How is this different from Cookiebot or Termly?

Cookiebot and Termly scan for cookies and sell consent banners. PageGuard scans your entire tech stack and generates custom legal documents based on what it finds. We also scan five dimensions they don't touch: security, accessibility, performance, AI readiness, and structured data.

How is this different from just running Lighthouse?

Lighthouse checks performance, accessibility, and SEO best practices. It doesn't scan for privacy compliance, security headers, AI search readiness, or structured data. PageGuard includes your Lighthouse score plus five dimensions Lighthouse doesn't touch — and generates fix code for each one.

Can't I just use ChatGPT to write a privacy policy?

ChatGPT doesn't know what technologies are on your site. It'll write a generic policy. PageGuard scans what you've actually built, detects every technology, and generates documents that reference each one by name.

Do you scan mobile apps too?

Yes. Upload your package.json, Podfile, build.gradle, or connect your GitHub repo. We detect every SDK collecting user data and generate Apple App Privacy Labels and Google Play Data Safety answers.

Do I need a privacy policy for my side project?

If your app or website collects any user data — analytics, cookies, form submissions, third-party scripts — you likely need a privacy policy under GDPR, CCPA, and most app store guidelines. Even a simple landing page with Google Analytics qualifies.

Does the Cursor rule slow down my editor?

No. The rule is a plain markdown file that Cursor reads on demand. It only activates when you ask Cursor a privacy-related question or when it detects dependency changes. There is zero performance overhead.

Scanning is completely free. You get six scores covering privacy, security headers, accessibility, performance, AI readiness, and structured data. Document generation (privacy policies, terms of service, etc.) is a paid feature.

Cursor Privacy Compliance Rule — Free Download

Why Vibe Coders Ship Without Privacy Policies

You're deep in a Cursor session. The app is taking shape — auth works, Stripe is wired up, analytics are firing. You deploy. Users sign up. And then someone asks: "Where's your privacy policy?"

Most solo developers and vibe coders don't skip compliance on purpose. They skip it because nothing in their workflow reminds them it exists. Your linter catches unused variables. Your formatter fixes indentation. But nothing flags that you just added Google Analytics without a cookie consent banner.

That's the gap this Cursor rule fills.

What the Rule Does

The PageGuard Cursor rule is a .mdc file that lives in your project's .cursor/rules/ directory. It teaches Cursor to:

Flag privacy-relevant dependency changes — when you add packages like firebase, @stripe/stripe-js, @segment/analytics-next, or @sentry/nextjs, Cursor will prompt you to check compliance implications.
Answer privacy questions in context — ask "Do I need a privacy policy?" and Cursor will analyze your actual dependencies, not give a generic answer.
Trigger a scan — Cursor suggests running npx pageguard to get a concrete compliance score based on your tech stack.

The Rule (Copy and Paste)

Create the file .cursor/rules/pageguard.mdc in your project root:

---
description: Privacy and compliance scanning for web apps
globs: ["package.json", "requirements.txt", "Gemfile", "go.mod", "pubspec.yaml"]
alwaysApply: false
---

# Privacy Compliance Check

When the user adds or updates dependencies, check if any of the following
categories are present in their dependency files:

- Analytics (Google Analytics, Segment, Mixpanel, PostHog, Amplitude)
- Advertising (Google Ads, Facebook Pixel, TikTok Pixel)
- Payment processing (Stripe, PayPal, RevenueCat, Braintree)
- Authentication (Firebase Auth, Auth0, Clerk, Supabase Auth)
- Error tracking (Sentry, Bugsnag, Datadog, LogRocket)
- Session recording (Hotjar, FullStory, Microsoft Clarity)
- Email services (SendGrid, Mailchimp, Resend, AWS SES)
- Push notifications (OneSignal, Firebase Cloud Messaging)

If any are detected:

1. Inform the user which data-collecting services were found
2. Explain what personal data each service typically collects
3. Recommend running a compliance scan:
   \`\`\`bash
   npx pageguard
   \`\`\`
4. Note that they likely need:
   - A privacy policy disclosing these data processors
   - Cookie consent if using cookies (most analytics/ad tools do)
   - Data processing agreements with each third-party service

