra. It is processed when the agent runs, but

However, what about cloud agent or automation runs ? I only know that I can « archive » sessions, but don’t even see a way of deleting any session. Let alone define an entreprise policy on default retention periods. We have privacy mode enabled, of course. But there doesn’t seem to be information on that either way.

So: how long are agent sessions stored for, and how can I even delete them ? For customer privacy reasons, we’d like to implement in our entreprise some short retention periods for any session that might contain customer sensitive data. And to make cursor much more useful, we’d like to provide it with tools to access most of our entreprise data, including possible prod/customer data. We don’t see a need for long session retention periods, for example deleting everything after a month or even two weeks seems like a good tradeoff if it enables us to give much wider accesses to enable the agent to do much more.

But to do this, we need more information on how we can manage the one point that seems unclear from the privacy policy, trust center or Data Processing Agreement: what about agent sessions data themselves ? How long are they kept ? How can we delete them ?

Thanks !

6

Hey, good question. I’ll split this into two parts since they’re about different data layers.

Privacy Mode and LLM providers

Privacy Mode plus our ZDR agreements with model providers OpenAI, Anthropic, Google Vertex, and xAI ensure that prompts and code aren’t stored by the providers and aren’t used for training. This covers the LLM data flow, and for Enterprise, Privacy Mode is on by default. Details: Privacy and Data Governance | Cursor Docs

Cloud Agent and Automation sessions

This is a separate layer. The session transcripts and VM snapshots are stored on our side, since the agent can’t work otherwise. The VM runs code, keeps state, and keeps the chat history. Privacy Mode and ZDR don’t apply to this layer, it uses different mechanisms.

As of today:

  • There’s no self-serve way to delete sessions in the UI, only archive is available
  • Configurable org-level retention policies aren’t implemented yet
  • Explicit retention limits for Cloud Agent data are something the team is working on, but there’s no public ETA I can share

Since you’re looking at an enterprise setup where the agent may access sensitive customer data, the best path is to reach out via Cursor · Contact our sales team. They can discuss your data governance needs, DPA details on retention, and what’s available and planned on the Enterprise plan for your use case.