Privacy Policy
How Cursorist collects, uses, and protects your personal data.
Effective date: February 26, 2026
This Privacy Policy explains what information Cursorist ("we", "us", "our") collects, how we use it, and your rights regarding that information.
1. Information We Collect
Account Data
When you sign in with GitHub OAuth we receive and store:
- GitHub user ID
- GitHub username
- Email address
- Avatar URL
We do not receive or store your GitHub password.
Usage Data
We collect anonymized usage data to improve the Service:
- Pages visited and features used
- Plugin install and search activity
- Browser type and operating system (via standard HTTP headers)
Cookies
We use cookies strictly for:
- Authentication — Session cookies managed by Supabase Auth.
- Preferences — Theme selection and cookie consent state.
We do not use advertising or third-party tracking cookies.
2. How We Use Your Data
| Purpose | Legal Basis |
|---|---|
| Authenticate your identity | Contractual necessity |
| Display your profile in teams and plugins | Contractual necessity |
| Track plugin install counts | Legitimate interest |
| Send security or service notifications | Legitimate interest |
| Improve the platform | Legitimate interest |
We do not sell, rent, or share your personal data with third parties for marketing purposes.
3. Data Storage
- All data is stored in Supabase (PostgreSQL) with Row Level Security (RLS) enabled.
- Supabase infrastructure is hosted on AWS in the US East region.
- API keys are stored as SHA-256 hashes — never in plain text.
4. Data Retention
- Account data is retained for as long as your account exists.
- When you delete your account, your personal data is removed within 30 days.
- Anonymized usage data may be retained indefinitely.
5. Your Rights
Depending on your jurisdiction you may have the right to:
- Access — Request a copy of the personal data we hold about you.
- Correction — Request correction of inaccurate data.
- Deletion — Request deletion of your account and associated data.
- Portability — Receive your data in a machine-readable format.
- Objection — Object to processing based on legitimate interest.
To exercise any of these rights, open an issue on GitHub or email us.
6. Children
The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13.
7. Changes
We may update this Privacy Policy from time to time. Material changes will be communicated via a site notification or email.
8. Contact
For privacy-related questions, contact us via GitHub Issues.