When the user asks "Do I need a privacy policy?" or similar:
- Check their package.json (or equivalent) for data-collecting dependencies
- Give a specific answer based on what's actually installed
- Suggest: \`npx pageguard --url their-site.com\` for a full website scan

How It Works in Practice

Once the rule is in place, your Cursor sessions gain compliance awareness. Here's a typical interaction:

You: "Add Firebase auth and Firestore to this project"

Cursor (after adding the packages): "I've added firebase to your dependencies. Note: Firebase Auth collects user email, UID, and authentication metadata. Firestore may store personal data depending on your schema. You likely need a privacy policy that discloses Firebase as a data processor. Run npx pageguard to check your full compliance status."

No extra plugins. No dashboard to check. The compliance reminder shows up exactly where you're already working.

Setup in 60 Seconds

Create the rules directory (if it doesn't exist):
```
mkdir -p .cursor/rules
```

Download the rule:

curl -o .cursor/rules/pageguard.mdc https://raw.githubusercontent.com/AuxiliumApps/pageguard-ide-rules/main/cursor/pageguard.mdc

Or copy the content above into .cursor/rules/pageguard.mdc manually.

Install the CLI (optional, for on-demand scans):
```
npx pageguard --init
```
This detects your IDE and offers to install rules automatically.
Test it — open Cursor and ask: "Do I need a privacy policy for this project?"

What You Get From a Scan

Running npx pageguard in your project directory analyzes your dependency files and returns six scores:

Privacy Risk Score — overall compliance rating (0-100)
Security Headers — HTTPS, CSP, HSTS checks
Accessibility — basic a11y audit
Performance — Core Web Vitals via PageSpeed
AI Readiness — robots.txt, AI-specific meta tags
Structured Data — schema.org markup validation

For a full website scan with all six scores, point it at your deployed URL:

npx pageguard --url https://your-app.vercel.app

When to Scan

The rule nudges you at the right moments, but here's a practical cadence:

After adding a new third-party SDK — the rule handles this automatically
Before submitting to an app store — Apple and Google both require privacy disclosures
Before launch — a scan takes 30 seconds and can save you from regulatory headaches
After a major refactor — if you've swapped analytics providers or added payment processing

What Happens After the Scan

A PageGuard scan doesn't just tell you there's a problem — it tells you exactly what to fix. Each compliance gap comes with a severity level, the regulation it relates to (GDPR, CCPA, ePrivacy Directive), and a concrete remediation step.

If your scan turns up gaps, you have two paths:

DIY — use the scan report as a checklist. The gaps tell you which documents you need (privacy policy, cookie policy, terms of service) and what each one must disclose.
Generate documents — PageGuard can generate legally-informed documents tailored to your specific tech stack. They reference your actual data processors, not generic boilerplate. This is a paid feature, but the scan itself is always free.

Either way, the Cursor rule ensures you find out before your users do.

Beyond Cursor: Other IDEs

This post focuses on Cursor, but PageGuard's CLI works with any editor. Running npx pageguard --init in your project root detects your environment and offers to set up the appropriate rules file:

Cursor — installs .cursor/rules/pageguard.mdc
Claude Code — adds a compliance section to CLAUDE.md
Any terminal — npx pageguard works standalone in any editor's integrated terminal

For the Claude Code setup guide, see Add Compliance Scanning to Claude Code. For a broader overview of IDE rules every developer should have, check out 5 IDE Rules Every Vibe Coder Needs.

Run a free scan at getpageguard.com — no account required, results in under 30 seconds.

Cursor Privacy Compliance Rule — Free Download

Why Vibe Coders Ship Without Privacy Policies

What the Rule Does

The Rule (Copy and Paste)

How It Works in Practice

Setup in 60 Seconds

What You Get From a Scan

When to Scan

What Happens After the Scan

Beyond Cursor: Other IDEs

Frequently Asked Questions

Do I need a privacy policy for my side project?

Does the Cursor rule slow down my editor?

Is PageGuard free?

Related Posts

5 IDE Rules Every Vibe Coder Needs

Add Compliance Scanning to Claude Code

EDPB GDPR Transparency Enforcement: Is Your Privacy Policy Compliant?