Cursor is built with privacy and security at its core. We have built Cursor from the ground up to give you the peace of mind that your code and data is private and secure.

To learn more about Cursor’s privacy and security practices, please see the following links:

Privacy Policy

Read our comprehensive privacy policy to understand how we handle your data

Security Overview

Learn about our security practices and how we protect your code

Trust Center

View our Trust Center for security practices, SOC2 certification, and penetration testing reports.

Privacy FAQs

What is Privacy Mode?

Cursor offers three privacy options to give you full control over how your code is handled:

Privacy Mode Disabled

By disabling privacy mode, you’re helping improve Cursor for everyone! This allows us to store and train on prompts, code snippets, and telemetry data to make Cursor even better. Think of it as contributing to the collective intelligence of the tool.

You can enable your preferred privacy setting during onboarding or under Cursor Settings > General > Privacy Mode.

You can read more about Privacy Mode here.

Are requests always routed through the Cursor backend?

Yes! Even if you use your API key, your requests will still go through our backend. That’s where we do our final prompt building.

Does indexing the codebase require storing code?

It does not! If you choose to index your codebase, Cursor will upload your codebase in small chunks to our server to compute embeddings, but all plaintext code ceases to exist after the life of the request.

The embeddings and metadata about your codebase (hashes, obfuscated file names) are stored in our database, but none of your code is.

You can read more about this on our security page.