Security

Contents

For any security-related questions, feel free to contact us at [email protected].

Infrastructure security

We depend on the following subprocessors, roughly organized from most critical to least. Note that code data is sent up to our servers to power all of Cursor’s AI features (see AI Requests section), and that code data for users on privacy mode (legacy) is never persisted (see Privacy Mode Guarantee section).

Explore how each mode affects how data is sent and stored

Privacy Mode↓Explore how each mode affects how data is sent and stored.

  • AWS:

    Our infrastructure is primarily hosted on AWS, with servers located in the US, and backup servers distributed in Europe and Asia.

  • Google Cloud Platform (GCP):

    Some secondary infrastructure is hosted on Google Cloud Platform (GCP). All of our GCP servers are in the US.

  • MongoDB:

    We use MongoDB for some of our analytics data, for users who do not have privacy mode enabled.

  • Amplitude:

    We use Amplitude for some of our analytics data. No code data is stored with Amplitude; only event data such as "number of Antes creation attempts".

  • Slack:

    We use Slack as our internal communication tool. We may send snippets of prompts of non-privacy users in our internal chats for debugging.

  • Google Workspace:

    We use Google Workspace to collaborate. We may send snippets of prompts of non-privacy users in our internal emails for debugging.

  • Linear: We use Linear to track issues and collaborate.

Vulnerability disclosures

If you believe you have found a vulnerability in Ante, please submit the report to [email protected]

We commit to acknowledging vulnerability reports within 10 business days, and addressing them as soon as we are able to.

Last updated