Your School Email Was Never Meant to Hold Your Money
A free student trial on a school email that later expired kept charging me with no way to see it or cancel. The rule worth building on: eligibility is temporary, ownership is durable, and one credential should not carry both.
Published: 2026-06-23
A Trial That Outlived My Email
The Morning of the Charge
On an ordinary morning I opened my Chase app and saw a pending charge from Cursor for twenty dollars. My stomach dropped. I had no Cursor subscription, or thought I didn't, and no memory of putting my card into anything by that name. Then I scrolled up and found a second one, the same amount, from a month before.
The first explanation that comes to mind at that moment is the worst one. Someone might have my card, unless I forgot a subscription with Cursor. I logged into Cursor with every Gmail I use, and none of them showed any payment or any subscription. By my own accounts I had never paid Cursor a cent, which only made it feel more like fraud, so I reported the charges to Chase and ordered a new card.
Then I searched my inboxes instead, for cursor next to pro, billing, and payment. One account answered, and it was the one I least expected: the personal Gmail I had used to evacuate my CMU data before the university shut the account down. Inside it sat a welcome email from Cursor, dated the previous May, telling me my Pro plan was active. The panic deflated into annoyance. There was no stranger using my card. The account was mine, from a year before, and I had forgotten it completely.
The Dead Inbox
Here is what I had forgotten. In May 2025 I signed up for Cursor's free year of Pro with my school email. The checkout said I owed nothing and still asked for a card, and I typed one in without thinking, because the number at the bottom said zero. It was a free year for a student, with a card captured at the moment I had the least reason to notice. Then I closed the tab and forgot the account existed.
A year later the free year converted to paid Cursor Pro, and the card started getting charged twenty dollars a month. A renewal notice would have gone out, but it went to my school address, which had been dead for months by then. The only reason I could trace any of it is that I had moved my school inbox into a personal account before it expired. Without that, I would have been left staring at a twenty-dollar charge with no honest way to connect it to anything I recognized.
The school email had become the account identity, the billing-notification channel, and the recovery path, all at once. When the school took it back, it took more than my mail. It took the only place Cursor could reach me, the only login that could see the subscription, and the only door I could have used to cancel. The charges kept coming because the one credential everything depended on was the one designed to disappear.
The Architecture of the Trap
Some weeks earlier, Google emailed me a reminder that my Google One AI Premium student trial was about to renew into a paid plan. I starred the email so I could deal with it, and that star caught my eye again while I was hunting for the Cursor account through inboxes. The Google trial for students was the same kind of deal, a free trial that rolls into a paid subscription later.
This is the point where I realized the problem was bigger than Cursor, and bigger than me being careless. The two offers were nearly identical, and I had forgotten both signups just as completely. The difference showed up at renewal. Google's reminder reached a Gmail account I still use every day, so I saw it in time to cancel before it charged me. Cursor's reminder went to a mailbox that no longer existed, so it reached no one.
Then I thought about my husband's complaint. He hit the bad version of this with Setapp, a subscription toolbox of Mac apps. He took the student discount on his university email and paid for a year up front. After he graduated and lost that email, he could not log in to cancel, and Setapp refused to refund the months he was locked out.
Many popular software companies run their student offers the same way, by using your school email to confirm you really are a student. That part is reasonable. The differences show up in what happens next, and they come down to two questions:
- Does the product capture a card and renew on its own?
- Does your school email do that one job and step back, or quietly become the account itself?
The following table sorts the major student offers along those lines.
| Product | Card plus auto-renew? | What the school email owns |
|---|---|---|
| Cursor | Yes | Account, billing notice, cancellation path |
| Setapp | Yes, annually | Account and cancellation path |
| Google One AI Premium | Yes | Eligibility only |
| Figma | No | Workspace and files |
| GitHub, JetBrains | No | Eligibility only |
| Notion Education | No | The perk only |
- Google explains why my two trials went so differently. It still takes a card and auto-renews, so the billing risk is real, but it made me prove I was a student without ever making the school email my account. The subscription lives on my own Google account, where the reminder reaches me. Google kept the part that charges you and fixed the part that locks you out, which I will come back to later.
- Figma shows the two questions are really separate. It takes no card, so there is no billing trap at all, but your files live in the school-tied account, so losing the email costs you your work instead of your money. That happened to me too, and I come back to it below.
- GitHub and JetBrains are the cleanest. They take no card for the student benefit, so access just lapses when you stop qualifying and nobody is charged for forgetting. JetBrains even warns you before the year ends and drops you to a discount instead of a bill.
- Notion gives students a free plan with no card on file, so a dead school email costs you the perk and never a charge.
The table makes the real problem visible. Offering students a discount is fine. The thing that matters is what the student credential is allowed to own. When it owns nothing but eligibility, losing it costs you a perk. When it owns the card, the login, and the only path to cancel, losing it costs you money you cannot see and cannot stop.
What You Lose
Money
The clearest cost is the one I started with. When a product takes a card from a student and ties the account to a school email, the charge outlives the student identity. The discount ends, the renewal begins, and the person paying can lose the inbox and the login that would let them see it or stop it. That is what happened to me with Cursor, and to my husband with Setapp.
The law has a name for the underlying move. Selling a free trial that quietly turns into a paid plan is a free-to-paid conversion, and regulators have circled it for years. In 2024 the FTC and the Justice Department sued Adobe over hard-to-cancel subscriptions and a hidden termination fee, and in April 2026 a judge approved a settlement worth a hundred and fifty million dollars. There was even a rule built for exactly this, the FTC's click-to-cancel rule, which would have forced clear disclosure and easy cancellation across auto-renewing subscriptions, until a federal appeals court struck it down in 2025, days before it took effect.
