AI Model Training on User Content

What it is

The images you create and the text prompts you type into Ideogram can be used by the company to train its AI systems, making your inputs part of how the product learns and improves.

Why it matters (compliance & governance perspective)

Users may not expect that their creative prompts and generated images become training data for an AI system, and there is no clearly described opt-out mechanism for this specific use within the policy.

Consumer impact (what this means for users)

Every prompt you type and every image you generate may be retained and used to train Ideogram's AI models, meaning your creative content contributes to product development beyond your own session without a straightforward opt-out described in the policy.

What you can do

Institutional analysis (Compliance & governance intelligence)

(1) REGULATORY LANDSCAPE: This provision implicates GDPR Articles 5, 6, and 13 regarding lawful basis and transparency for secondary processing of personal data; the EU AI Act's emerging requirements for transparency about training data used in general-purpose AI models; and CCPA/CPRA regarding sharing of personal information for purposes beyond the original transaction. The FTC Act's unfair or deceptive practices framework is also relevant if the training use is not sufficiently disclosed at point of collection. Enforcement authorities include the European Data Protection Board, national EU supervisory authorities, the California Privacy Protection Agency, and the FTC. (2) GOVERNANCE EXPOSURE: High. The use of user-generated prompts and images for AI training without a clearly enumerated opt-out creates tension with GDPR's legitimate interests balancing test and CCPA's right to opt out of sharing. If prompts contain personal data about third parties or sensitive subject matter, the lawful basis for training use becomes more difficult to establish. The policy does not specify whether anonymization or aggregation is applied before training use. (3) JURISDICTION FLAGS: EU/EEA users face the highest exposure, as GDPR requires that secondary processing for AI training either falls within the original consent scope or satisfies a separate lawful basis with documented balancing. UK GDPR applies the same framework post-Brexit. California users may have CPRA opt-out rights if training use constitutes sharing for cross-context purposes. Canadian users are subject to PIPEDA's accountability and consent principles. (4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers deploying Ideogram in a B2B context should assess whether employee-generated prompts constitute personal data under their own data processing agreements and whether the AI training use is compatible with their vendor DPA requirements. Standard commercial DPAs typically require processors to refrain from using customer data for the processor's own model training without explicit authorization. (5) COMPLIANCE CONSIDERATIONS: Legal teams should evaluate whether a legitimate interests assessment has been documented for this processing purpose and whether it would survive regulatory scrutiny. Data mapping should capture the flow of prompt and image data into training pipelines and identify any third-party model training infrastructure. Consider whether a consent-based opt-in or a clearly accessible opt-out for training use would reduce regulatory risk, particularly for EU and California deployments.

Applicable agencies

Applicable regulations

Provision details

Other risks in this policy

• Cross-Border Data Transfers medium
• GDPR Rights for EU/EEA Users low
• California CCPA/CPRA Rights medium
• Third-Party Data Sharing with Service Providers medium
• Cookies and Tracking Technologies medium
• Data Retention low

Related Analysis

• AI Training Data Provisions Across Major Platforms: A Provision-Level Comparison

  How 10 AI platforms describe the use of user data for model training, improvement, and development, based on archived governance provisions.