The images you create and the text prompts you type into Ideogram can be used by the company to train its AI systems, making your inputs part of how the product learns and improves.
This analysis describes what Ideogram's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Users may not expect that their creative prompts and generated images become training data for an AI system, and there is no clearly described opt-out mechanism for this specific use within the policy.
Interpretive note: The policy language is relatively brief on this point and does not specify whether anonymization is applied, whether an opt-out exists, or which lawful basis under GDPR is relied upon for this specific processing purpose.
The updated policy now provides explicit disclosure of which categories of personal information are collected and which parties receive each category. Previously, the policy required readers to consult other sections to identify this information. The updated table format discloses that identifiers such as name and email address, visual information including uploaded images, and geolocation data may be shared with other users, vendors, service providers, login integration partners, social media widgets, and affiliates. This change provides clearer visibility into data sharing practices without altering what data is collected or shared, but rather how that information is disclosed.
View change record →Every prompt you type and every image you generate may be retained and used to train Ideogram's AI models, meaning your creative content contributes to product development beyond your own session without a straightforward opt-out described in the policy.
How other platforms handle this
We use information to enhance the quality, reliability, and/or accuracy of our AI Features by creating, developing, training, testing, improving, and maintaining AI and ML models run by Strava or our service providers. We use aggregated, de-identified data for this purpose. We also use personal info...
Depending on where you are located, you may have certain rights regarding your personal information, including the right to access, correct, delete, or restrict processing of your personal information, the right to data portability, and the right to object to or withdraw consent for certain processi...
Depending on your location, you may have certain rights regarding your personal data, including the right to access, correct, delete, or port your data. EU and UK users may also have the right to object to or restrict certain processing. California residents may have the right to know, delete, corre...
Monitoring
Ideogram has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may use the content you provide to us, including prompts and generated images, to train and improve our AI models and services.— Excerpt from Ideogram's Ideogram Privacy Policy
(1) REGULATORY LANDSCAPE: This provision implicates GDPR Articles 5, 6, and 13 regarding lawful basis and transparency for secondary processing of personal data; the EU AI Act's emerging requirements for transparency about training data used in general-purpose AI models; and CCPA/CPRA regarding sharing of personal information for purposes beyond the original transaction. The FTC Act's unfair or deceptive practices framework is also relevant if the training use is not sufficiently disclosed at point of collection. Enforcement authorities include the European Data Protection Board, national EU supervisory authorities, the California Privacy Protection Agency, and the FTC. (2) GOVERNANCE EXPOSURE: High. The use of user-generated prompts and images for AI training without a clearly enumerated opt-out creates tension with GDPR's legitimate interests balancing test and CCPA's right to opt out of sharing. If prompts contain personal data about third parties or sensitive subject matter, the lawful basis for training use becomes more difficult to establish. The policy does not specify whether anonymization or aggregation is applied before training use. (3) JURISDICTION FLAGS: EU/EEA users face the highest exposure, as GDPR requires that secondary processing for AI training either falls within the original consent scope or satisfies a separate lawful basis with documented balancing. UK GDPR applies the same framework post-Brexit. California users may have CPRA opt-out rights if training use constitutes sharing for cross-context purposes. Canadian users are subject to PIPEDA's accountability and consent principles. (4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers deploying Ideogram in a B2B context should assess whether employee-generated prompts constitute personal data under their own data processing agreements and whether the AI training use is compatible with their vendor DPA requirements. Standard commercial DPAs typically require processors to refrain from using customer data for the processor's own model training without explicit authorization. (5) COMPLIANCE CONSIDERATIONS: Legal teams should evaluate whether a legitimate interests assessment has been documented for this processing purpose and whether it would survive regulatory scrutiny. Data mapping should capture the flow of prompt and image data into training pipelines and identify any third-party model training infrastructure. Consider whether a consent-based opt-in or a clearly accessible opt-out for training use would reduce regulatory risk, particularly for EU and California deployments.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Users may not expect that their creative prompts and generated images become training data for an AI system, and there is no clearly described opt-out mechanism for this specific use within the policy.
Every prompt you type and every image you generate may be retained and used to train Ideogram's AI models, meaning your creative content contributes to product development beyond your own session without a straightforward opt-out described in the policy.
ConductAtlas has identified this type of provision across 3 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Ideogram.