Skip to content
Field Academy
Create account

Industry guide

Cursor for Insurance Dev Teams: IP Protection, ZDR & CMEK (2026)

By The Field Academy Editorial TeamUpdated

Insurers can adopt Cursor while protecting crown-jewel IP — rating engines, pricing models, fraud logic — by enforcing Privacy Mode (no training on your code), relying on zero-data-retention agreements, and adding customer-managed encryption keys (CMEK) on Enterprise. The main bar to clear is your own vendor-risk and IP-protection process.

Will Cursor train on our proprietary code?

No, with Privacy ModeCursor's setting that routes requests under zero-data-retention terms so providers don't store or train on your code. enabled — your code is never used to train Cursor or the model providers. Most models additionally run under zero-data-retention agreements, so inputs and outputs aren't stored. For your most sensitive IP, Enterprise CMEK encrypts embeddings with a key you control.

Protecting crown-jewel IP
No training
Privacy ModeCursor's setting that routes requests under zero-data-retention terms so providers don't store or train on your code. — enforce and lock org-wide (Enterprise).
No retention
ZDRZero Data Retention. A contractual guarantee that the model provider won't store your code or train on it. agreements with major providers.
Your key
CMEK encrypts embeddings + cloud-agent data (Enterprise).

How do we pass vendor-risk review?

  1. 1Request the SOC 2 Type II report via trust.cursor.com.
  2. 2Get the subprocessor list (OpenAI/Anthropic/Google as model providers).
  3. 3Sign the GDPR/CCPA DPAData Processing Agreement. A contract spelling out how a vendor is allowed to handle your data. if you process policyholder PIIPersonally Identifiable Information. Data that can identify a person (names, emails, SSNs); regulated and sensitive..
  4. 4Document CMEK + Privacy ModeCursor's setting that routes requests under zero-data-retention terms so providers don't store or train on your code. as your IP-protection controls.
  5. 5Note the on-prem gap honestly; mitigate with the controls above.

Frequently asked questions

Is Cursor secure for proprietary algorithms?

Yes, with the right setup: Privacy Mode means your code isn't used for training, ZDR means providers don't retain it, and Enterprise CMEK lets you encrypt embeddings with your own key. Combined, these protect proprietary rating and pricing logic.

Does Cursor offer customer-managed encryption keys?

Yes, on the Enterprise plan. CMEK encrypts your embeddings and cloud-agent data with a key you control.

Sources & last verified

Cursor ships frequently. Facts verified against primary sources on June 15, 2026.

Keep reading