Midjourney Data Retention & Privacy FAQ

This document is Midjourney's privacy policy (last updated June 2, 2025), governing the collection, use, and disclosure of personal information by Midjourney, Inc. in connection with its AI image generation services, operating under a consent and legitimate interests framework. The policy states that Midjourney collects identifiers (name, email, username), payment information, device and browser data, IP addresses, usage and interaction data, content users submit (prompts, uploaded images), and inferred preferences; the terms authorize sharing this data with service providers, business partners, payment processors, and third parties in the context of business transfers. A notable provision states that Midjourney may use submitted content and prompts to train and improve its AI models, and the policy discloses that images generated on the platform are generally public by default unless a user subscribes to a plan that includes a Stealth Mode feature, creating an operationally significant disclosure distinction relative to users who assume default privacy for their generated content. The policy engages GDPR and UK GDPR for EU and UK users (citing rights to access, correction, erasure, portability, and objection), CCPA/CPRA for California residents (disclosing categories of personal information and stating Midjourney does not sell personal information in the traditional sense but may share for cross-context behavioral advertising), and COPPA with respect to a stated minimum age of 13. Compliance teams should note that the policy's AI training use of user-submitted content, the default public image setting, and the scope of third-party data sharing each warrant careful evaluation under GDPR lawful basis requirements, CCPA opt-out obligations for sharing, and applicable AI-specific regulatory frameworks.