Verified Compliance Facts
Cited and timestamped — every claim traceable to an official vendor source.
Enterprise Verdict
Conditional Proceed
Advanced AI coding capabilities and multi-model support.
Unverified critical compliance documentation (SOC 2, GDPR DPA).
Obtain verifiable SOC 2 Type II and GDPR DPA reports.
Risk Assessment
Seven-category enterprise risk analysis derived from community and vendor signals. Each card shows the evidence tier and the underlying finding.
Public documentation buyers may want to verify availability of specific uptime commitments or reliability history.
Enterprises should negotiate fixed-rate contracts and monitor pricing changes for overage risks.
Data export status unclear. Integration score: 85/100. Webhooks available, reducing lock-in risk.
Insufficient public community reviews to verify support quality. Standard support channels (email/documentation) are assumed.
Compliance score: 93/100. GDPR status: dpa_available. Encryption at rest: yes.
SOC 2: type_ii. ISO 27001: none. Overall compliance score: 93/100.
Vendor may train on user data. Users retain code/output ownership. Legal/ToS risk score: 40/100.
Due Diligence Alerts
Priority reviews, recommended inquiries, and verified strengths — based on 106+ community data points
Cursor claims a SOC 2 Type II attestation report is available upon request via its trust portal, but the provided URL (https://cursor.sh/trust) is a broken link, preventing direct verification of this critical security control.
A Data Processing Addendum (DPA) is claimed to be available, but the provided URL for the DPA (https://www.cursor.com/dpa) results in a 'page couldn't load' error, making it impossible to review the terms for processing personal data, particularly for EU/UK users.
The Terms of Service limit Anysphere's aggregate liability to the greater of fees paid in the preceding six months or $100. This cap is exceptionally low and poses a severe unmitigated risk for any enterprise adopting the service, particularly concerning data breaches or service failures.
Security & Compliance
External Registry Verification
Data Security
Security Features
Legal & IP Risk
IP Ownership
You retain all of your right, title, and interest that you have in Inputs, and Anysphere hereby assigns to you all of our right, title, and interest if any in and to any Suggestions.
ANYSPHERE WILL NOT USE CONTENT TO TRAIN, OR ALLOW ANY THIRD PARTY TO TRAIN, ANY AI MODELS, UNLESS YOU’VE EXPLICITLY AGREED TO THE USE OF CONTENT FOR TRAINING.Verified source ↗ (2026-05-17)
Anysphere hereby assigns to you all of our right, title, and interest if any in and to any Suggestions.
Liability & Indemnification
TO THE FULLEST EXTENT PERMITTED BY LAW, IN NO EVENT WILL THE ANYSPHERE ENTITIES BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR PUNITIVE DAMAGES (INCLUDING DAMAGES FOR LOSS OF PROFITS, GOODWILL, OR ANY OTHER INTANGIBLE LOSS) ARISING OUT OF OR RELA
Exit Terms
Data & Migration Lock-in Risk
Enterprise Contract Intelligence
DPA availability, data residency, and contract risk signals for procurement teams
A DPA is claimed to be available at the provided URL, but the page is inaccessible. This prevents verification of critical data processing terms, including Standard Contractual Clauses (SCCs) or subprocessor lists, which are essential for GDPR compliance.
Anysphere processes personal data on servers located in various jurisdictions, including the United States. For users in the EEA/UK, personal data may be transferred to US servers. EU hosting is not available, which may impact organizations with strict EU data residency requirements.
⚠ 1 contract risk flag — click to review
Full contract terms for Cursor require direct vendor engagement. Ensure data portability on exit, notice period, and pricing lock clauses are negotiated before execution.
Security Certifications
Data Privacy Documents
| Document | Status | URL | AI Assessment |
|---|---|---|---|
| Sub-processors | ❌ Not Found | — | ❌ Not found |
| AI/Model Training Policy | ❌ Not Found | — | — Unclear |
| Data Retention Policy | ❌ Not Found | — | ❌ Not found |
| Data Flow Diagram | ❌ Not Found | — | — |
| GDPR Compliance Statement | ❌ Not Found | — | ❌ Not found |
| KVKK Compliance Statement | ❌ Not Found | — | ❌ Not found |
| CCPA Compliance Statement | ❌ Not Found | — | ❌ Not found |
Legal Contracts
See Legal & IP Assessment section above for full analysis of ToS, DPA, MSA, SLA, EULA, and AUP.
