Privacy Policy

Cursor Automation is operated by Dominic Letz UG, Rudi-Dutschke-Straße 23, 10969 Berlin, Germany. For privacy questions or data requests, email privacy@cursor-automation.com .

This policy applies to cursor-automation.com, the hosted web application, GitHub App integrations, billing flows, public shared boards, and related support communications.

• GitHub OAuth profile data, including user ID, login, name, avatar, and email.
• GitHub App installation data, including the repositories and organizations you grant access to.
• Issue and pull-request metadata needed for automation, such as titles, labels, states, assignees, comments, links, and workflow status.
• Cursor API tokens that you provide, encrypted at rest and used to trigger Cursor Cloud Agents.
• Team membership, invitations, notification preferences, and public-board sharing tokens.
• Stripe customer, subscription, invoice, and checkout status. We do not store full payment card numbers.
• Technical data such as IP address, browser type, session cookies, request logs, and error logs.

• Authenticate you and keep your account secure.
• Display repository boards and synchronize GitHub issue and pull-request activity.
• Trigger Cursor Cloud Agent runs that you configure or request.
• Send service emails, invitations, billing notices, and workflow notifications.
• Process subscriptions, trials, payments, taxes, and invoices.
• Monitor reliability, prevent abuse, debug errors, and improve the product.
• Comply with legal obligations and enforce our terms.

Where EU or UK data protection law applies, we process data to perform our contract with you, based on legitimate interests in operating and securing the service, with your consent where required, and to satisfy legal obligations such as accounting records.

We share data with service providers only as needed to operate Cursor Automation. These include GitHub for source-control integration, Cursor for Cloud Agent execution, Stripe for billing, hosting providers, email delivery providers, analytics or logging providers, and professional advisers where legally necessary.

We may disclose information if required by law, to protect the service, or in connection with a merger, acquisition, financing, or sale of assets. We do not sell personal data.

We keep account and workspace data while your account is active. We delete or anonymize customer data after account closure when it is no longer needed, unless we must retain it for security, dispute resolution, backup integrity, or legal and tax obligations. Billing records may be retained for statutory accounting periods.

We use access controls, encrypted transport, encrypted storage for sensitive tokens, least-privilege GitHub App permissions where practical, and operational monitoring. No internet service can be guaranteed completely secure, so please contact us promptly if you believe your account or token has been compromised.

Our providers may process data in countries outside your own. Where required, transfers rely on recognized safeguards such as standard contractual clauses or equivalent measures.

Depending on your location, you may have rights to access, correct, delete, restrict, or export personal data, object to certain processing, withdraw consent, or complain to a supervisory authority. Email privacy@cursor-automation.com to exercise these rights.

We use essential cookies and local storage for authentication, security, sessions, theme preferences, and LiveView functionality. If optional analytics are introduced, this policy will be updated to describe them.

Cursor Automation is not directed to children under 16. We may update this policy from time to time; material changes will be reflected on this page and, when appropriate, by notice in the service.