DEV Community

dhicks
dhicks

Posted on • Originally published at getpageguard.com

Cursor Privacy Compliance Rule — Free Download

#cursorcompliance #vibecodingprivacy #cursorrulesprivacypolicy #mdcrulescursor

Originally published at getpageguard.com

Why Vibe Coders Ship Without Privacy Policies

You're deep in a Cursor session. The app is taking shape — auth works, Stripe is wired up, analytics are firing. You deploy. Users sign up. And then someone asks: "Where's your privacy policy?"

Most solo developers and vibe coders don't skip compliance on purpose. They skip it because nothing in their workflow reminds them it exists. Your linter catches unused variables. Your formatter fixes indentation. But nothing flags that you just added Google Analytics without a cookie consent banner.

That's the gap this Cursor rule fills.

What the Rule Does

The PageGuard Cursor rule is a .mdc file that lives in your project's .cursor/rules/ directory. It teaches Cursor to:

  1. Flag privacy-relevant dependency changes — when you add packages like firebase, @stripe/stripe-js, @segment/analytics-next, or @sentry/nextjs, Cursor will prompt you to check compliance implications.
  2. Answer privacy questions in context — ask "Do I need a privacy policy?" and Cursor will analyze your actual dependencies, not give a generic answer.
  3. Trigger a scan — Cursor suggests running npx pageguard to get a concrete compliance score based on your tech stack.

The Rule (Copy and Paste)

Create the file .cursor/rules/pageguard.mdc in your project root:

---
description: "Privacy and compliance scanning for web apps"
globs: ["package.json", "requirements.txt", "Gemfile", "go.mod", "pubspec.yaml"]
alwaysApply: false
---

# Privacy Compliance Check

When the user adds or updates dependencies, check if any of the following
categories are present in their dependency files:

- Analytics (Google Analytics, Segment, Mixpanel, PostHog, Amplitude)
- Advertising (Google Ads, Facebook Pixel, TikTok Pixel)
- Payment processing (Stripe, PayPal, RevenueCat, Braintree)
- Authentication (Firebase Auth, Auth0, Clerk, Supabase Auth)
- Error tracking (Sentry, Bugsnag, Datadog, LogRocket)
- Session recording (Hotjar, FullStory, Microsoft Clarity)
- Email services (SendGrid, Mailchimp, Resend, AWS SES)
- Push notifications (OneSignal, Firebase Cloud Messaging)

If any are detected:

1. Inform the user which data-collecting services were found
2. Explain what personal data each service typically collects
3. Recommend running a compliance scan:
   \`\`\`bash
   npx pageguard
   \`\`\`
4. Note that they likely need:
   - A privacy policy disclosing these data processors
   - Cookie consent if using cookies (most analytics/ad tools do)
   - Data processing agreements with each third-party service

When the user asks "Do I need a privacy policy?" or similar:
- Check their package.json (or equivalent) for data-collecting dependencies
- Give a specific answer based on what's actually installed
- Suggest: \`npx pageguard --url their-site.com\` for a full website scan
Enter fullscreen mode Exit fullscreen mode

How It Works in Practice

Once the rule is in place, your Cursor sessions gain compliance awareness. Here's a typical interaction:

You: "Add Firebase auth and Firestore to this project"

Cursor (after adding the packages): "I've added firebase to your dependencies. Note: Firebase Auth collects user email, UID, and authentication metadata. Firestore may store personal data depending on your schema. You likely need a privacy policy that discloses Firebase as a data processor. Run npx pageguard to check your full compliance status."

No extra plugins. No dashboard to check. The compliance reminder shows up exactly where you're already working.

Setup in 60 Seconds

  1. Create the rules directory (if it doesn't exist): 
   mkdir -p .cursor/rules
Enter fullscreen mode Exit fullscreen mode
  1. Download the rule: 
   curl -o .cursor/rules/pageguard.mdc https://raw.githubusercontent.com/AuxiliumApps/pageguard-ide-rules/main/cursor/pageguard.mdc
Enter fullscreen mode Exit fullscreen mode

Or copy the content above into .cursor/rules/pageguard.mdc manually.

  1. Install the CLI (optional, for on-demand scans): 
   npx pageguard --init
Enter fullscreen mode Exit fullscreen mode

This detects your IDE and offers to install rules automatically.

  1. Test it — open Cursor and ask: "Do I need a privacy policy for this project?"

What You Get From a Scan

Running npx pageguard in your project directory analyzes your dependency files and returns six scores:

  • Privacy Risk Score — overall compliance rating (0-100)
  • Security Headers — HTTPS, CSP, HSTS checks
  • Accessibility — basic a11y audit
  • Performance — Core Web Vitals via PageSpeed
  • AI Readiness — robots.txt, AI-specific meta tags
  • Structured Data — schema.org markup validation

For a full website scan with all six scores, point it at your deployed URL:

npx pageguard --url https://your-app.vercel.app
Enter fullscreen mode Exit fullscreen mode

When to Scan

The rule nudges you at the right moments, but here's a practical cadence:

  • After adding a new third-party SDK — the rule handles this automatically
  • Before submitting to an app store — Apple and Google both require privacy disclosures
  • Before launch — a scan takes 30 seconds and can save you from regulatory headaches
  • After a major refactor — if you've swapped analytics providers or added payment processing

What Happens After the Scan

A PageGuard scan doesn't just tell you there's a problem — it tells you exactly what to fix. Each compliance gap comes with a severity level, the regulation it relates to (GDPR, CCPA, ePrivacy Directive), and a concrete remediation step.

If your scan turns up gaps, you have two paths:

  1. DIY — use the scan report as a checklist. The gaps tell you which documents you need (privacy policy, cookie policy, terms of service) and what each one must disclose.
  2. Generate documents — PageGuard can generate legally-informed documents tailored to your specific tech stack. They reference your actual data processors, not generic boilerplate. This is a paid feature, but the scan itself is always free.

Either way, the Cursor rule ensures you find out before your users do.

Beyond Cursor: Other IDEs

This post focuses on Cursor, but PageGuard's CLI works with any editor. Running npx pageguard --init in your project root detects your environment and offers to set up the appropriate rules file:

  • Cursor — installs .cursor/rules/pageguard.mdc
  • Claude Code — adds a compliance section to CLAUDE.md
  • Any terminalnpx pageguard works standalone in any editor's integrated terminal

For the Claude Code setup guide, see Add Compliance Scanning to Claude Code. For a broader overview of IDE rules every developer should have, check out 5 IDE Rules Every Vibe Coder Needs.

Run a free scan at getpageguard.com — no account required, results in under 30 seconds.

Top comments (0)