Operational Readiness
| Document | Status | URL | AI Assessment |
|---|---|---|---|
| Business Continuity Plan (BCP) | ❌ Not Found | — | ❌ Not found |
| Disaster Recovery Plan (DRP) | ❌ Not Found | — | ❌ Not found |
| Incident Response Plan | ❌ Not Found | — | ❌ Not found |
| 3rd Party Penetration Test | 📄 Claimed | View | ❌ Not found |
Technical Transparency
| Document | Status | URL | AI Assessment |
|---|---|---|---|
| SBOM | ❌ Not Found | — | ❌ Not found |
| OSS License Inventory | ❌ Not Found | — | ❌ Not found |
| Vulnerability Management Policy | ✅ Active | Link | ❌ Not found |
| Patch Management Policy | ❌ Not Found | — | ❌ Not found |
| Offboarding / Data Export Guide | ❌ Not Found | — | ❌ Not found |
| SIG Questionnaire | ❌ Not Found | — | — |
| CAIQ | ❌ Not Found | — | — |
Financial Resilience
| Item | Status | Details |
|---|---|---|
| Cyber Liability Insurance | ❌ Not Found | ❌ Not mentioned |
| TCO Disclosed | ✅ Available | Annual: 58000 |
Community Intelligence
Recurring issues and curated signals from GitHub, Hacker News, Reddit, Stack Overflow, web sources, and enterprise review platforms.
Intelligence Synthesis
Cursor, an AI coding assistant by Anysphere, demonstrates strong AI capabilities and significant financial backing, including a reported $3 billion ARR by early 2026. However, critical compliance documentation, such as SOC 2 Type II and GDPR DPA, remains unverified due to broken links, raising significant legal and security concerns. Community feedback highlights issues with recent UI changes, agent experience, and transparency around model usage, while also praising its productivity benefits.
Recurring Issues
Enterprise Impact: Reduced developer efficiency, increased frustration, and potential for errors in AI-assisted workflows due to a non-intuitive or buggy interface. This can hinder adoption and ROI.
As of 2026-05, community reports indicate a need for UI/UX improvements, particularly regarding multi-window management and agent interaction flows, to ensure a smooth and efficient developer experience.
Enterprise Impact: Unpredictable costs and difficulty in budgeting for AI model consumption. Lack of clear usage statistics hinders cost optimization and accountability within enterprise teams.
As of 2026-05, users are requesting clearer documentation on how 'Auto' model selection works, explicit quota limits, and detailed usage dashboards to better manage costs and model behavior.
Enterprise Impact: Increased effort for human developers to review and correct AI-generated code, especially for complex languages like Rust or large codebases where context is lost. This can negate productivity gains and introduce technical debt.
As of 2026-05, community feedback suggests improvements are needed in AI model's understanding of specific language idioms (e.g., Rust) and its ability to maintain context across large codebases to ensure high-quality code generation.
Source Signals
Financial Impact Panel
Cost intelligence and pricing signals for enterprise procurement decisions
Pricing Tiers
Hobby
Individual
Teams
Enterprise
Base price sourced from: official pricing page ↗ — "Individual $20 / mo."
Pricing data from public sources — enterprise rates differ. Verify with vendor.
TCO Calculator
Calculate the real monthly cost for your team. Adjust seats, usage, and pricing tier below.
Estimated Monthly Cost
Estimated Annual TCO — 100 Users ±20% confidence band
Assumptions
- Pricing not publicly disclosed — contact vendor for quote.
Assumptions
- Pricing not publicly disclosed — contact vendor for quote.
Assumptions
- Pricing not publicly disclosed — contact vendor for quote.
Pricing data not available — all estimates undisclosed.
Synthesized from 20+ independent public sources: developer forums & repositories, security databases, vendor disclosures, regulatory filings, and community review platforms. Not affiliated with any vendor. Corrections?
Download PDF Report
Create a free account to download the full enterprise audit PDF.
Sign up — it's free →Already have an account? Log in