Cookies
Version 1.2 · Effective 17 July 2026
The short version
This site doesn't set cookies. There's no advertising, no ad network, and nothing that follows you around. That's also why there's no cookie pop-up: there's nothing to consent to.
How we count visits
I do want to know whether anyone's actually reading this, so the site uses Cloudflare Web Analytics. It's cookieless. It measures page views and rough traffic (how many people, which page, what country, what device, and which link sent them here) without setting a cookie, without storing anything on your device, and without a way to identify you personally. There's no profile of you anywhere. If that ever changes, this page changes first.
The desktop app
The app isn't a browser, so "cookie" doesn't quite fit, but it does keep a few files on your own machine, under %LocalAppData%\Cursorly\. These stay on your device; they are not sent to Cursorly's servers:
- Session token. Your signed-in tokens, in
session.json, encrypted with Windows DPAPI. Used to authenticate when you're on the hosted service. - Your own key. If you set a bring-your-own API key and model, they live in
ai.json, also DPAPI-encrypted. - Vision consent. The yes/no you gave the first time Cursorly offered to use a screenshot, in
vision_consent.json, also DPAPI-encrypted. - Hotkey. Your chosen shortcut, in
hotkey.txt, plain text. - Plan cache. A small SQLite file (
plans.db) of recent plans, capped at 500 rows and 30 days, so repeat tasks feel instant instead of re-asking the model. - Release state.
release-state.json, the result of the app's startup safety check (the remote kill-switch verdict). - Task history. A local SQLite database of the tasks you've run, so the app can show you your own history and usage.
- Terms acceptance. A record of which Terms version you accepted and when, in
acceptance.json. - Log file. The app's diagnostic log, in
logs\cursorly.log(plus one rotated copy,cursorly.log.1). It stays on your machine.
Delete the %LocalAppData%\Cursorly\ folder and they're all gone. Signing out from the tray clears the session token. The window's accessibility data and any screenshots are never written to a Cursorly server. When you're signed in, your task history (the goal text plus metadata, not screen content) is stored on your account so it syncs across machines; see the Privacy Policy.
When you sign in or pay
If you sign in or buy a plan, you'll briefly land on Supabase (sign-in) or Stripe (payments) in your browser. Those set their own cookies, governed by their own policies. Cursorly can't read them.
If this ever changes
Because the site sets no cookies and stores nothing on your device for analytics, no consent banner is required today, and we chose cookieless analytics specifically to keep it that way. If we ever add a cookie, tracking pixel, or any beacon that stores or reads data on your device, we'll ask for your opt-in consent first, and update this page before it happens.