Cursor Exposes Side Projects to Your Employer

Postedabout 2 months agoActiveabout 2 months ago

throwawaybbbbbb

32 points

22 comments

Techstory

skepticalnegative

Debate

0/100

AI-Powered ToolsWorkplace PrivacySide Projects

Key topics

AI-Powered Tools

Workplace Privacy

Side Projects

I went to see my Cursor (the AI IDE) analytics and clicked a banner advertising their new company-level analytics dashboard. It now has a section “AI Edits by repository” that includes all the repositories used with Cursor, including your personal side projects. [0] I suspect they scrape the name of the repository from the list of GIT remotes, without explicit consent or notice.

If you're using Cursor with a company (teams, enterprise) subscription, information of all your code commits is sent to their API. This telemetry cannot be disabled and is available in a highly granular format in their API. [1]

The dashboard includes also includes information on when you were writing code. [2] The data is available in a highly granular format in their API. [3]

[0]: https://cursor.com/docs/account/teams/analytics#repository-insights [1]: https://cursor.com/docs/account/teams/ai-code-tracking-api#get-ai-commit-metrics-json-paginated [2] https://cursor.com/docs/account/teams/analytics#daily-usage [3] https://cursor.com/docs/account/teams/ai-code-tracking-api#get-ai-code-change-metrics-json-paginated

A user warns that the AI-powered coding tool 'Cursor' may expose side projects to employers, sparking concerns about workplace privacy.

Snapshot generated from the HN discussion

Discussion Activity

Moderate engagement

First comment

48m

Peak period

6-9h

Avg / period

2.7

Comment distribution19 data points

Loading chart...

Based on 19 loaded comments

Key moments

01Story posted
Nov 19, 2025 at 3:21 AM EST
about 2 months ago
Step 01
02First comment
Nov 19, 2025 at 4:10 AM EST
48m after posting
Step 02
03Peak activity
7 comments in 6-9h
Hottest window of the conversation
Step 03
04Latest activity
Nov 20, 2025 at 3:27 PM EST
about 2 months ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (22 comments)

Showing 19 comments of 22

Iolaum

about 2 months ago

1 reply

Am I wrong in understanding you were using the company account with the enterprise subscription while you were working on those side projects? Or were you using a different account?

binsquare

about 2 months ago

1 reply

Sounds like he was using a company account? In that case, the default is always to expect that the company will see everything including personal projects.

nis0s

about 2 months ago

1 reply

Uh, no? I don’t think that’s a thing in any JetBrains IDE, unless I am mistaken.

bloppe

about 2 months ago

1 reply

Does your employer provide you with a laptop? In that case you should assume they have access to the hard drive at least.

nis0s

about 2 months ago

Oh, that’s a different scenario. I would never do personal work on someone else’s laptop. But I think what’s being described in this case is that if you use this IDE, even on a personal machine where your license is from another source, then your personal data is somehow exposed to others.

giantg2

about 2 months ago

1 reply

"If you're using Cursor with a company (teams, enterprise) subscription, information of all your code commits is sent to their API."

Yeah... get your own personal subscription. Creating side projects on company resources could lead to ownership disputes - you could lose it to your company.

tyleo

about 2 months ago

1 reply

Agreed with this point. I try to separate everything possible from my company with multiple accounts. It’s annoying, sure, but you’ve got to protect yourself.

giantg2

about 2 months ago

I won't even connect my cell phone to the company wifi. Anyone concerned about the surveillance state or big tech and privacy would likely do the same as they can be very invasive.

bitbasher

about 2 months ago

1 reply

Cursor didn't expose it, you did when you decided to use Cursor. You're using an editor that is owned by a company with analytics built in. You're handing over your data.

Stop using company hardware, software and subscriptions to do _anything_ personal.

atrettel

about 2 months ago

Yes, this is the right answer. Compartmentalization is a basic principle in security. I never do anything personal on company hardware and vice versa. I keep both separate. It just makes things so much easier to manage in the long term.

kylehotchkiss

about 2 months ago

Software developers should generally have their own computers that aren't wired into company subscriptions. M-Series MacBook Air is really all most people could ever need.

codegeek

about 2 months ago

"If you're using Cursor with a company (teams, enterprise) subscription, information of all your code commits is sent to their API."

Good. As much as we are all privacy freaks, if you are using company resources to do your own side projects, it is fair that the company should have visibility to it. Otherwise, get a separate personal subscription.

Note that you should not only have a separate subscription to things like cursor for non company work, you should also have a separate laptop/machine for doing anythng non company. One of the reasons why so many companies are cracking down on remote work is due to these types of violations in addition to other things.

ifh-hn

about 2 months ago

I find it hard to see how this isn't user error? Don't use company hardware and software... Problem solved.

satvikpendem

about 2 months ago

Well yeah, you're using company hardware and software for personal use, of course they'd be able to see.

al_borland

about 2 months ago

Why are you using your company account for personal projects?

speedgoose

about 2 months ago

If you can’t trust your company with your side projects, you should perhaps not do side projects on your company provided computer and AI subscriptions.

suobset

about 2 months ago

This is why please have a personal account and personal devices for anything that does not relate to your company or work. This is super critical.

Heck I'd often carry 2 devices if I was traveling, there's no way in hell I would use company laptops. Anything I did on my work Mac, I assumed everyone relevant at work can access into. Kandji already hands over a ton of data wrt this, and I am sure every other MDM solution does too.

You gave your consent when you got the work device and probably signed a document/stated that this was to only be used for work purposes.

iExploder

about 2 months ago

Legal and HR department would like to have a word.

muzani

about 2 months ago

Well, they are paying for the tokens, so it's only fair. If you were on the company phone, they should see who you're calling.

3 more comments available on Hacker News

View full discussion on Hacker News

ID: 45977084Type: storyLast synced: 11/22/2025, 1:49:08 PM

Want the full context?