I don’t think this is the case. With “accidentally” collecting an individual’s data, the company’s risk is that somebody cares enough to sue them based on vague and poorly defined damages. With “accidentally” collecting source code, you’ve not only violated your contract with 98% of your enterprise customers (many of which have dedicated legal departments) providing a very real and obvious path to lawsuits, you’ve also gained a strong reputation as a vendor never to be trusted. My employer uses cursor, and I strongly suspect we would cut ties and blacklist them at the first sign of them inappropriately retaining data.
I don’t think this is the case. With “accidentally” collecting an individual’s data, the company’s risk is that somebody cares enough to sue them based on vague and poorly defined damages. With “accidentally” collecting source code, you’ve not only violated your contract with 98% of your enterprise customers (many of which have dedicated legal departments) providing a very real and obvious path to lawsuits, you’ve also gained a strong reputation as a vendor never to be trusted. My employer uses cursor, and I strongly suspect we would cut ties and blacklist them at the first sign of them inappropriately retaining data.