Claude Code stores 43MB of your conversations. Cursor saves your passwords in plaintext JSONL. Cline is the only one that puts your API key in the OS keychain — but it still archives everything you say.
Not one of them tells you this is happening.
Why I Did This
Two weeks ago, I discovered Claude Code had silently archived 43MB of my complete conversation history on my machine. I wrote about it. The comments asked: "What about Cursor? What about Cline?"
I tested them. The results were more nuanced than I expected.
Methodology
Three tools. Five dimensions. One standardized test script.
| Dimension | What I Tested |
|---|---|
| Conversation Storage | What's stored? Format? Size? |
| Credential Security | How is the API key stored? Plaintext or encrypted? |
| User Awareness | Does the tool tell you it's archiving your conversations? |
| Data Isolation | Can AI in Project A read conversations from Project B? |
| Uninstall Residue | Does conversation data survive uninstallation? |
In each tool, I typed the same three things: a normal coding question, a database connection string with a password, and an API key.
Results
Claude Code — The Hoarder
Conversation Storage: ~/.claude/projects/, JSONL format. One file per session.
Opening one 2.3MB session file:
| Content | Count |
|---|---|
| AI responses | 590 |
| AI internal thinking | 272 |
| Tool calls | 101 |
| Tool call results (incl. file paths) | 100 |
| File history snapshots | 208 |
Credential Storage: settings.json — plaintext. The built-in Read tool can access this file without restriction.
Data Isolation: No. Global history file merges all projects.
Uninstall Residue: 19 project directories, 43MB of conversation data.
Cursor — Stores More Than You Think
Conversation Storage: agent-transcripts/, JSONL format. Same structure as Claude Code — user input, AI responses, tool calls all stored. Size depends on conversation length.
Stores every user input, every AI response, and every tool it called. Does not store tool execution results or thinking blocks — in Plan mode.
Credential Storage: SQLite database stores tokens at 415 bytes each. Better than plaintext.
My test password and API key: Both written verbatim into the transcript file.
Data Isolation: Yes. Per-project separation.
Cline — The Only One That Got Credentials Right
Conversation Storage: Open source, directly auditable. Each task gets its own directory with 4 JSON files:
tasks/<taskId>/
api_conversation_history.json — Full API messages (incl. tool results)
ui_messages.json — Chat UI records
task_metadata.json — Metadata
context_history.json — Context evolution
Stores no less than Claude Code in conversation content — complete API message format, tool use and tool results included.
Credential Storage: The only tool that got this right. API key goes through VS Code Secrets API to Windows Credential Manager. Not stored in a file.
Data Isolation: Yes. Per-task isolation.
Comparison Table
| Dimension | Claude Code | Cursor | Cline |
|---|---|---|---|
| User input | Full text | Full text | Full text |
| AI responses | Full text | Full text | Full text |
| AI internal thinking | 272 entries | None | None |
| Tool execution results | Includes file paths | Plan mode: no | Yes |
| Session size | 2.3MB | 16KB | 4 JSON files |
| API Key storage | Plaintext JSON | SQLite | OS keychain |
| Conversation format | JSONL | JSONL | JSON |
| User informed | No | Asked about sharing | No |
| Cross-project isolation | No | Yes | Yes |
| Open source (auditable) | No | No | Yes |
Ranking
Credential security: Cline >>> Cursor >> Claude Code
Conversation privacy: All three archive everything, none tells you
Data volume: Claude Code >>>>> Cline > Cursor
Transparency: Cline (open source) > Cursor > Claude Code
No tool scored perfectly.
What This Really Reveals
Three tools. Three architectures. Two business models. One thing they all share:
They all archive your conversations in local plaintext. Not one tells you.
This isn't one tool's vulnerability. This is the AI coding tool category defaulting to "archive everything" — and users not knowing it.
What You Can Do
| Level | Action |
|---|---|
| Daily | Periodically clean up conversation directories |
| Never | Paste real passwords or tokens into AI conversations |
| Before selling | Delete all tools' conversation archives |
| When choosing | Know what each tool stores before you install |
Part 3 of the "AI Tool Privacy" series. Next: Prompt Injection in Practice — How a Malicious CLAUDE.md Can Make Your AI Betray You.
Top comments (0)