Privacy Policy

Effective Date: June 18, 2026

1. Introduction

Cursorhero ("Cursorhero", "we", "our", or "us"), operated by Cursorhero Labs, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (cursorhero.com) and use our AI cursor generation services.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not access the Service.

2. Information We Collect

Personal Information

When you create an account or use our Service, we collect:

  • Name and email address (provided during registration or via Google OAuth)
  • Account credentials (handled by Better Auth; we never store plain-text passwords)
  • Payment information (processed exclusively through Creem; we do not store full card numbers)
  • Profile information (avatar URL from Google, display name)
  • Cursor generation prompts and the resulting cursor images you create
  • Credit balance and transaction history
  • Support communications (emails you send us)

Automatically Collected Information

When you visit our Service, we automatically collect:

  • IP address and approximate geolocation (country-level)
  • Browser type, device type, and operating system
  • Pages visited, time spent, and click patterns
  • Referral source (where you came from)
  • Cookies and session tokens (for authentication)

Information from Third-Party Login

If you sign in with Google, we receive from Google:

  • Your name, email address, and profile photo URL
  • A verified email indicator (we trust the email is yours)
  • No access to your Google account data, contacts, or files

3. Third-Party Services We Use

Cursorhero integrates the following third-party services to operate. Each service has its own privacy practices:

AI Image Generation

  • Provider: GRS AI (gpt-image-2 model)
  • Data sent: Your cursor generation prompts and the resulting AI-generated images
  • Provider privacy policy: grsai.dakka.com.cn/privacy

Payment Processing

  • Provider: Creem (creem.io)
  • Data sent: Billing info, subscription state, transaction history
  • Note: We do not store full payment card details on our servers. Creem processes payments directly.

Transactional Email

  • Provider: Resend (resend.com)
  • Data sent: Your email address (for verification, password reset, receipts)

Database and Hosting

  • Database: PostgreSQL hosted on Neon (neon.tech)
  • Application hosting: Vercel (vercel.com)
  • Generated cursor file storage: Cloudflare R2 (cloudflare.com)

Authentication

  • Provider: Better Auth (open-source library; sessions stored in our database)
  • OAuth provider: Google (sign-in only, no data sharing beyond basic profile)

4. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the AI cursor generation Service
  • Process subscription payments and manage your credit balance
  • Send you transactional emails (verification, receipts, account notifications)
  • Respond to your support requests
  • Detect and prevent abuse or fraudulent use of our Service
  • Improve the Service (aggregate, de-identified analytics only)
  • Comply with legal obligations

We do NOT:

  • Sell your personal information to third parties
  • Use your prompts or generated cursors to train AI models (GRS AI does not use them for training either)
  • Send you marketing emails without your explicit opt-in

5. Data Storage and Security

We implement industry-standard security measures to protect your information:

  • HTTPS/TLS encryption for all data in transit
  • Encrypted password storage (bcrypt hashing via Better Auth)
  • Database access restricted via short-lived credentials and IP allowlists
  • Regular dependency updates and security patches
  • Row-level data isolation by user ID in all queries

However, no method of transmission or storage is 100% secure. We strive to protect your data but cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data: Retained while your account is active. Deleted within 30 days after account deletion request.
  • Cursor generation history: Retained while your account is active so you can re-download packs.
  • Payment records: Retained for 7 years for tax and accounting compliance.
  • Email logs: Retained for 30 days, then deleted.

When you delete your account, we permanently delete your personal data, cursor generation history, and session data. We may retain anonymized analytics.

7. Your Rights

You have the right to:

  • Access: Request a copy of all personal data we hold about you
  • Rectification: Correct inaccurate personal data
  • Deletion: Delete your account and associated data (Settings → Delete Account)
  • Export: Download your generated cursor packs and account data
  • Opt-out: Unsubscribe from any optional marketing emails

To exercise any of these rights, visit your account Settings page or email us at the contact below.

8. International Data Transfers

Your data may be transferred to and processed in the United States, Singapore, or other countries where our service providers operate. By using the Service, you consent to such transfers.

We rely on Standard Contractual Clauses (SCCs) and provider certifications (e.g., EU-US Data Privacy Framework) to ensure adequate protection during international transfers.

9. GDPR Rights (EEA / UK Users)

If you are located in the European Economic Area or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR), including:

  • Right to be informed about data processing
  • Right to erasure ("right to be forgotten")
  • Right to data portability in a machine-readable format
  • Right to object to processing
  • Right to lodge a complaint with a supervisory authority

10. Children's Privacy

Our Service is not intended for children under 18 years of age (or the age of digital consent in your jurisdiction, whichever is higher). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately so we can delete it.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and by posting a notice on the Service at least 14 days before changes take effect. The "Effective Date" at the top will be updated.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Copyright © 2025 Cursorhero Labs
All rights reserved
Subscribe to Newsletter

CURSORHERO