Is Cursor safe for work?
Medium risk · 25Anysphere · Coding · facts (medium-confidence)
Cursor is medium-risk for default at-work use (25/100): it trains on your data unless you opt out, and holds SOC 2 Type II.
25
Medium risk
Watch out: On the free/Pro tier Privacy Mode is opt-in and OFF by default, so an at-work user who does not enable it has their code, prompts and editor actions stored and used to train Cursor's models.
Data and compliance facts
- Trains on consumer-tier data
- Opt-out
- Trains on business-tier data
- No
- Training opt-out available
- Yes
- SOC 2 Type II
- Yes
- ISO 27001
- Yes
- ISO 42001 (AI management)
- Unverified
- GDPR Data Processing Addendum
- Yes
- HIPAA BAA
- Unverified
- EU data residency
- Unverified
- SSO / SAML
- Yes
- Data retention
- With Privacy Mode enabled, Cursor maintains Zero Data Retention (ZDR) agreements with inference subprocessors so prompts/completions are not retained; without Privacy Mode, code data may be stored to improve and train models (specific retention windows not published).
- Safer tier
- Enterprise
Why it scores 25 out of 100
- +14Trains on your data unless you opt out. Training is on by default on the consumer tier; you must find and toggle the opt-out.
- +6No EU data residency. Data cannot be guaranteed to stay in the EU.
- +5No HIPAA BAA. No Business Associate Agreement, so do not use it with protected health information.