What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: This policy engages the Australian Privacy Act 1988 and Australian Privacy Principles (as Leonardo Interactive Pty Ltd is an Australian entity), GDPR (for EU/EEA users, including Articles 13/14 transparency obligations, Chapter V cross-border transfer requirements, and Article 6 lawful basis), CCPA/CPRA (for California residents, including rights to know, delete, and opt out of sale/sharing), and COPPA (the policy states the service is not directed to users under 13). The …

How does Leonardo AI's Leonardo AI Privacy Policy affect users?

The agreement establishes that user-submitted prompts, generated images, and related usage data may be used by Leonardo AI to train and improve its AI models, subject to opt-out contact with the company. Under these terms, personal data including identifiers, device information, payment details, and content interactions may be shared with advertising, analytics, and payment processing partners. You can contact Leonardo AI's privacy team to request that your data not be used for AI model trainin…

How often is Leonardo AI's Leonardo AI Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Leonardo AI updates this document?

Yes. Monitor subscribers ($19/month) can add Leonardo AI to their watchlist and receive same-day email alerts whenever this document or any other Leonardo AI document changes.

CA-D-000480

Leonardo AI Privacy Policy

Leonardo AI

Last change detected June 2, 2026 Privacy policy

SHA-256: a80c784dc89e2f2e003… 4 versions captured 3 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Leonardo AI ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

7 Total

1 High severity

4 Medium severity

2 Low severity

Summary

Leonardo AI's privacy policy governs how Leonardo Interactive Pty Ltd collects and uses personal data from users of its AI image generation platform, covering data types including account identifiers, payment information, device data, usage activity, and the content and text prompts users submit to generate images. The policy states that user-submitted prompts and generated content may be used to train and improve Leonardo AI's models, which applies to all users unless they contact the company to opt out. The policy also authorizes cross-border transfers of personal data to recipients in countries outside Australia and the EU/EEA, and discloses use of third-party advertising, analytics, and payment processing partners.

Technical / Legal Breakdown

This document is Leonardo AI's privacy policy, governing the collection, use, storage, and disclosure of personal data by Leonardo Interactive Pty Ltd (an Australian entity) in connection with its AI-powered image and content generation platform, with stated legal bases including consent, contract performance, and legitimate interests. The policy states that Leonardo collects identifiers, contact information, payment details, usage data, device and browser information, AI-generated content and prompts, and communications metadata; the terms authorize sharing this data with service providers, analytics partners, advertising partners, payment processors, and business partners, and state that user-generated content and prompts may be used to train and improve AI models. The policy asserts a broad license over user content for AI model training purposes, and the stated retention periods and cross-border transfer mechanisms (including transfers from the EU/EEA and Australia to third-party recipients) warrant evaluation under GDPR Chapter V, the Australian Privacy Act 1988, and applicable data transfer adequacy frameworks. The policy engages GDPR (for EU/EEA users), the Australian Privacy Act 1988 and Australian Privacy Principles, CCPA/CPRA (for California residents), and COPPA (the policy states the service is not directed to children under 13); compliance exposure is heightened for EU users given cross-border transfer disclosures and the AI training use of personal data and prompts, which may require evaluation under GDPR Articles 13/14 disclosure obligations and the EU AI Act.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

3 important changes detected

4 versions captured · Last updated: June 2026

June 2, 2026

low

What changed Leonardo AI updated its privacy policy footer to add a reference to 'AI Character Generator' in the list of product features and services. This is a product navigation update with no material change to data governance, privacy rights, or security practices. The SOC 2 Type I and II accreditation statement remains unchanged.

Why this matters This change reflects the addition of a new product feature to Leonardo AI's product suite. The updated policy footer now lists 'AI Character Generator' alongside other image and video tools. No changes to data collection, privacy rights, retention practices, or security commitments are present in this update.

View full change record →

May 16, 2026

low

What changed Leonardo AI's privacy policy was updated on May 16, 2026 to add a reference to an 'AI Storyboard Generator' feature in the product navigation menu. This is a product feature disclosure change rather than a modification to privacy terms, data practices, rights, or obligations. The change does not alter what data Leonardo collects, how it processes information, what rights users have, or what security commitments the company makes.

