What are the institutional and regulatory implications of this document?

(1) REGULATORY LANDSCAPE: The policy engages GDPR for EU/EEA users, citing standard contractual clauses as the cross-border transfer mechanism under GDPR Chapter V; CCPA/CPRA for California residents, including rights to know, delete, and opt out of sale or sharing; and PIPEDA given Ideogram's Canadian incorporation. The use of user-generated content for AI model training may require evaluation under the EU AI Act's provisions on training data governance and transparency obligations for general…

How does Ideogram's Ideogram Privacy Policy affect users?

The policy establishes that text prompts users enter and images generated through the service may be collected and used in Ideogram's model training processes. Device identifiers, usage analytics, and account information are also collected and may be shared with service providers and analytics partners. The document specifies that EU and California users may submit requests to privacy@ideogram.ai to exercise data access, deletion, or processing objection rights.

How often is Ideogram's Ideogram Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Ideogram updates this document?

Yes. Monitor subscribers ($19/month) can add Ideogram to their watchlist and receive same-day email alerts whenever this document or any other Ideogram document changes.

CA-D-000490

Ideogram Privacy Policy

Ideogram

Last change detected June 6, 2026 Privacy policy

SHA-256: a3b3ba11fd38bcb3835… 3 versions captured 2 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Ideogram ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

10 Total

0 High severity

5 Medium severity

5 Low severity

Summary

This document establishes Ideogram's data collection, processing, and use practices for users of its AI image generation service. The policy authorizes Ideogram to collect user-generated prompts, resulting images, device data, and usage patterns, and permits the use of this data to train and improve Ideogram's AI models. Users in the EU and California are granted rights to access, correct, delete, or object to processing of their personal data through submission to privacy@ideogram.ai.

Technical / Legal Breakdown

Ideogram's Privacy Policy governs the collection, use, and disclosure of personal data by Ideogram AI, a Canadian-incorporated AI image generation company, and operates under a consent and legitimate interests framework applicable to users globally. The policy states that Ideogram collects account information (name, email, profile data), user-generated content including text prompts and images, device and usage data, payment information processed via third-party processors, and data from third-party sign-in providers such as Google; the terms authorize use of this data for service delivery, product improvement, safety enforcement, and marketing communications. Notably, the policy explicitly states that user-generated content such as prompts and generated images may be used to train and improve Ideogram's AI models, with no default opt-out mechanism described for existing users, which is a material consideration for users who submit creative or potentially sensitive content. The policy references compliance obligations under GDPR for EU/EEA users and CCPA/CPRA for California residents, providing region-specific rights disclosures; Canadian privacy law (PIPEDA or its provincial equivalents) is also implicated given the company's incorporation in Canada. Compliance teams should note that the AI training use of user content, combined with the cross-border data transfer disclosures referencing standard contractual clauses, creates obligations under GDPR Chapter V and may require evaluation under emerging EU AI Act provisions governing training data transparency.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

2 important changes detected

3 versions captured · Last updated: June 2026

June 6, 2026

medium

What changed Ideogram's updated privacy policy replaces a general reference statement with a detailed table that specifies which categories of personal information are collected and which parties receive each category. The prior policy directed readers to find this information in other sections. The updated policy now presents this information directly in a structured format, disclosing that user data such as identifiers, visual content, and geolocation information may be shared with other users, vendors, service providers, and social media partners.

Why this matters The updated policy now provides explicit disclosure of which categories of personal information are collected and which parties receive each category. Previously, the policy required readers to consult other sections to identify this information. The updated table format discloses that identifiers such as name and email address, visual information including uploaded images, and geolocation data may be shared with other users, vendors, service providers, login integration partners, social media widgets, and affiliates. This change provides clearer visibility into data sharing practices without altering what data is collected or shared, but rather how that information is disclosed.

View full change record →

June 2, 2026

unknown

What changed Ideogram updated their Ideogram Privacy Policy on June 02, 2026. Change detected: 1 sentence(s) removed, 2 sentence(s) modified. Document contained 117 sentences after update.

View full change record →

Recent Provision Changes Jun 6, 2026

10 provisions unchanged.

View full change record →

Medium — 5 provisions

AI Model Training on User Content Compare →

The images you create and the text prompts you type into Ideogram can be used by the company to train its AI systems, making your inputs part of how the product learns and improves.

Added May 11, 2026 Standard Seen across 284 platforms
Cross-Border Data Transfers Compare →

Ideogram may move your personal data to countries, including the United States, that do not have the same level of privacy protection as your home country, and relies on standard contractual clauses as the legal mechanism for these transfers.

Added May 11, 2026 Standard Seen across 284 platforms
California CCPA/CPRA Rights Compare →

California residents have specific legal rights under state privacy law to see, delete, and opt out of the sale or sharing of their personal data, and Ideogram cannot penalize you for exercising these rights.

Added May 11, 2026 Standard Seen across 284 platforms
Third-Party Data Sharing with Service Providers Compare →

Ideogram shares your personal data with outside companies that help run the service, including companies handling payments, analytics, email, and marketing.

Added May 11, 2026 Standard Seen across 252 platforms
Cookies and Tracking Technologies Compare →

Ideogram and its partners use cookies and similar tools to track how you use the service, including which pages you visit and what you click on.

Added May 11, 2026 Standard Seen across 284 platforms

Low — 5 provisions

GDPR Rights for EU/EEA Users Compare →

If you are in the EU, UK, or Switzerland, you have legal rights to see, correct, delete, or move your personal data, and you can exercise them by emailing Ideogram directly.

Added May 11, 2026 Standard Seen across 284 platforms
Data Retention Compare →

Ideogram keeps your personal data for as long as it needs to in order to provide the service and meet legal obligations, without specifying a fixed retention period.

Added May 2, 2026 Standard Seen across 284 platforms
Children's Privacy Compare →

Ideogram's service is not intended for children under 13, and the company says it will delete data if it discovers a child under 13 has used the platform.

Added May 11, 2026 Standard Seen across 284 platforms
Policy Update Rights Compare →

Ideogram can change its privacy policy at any time and will notify you by email or a website notice if the changes are significant, but continued use of the service may constitute acceptance of updated terms.

Added May 11, 2026 Standard Seen across 284 platforms
Marketing Communications and Opt-Out Compare →

Ideogram may send you marketing emails and you can stop them by clicking the unsubscribe link in those emails or by emailing the company directly.

Added May 11, 2026 Standard Seen across 284 platforms