Where enforcement does land is telling. The FTC's record settlement over Amazon's Prime signups went after a subscription machine at enormous scale. Nobody opens a federal case over a twenty-dollar charge sent to a dead inbox, and the one rule written to catch it automatically is the one that died. This case falls into the gap, where the only person who notices is the one being charged.
Ownership
This type of loss is quieter and less measurable than money. And Figma is where I felt it. Figma never charged me a cent. Its student plan is free, with no card and no renewal to forget. But my product design coursework lived in a workspace tied to my school account, and when the CMU email went dark, so did the files. The prototypes and design work I would actually want to show someone sat behind a login I no longer had.
I got it back, but only because I asked. Figma support moved my projects to my personal account once I explained that the school email was gone and proved the account was mine by reciting file names and collaborators only the owner would know. It worked, and the people who helped were kind about it. I should not have needed a support ticket to reach my own work.
This is a failure that feels subtler and longer-lasting than billing. A company can give students a genuinely free plan, take no card, and never charge a cent, and still build in the same flaw, when the student's school identity becomes the container for everything they make. Student identity should not be the long-term container for your intellectual output. You will leave school. The work should leave with you.
Identity
Underneath the money and the work is the thing that actually breaks, the assumption that a school email is a durable way to identify a person. My own university is blunt about it. Carnegie Mellon's offboarding page says your student account can expire as soon as ninety days after you graduate, after which you cannot log in or reach your files, and it tells students to move the email on their outside logins, banking and shopping and subscriptions, before the address stops working. The school knows the email is temporary and warns the students directly.
The products that charge against that email do not seem to have read the same memo. A classmate avoided my whole situation by accident: he had signed up for Cursor through GitHub rather than his school Google account, with two-factor authentication on the GitHub side, so when his school email went away his account did not. The extra layer of his own identity was the only thing that kept the account his.
It is worth being precise about what security solves here. My school uses Duo, and Duo is good at its job. It confirms that the person signing in right now is whoever the school currently recognizes as the holder of that email. It has nothing to say about the student who held the email last year and has since left. Multi-factor authentication protects the current login. It does not preserve your identity after the institution stops vouching for you. Once the address is deactivated, the account it was anchored to is no longer reliably yours. Even if a school never reassigns that address, the former student has already lost the credential the product depends on.
Eligibility Is Not Identity
Here is the rule I wish every team building a student tier would write on the wall:
Eligibility is temporary, ownership is durable, and one credential should not carry both.
A school email is a fine way to check that someone is a student today. It is a terrible way to own their account tomorrow. The thing that makes it useful for verification, that the school controls it and can vouch for it, is the same thing that makes it dangerous for identity, because the school will take it back. The moment a product lets the verification credential become the account, it has built its billing, its notifications, and its recovery path on top of something designed to expire.
Google, the case I set aside earlier, does not solve the whole problem, because it still keeps the card-and-auto-renew default. But on identity it lives by the rule. It verified me once and then kept the school email out of the account, anchoring the whole subscription to the personal identity I keep after I leave. On that axis the separation is the entire fix, and it gives up nothing the company wants to keep.
Google's account tools also show what clean offboarding can look like, outside the subscription itself. Its transfer tool moved my school mail and Drive files into my personal account before the school address expired, and that is the only reason I could trace the Cursor charge at all. The welcome email came along with it. Google is honest about endings too: when a paid storage plan lapses, it tells you plainly what happens across Drive, Gmail, and Photos. Clean offboarding and a clear expiration notice are not hard, and one of the largest companies in the world already ships both.
So if you are building a student tier, here is the short version of what that looks like:
- Verify eligibility through the school email, and stop there.
- Anchor the account to a personal identity the student keeps after they leave.
- Send billing and renewal notices to an address that will still be read.
- Avoid capturing a card at a zero-dollar checkout unless you genuinely need it.
- Ask for fresh consent before a free plan turns into a paid one.
- Let a benefit lapse instead of silently converting it into a charge.
- Give people a clean way out, for their files, their projects, and their billing controls.
You keep the discount, the trial, and the revenue. The only thing you give up is the part of the design that quietly charges people who can no longer see the bill.
Coda
I got my money back.
It took work. On the first pass, Cursor cancelled the subscription and refunded the June charge as a one-time courtesy, then refused the May charge, since "that billing period has already passed." I pushed back, explaining that I had never used the plan, could not reach the account, and had no way to cancel it, and that the charge had only landed in a past billing period because the dead email kept me from cancelling in time.
They reversed it eventually. In that reply, support acknowledged in writing that the deactivated email had prevented me from managing or cancelling the subscription, and refunded the May charge on that basis. They called each refund a one-time courtesy, which is the honest way to say a favor rather than a policy.
Cursor's own words confirm the failure this essay is about, and the fix still depended on me writing the right letter to the right person. The next student who cannot reach the account, or does not know to escalate, stays charged.
There is one more thing worth admitting. When I first saw the charge, I was sure it was fraud and reported it to Chase. A forgotten subscription and a stolen card looked identical, the same unfamiliar twenty dollars from a company I did not recognize, and neither I nor my bank could tell my own mistake from a crime. That confusion is built in: it is what happens when an account is anchored to a credential the owner can no longer open, so even the person paying cannot say what they are paying for.
I reclaimed every dollar because I treated a twenty-dollar charge like a legal case. I could do that because I was an older student, over thirty and financially stable, with the time and the nerve to push. Most students have less of all three, and the bill keeps going out to the people least able to question it.