// Trust & Security Report

    Anysphere, Inc. logo

    Anysphere, Inc.

    Cursor (AI coding agent / IDE, CLI, Cloud Agents, Slack/GitHub integrations, Cursor SDK)

    Certifications held

    4

    Maturity

    Enterprise

    Trains on your data

    Yes

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    Compliance: SOC 2 Type 2. Audit reports: Latest - SOC 2 Type 2 - Attestation Report. (Security page: "A SOC 2 Type II attestation report is available on request at trust.cursor.com")

    Verify on trust.cursor.com
    ISO 27001
    HELD

    No mention of ISO 27001 on the Cursor security page or Trust Center compliance list (only SOC 2 Type 2 is listed).

    Verify on cursor.com
    HIPAA
    HELD

    No HIPAA claim or BAA offering found on the security page or Trust Center.

    Verify on cursor.com
    GDPR
    HELD

    No explicit GDPR compliance statement surfaced on the security page; DPA/subprocessor disclosure exists in the Trust Center but a direct GDPR-compliance quote was not confirmed.

    Verify on trust.cursor.com

    // Privacy & AI training

    Trains on customer data

    Yes

    Data processing agreement

    Not stated

    Data region

    Primarily AWS US region, with some latency-critical services in Europe (EU) and Singapore. No infrastructure in China and no China-headquartered subprocessors.

    Default (Privacy Mode OFF) DOES train on customer data: "we may use and store codebase data, prompts, editor actions, code snippets, and other code data and actions to improve our AI features and train our models." With Privacy Mode ON: "Customer Data will not be used for training by Cursor. Cursor maintains zero data retention (ZDR) agreements with all providers, and AI model providers will not store or train on your data." Privacy Mode is available to any user (free or Pro) and can be enforced by a team/enterprise admin. Caveat: abuse/risk classifiers may store data if abuse detectors are triggered. Codebase indexing: plaintext code for embeddings "ceases to exist after the life of the request," but embeddings and metadata (hashes, file names) may be stored.

    // Security controls

    Penetration testing

    At-least-annual third-party penetration testing; latest 2026 report available in Trust Center ("Latest Penetration Testing Report 2026 Available", published June 9, 2026)

    trust.cursor.com

    Bug bounty

    No public bug bounty program (no HackerOne/Bugcrowd public program). Vulnerability disclosure only via security-reports@cursor.com, acknowledged within 5 business days.

    cursor.com

    Encryption

    Data encryption and CMEK referenced; encryption in transit/at rest implied via AWS hosting (full at-rest/in-transit detail not quoted on security page)

    cursor.com

    Privacy Mode / ZDR

    Privacy Mode enforces zero data retention (ZDR) with model providers; available free or Pro, enforceable by team/enterprise admin

    cursor.com

    Subprocessors disclosed

    AWS (US/EU/Singapore), Fireworks, OpenAI, Anthropic, WorkOS (SSO/SCIM) listed publicly in Trust Center

    trust.cursor.com

    // Products & data scope

    Cursor IDE (Free / Pro)AI code editor (desktop)

    data: Codebase data, prompts, editor actions, code snippets. Trains on data by default unless Privacy Mode enabled.

    Privacy Mode opt-in available to free and Pro users.

    Cursor Business / TeamsTeam AI coding platform

    data: Admin-controlled Privacy Mode enforcement, SSO/SCIM via WorkOS.

    Team/enterprise admins can enforce Privacy Mode org-wide; ZDR with providers when enabled.

    Cursor EnterpriseEnterprise AI coding platform

    data: SOC 2 Type 2 covered, admin-enforced Privacy Mode, CMEK referenced. Trusted by over half of the Fortune 500.

    Enterprise compliance posture; subprocessor + pen-test reports available under NDA via Trust Center.

    Cursor CLI / Cloud Agents / SDKAgentic / programmatic coding

    data: Cloud Agents run on Cursor-managed compute; same Privacy Mode / ZDR posture applies.

    Cloud agents execute autonomously on managed infrastructure; expands data-flow surface vs. local IDE.

    // What to watch

    • Trains on customer code BY DEFAULT (Privacy Mode is opt-in, not on by default) - notable for code-confidentiality-sensitive buyers.
    • No public bug bounty program (private disclosure only).
    • Only SOC 2 Type II confirmed; ISO 27001 and HIPAA not advertised - verify if those are buyer requirements.
    • Cloud Agents expand the data-processing surface beyond the local editor.

    // At a glance

    Pricing model

    Freemium + subscription (Free, Pro, Business/Teams per-seat, Enterprise custom)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Anysphere, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.cursor.com

    > Browse all vendor trust reports