Why this matters This change does not materially affect consumer privacy rights, data handling practices, or obligations under the Leonardo AI terms. The updated policy adds a product feature reference to the navigation menu without modifying any substantive privacy disclosures, data collection statements, or user protections. No action is required by users in response to this change.

View full change record →

May 14, 2026 low

Leonardo AI's privacy policy underwent minor navigation and menu restructuring on May 14, 2026. The changes involved reordering product links in the header and footer navigation (moving Video Editor and …

View change record →

Recent Provision Changes Jun 2, 2026

Added (2)

Cross-Border Personal Data Transfers Medium

This addition clarifies data transfer practices and safeguards for international transfers, which is critical for GDPR compliance and user protection in regulated jurisdictions.

User Data Rights and Opt-Out Mechanisms Medium

This new provision explicitly addresses regional data subject rights including CCPA compliance for California residents, providing users with actionable mechanisms to exercise their rights.

Removed (1)

Regional Data Subject Rights

This generic provision was replaced with the more detailed and actionable 'User Data Rights and Opt-Out Mechanisms' provision that specifies rights and contact procedures.

Modified (5)

AI Model Training Use of User Content and Prompts

Provision was expanded with explicit opt-out mechanism and severity escalated from medium to high, with excerpt now provided detailing the specific use of prompts and generated images.

Third-Party Data Sharing with Advertising and Analytics Partners

Provision was renamed to include specific mention of 'Advertising and Analytics Partners' and now includes detailed excerpt specifying the scope and limitations of third-party access.

Cookie and Tracking Technology Use

Provision now includes specific data types collected, tracking methods used, and explicit mention of user control mechanisms through browser settings and cookie consent tool.

Data Retention

Provision now includes specific excerpt detailing retention criteria and the commitment to secure deletion or anonymization of data.

Minors and Age Restriction

Provision was renamed to 'Children's Data Restriction' and now includes specific age threshold of 13, contact mechanism for parents/guardians, and explicit statement about not directing services to children.

View full change record →

High — 1 provision

AI Model Training Use of User Content and Prompts Compare →

The policy states that user-submitted prompts and generated images may be used by Leonardo AI to train and improve its AI models, with an opt-out available by contacting the company's privacy team.

Added May 20, 2026 Standard Seen across 284 platforms

Medium — 4 provisions

Cross-Border Personal Data Transfers Compare →

The policy states that personal data may be transferred to countries outside Australia and the EEA, and that the company states it uses mechanisms such as Standard Contractual Clauses for EEA transfers.

Added May 20, 2026 Standard Seen across 284 platforms
Third-Party Data Sharing with Advertising and Analytics Partners Compare →

The policy authorizes sharing of personal data with advertising, analytics, and operational service providers, stating that these parties access data only for specified purposes on Leonardo AI's behalf.

Added May 20, 2026 Standard Seen across 284 platforms
User Data Rights and Opt-Out Mechanisms Compare →

The policy states that users may have rights to access, correct, delete, or export their personal data depending on jurisdiction, and that California residents may opt out of the sale or sharing of personal information, with all requests submitted to privacy@leonardo.ai.

Added May 20, 2026 Standard Seen across 284 platforms
Children's Data Restriction Compare →

The policy states the platform is not directed to users under 13 and that the company does not knowingly collect personal data from children under 13, with a parental contact mechanism for reported violations.

Added May 20, 2026 Standard Seen across 284 platforms

Low — 2 provisions

Cookie and Tracking Technology Use Compare →

The policy states that Leonardo AI uses cookies, web beacons, and tracking technologies to collect IP addresses, browser type, operating system, referring URLs, device identifiers, and browsing activity, with user controls available via browser settings and a cookie consent tool.

Added May 9, 2026 Standard Seen across 284 platforms
Data Retention Compare →

The policy states that personal data is retained for the period necessary to provide services, meet legal obligations, resolve disputes, and enforce agreements, after which it is stated to be deleted or anonymized.

Added May 9, 2026 Standard Seen across 284 platforms