cursor world
Skip to content

Data Processing Agreement (DPA)

Last updated: August 23, 2025

Quick Summary

  • ✅ We only process personal data necessary to provide our services (site, extensions, products).
  • 🔒 We do not sell or share your data with third parties for marketing purposes.
  • 🌍 Some data may be processed by trusted sub-processors (hosting, analytics, ads).
  • 🛑 You can request access, correction, or deletion of your data at any time.

This Data Processing Agreement (“Agreement” or “DPA”) is an addendum to our Privacy Policy and Terms of Service. It governs how Custom Cursor World (“Processor”) processes personal data on behalf of its users and customers (“Controller”).

1. Definitions

  • “Controller” means the individual or organization that determines the purposes and means of the processing of Personal Data.
  • “Processor” means Custom Cursor World, which processes Personal Data on behalf of the Controller.
  • “Personal Data” means any information relating to an identified or identifiable natural person.
  • “Applicable Law” includes GDPR, CCPA, and other relevant data protection laws.

2. Subject Matter & Duration

The Processor shall process Personal Data only for the purposes of providing services (website, extensions, and related products), and only for as long as the Controller maintains an active account or uses our services.

3. Processor Obligations

  • Process Personal Data only on documented instructions from the Controller.
  • Ensure that persons authorized to process Personal Data are under confidentiality obligations.
  • Implement appropriate technical and organizational security measures.
  • Assist the Controller with data subject rights requests and regulatory obligations.

4. Sub-Processors

The Controller authorizes the use of sub-processors (e.g., hosting, analytics, advertising partners) as listed in our Privacy Policy. We will ensure each sub-processor provides adequate data protection safeguards.

5. International Transfers

Personal Data may be transferred to and processed outside the EEA or the UK. In such cases, Processor ensures appropriate safeguards (e.g., Standard Contractual Clauses).

6. Data Subject Rights

Processor will assist Controller in fulfilling obligations to respond to requests from data subjects exercising their rights under Applicable Law, including access, rectification, erasure, and data portability.

7. Security Measures

Processor maintains industry-standard technical and organizational measures to protect Personal Data against unauthorized or unlawful processing, accidental loss, destruction, or damage.

8. Termination & Deletion

Upon termination of services, Processor will delete or return all Personal Data to the Controller, unless retention is required by law.

9. Contact

For questions about this DPA, please contact us at [email protected].