[raw_anon_1111]

This has less to do with Cursor and more to do with standard processes. Day to day use, your developers development environment should not have access to any data that comes under HIPAA (the one compliance framework I’m familiar with)

If your developer machines don’t have access to regulated data, neither will Cursor. As far as I know none of those compliance frameworks have anything to do with your code, it’s about accessing data and how you promote your code to production

I’ve never used cursor. But Claude Code gives you the option of using AWS Bedrock hosted models - including Anthropomorphic. You can sign a BAA with AWS. Notice this is using Anthropic models through an AWS account - not directly from Anthropic.

[notesinthefield]

HIPAA is one of the few that makes clear the types of data (PHI and PII) that come under the frameworks purview during development which makes masking mandatory for non-production environments. Other frameworks families, NIST RMF, FedRAMP and CMMC very much care about software development practices in depth.

[raw_anon_1111]

But do they care whether your code was shared with a third party?

[notesinthefield]

Of course, is this a serious question?

[cap11235]

Is code personal information?

[notesinthefield]

My statement wasnt a literal reflection of software and data protection controls. Youre free to explore those mentioned.