Midjourney collects your name, email, payment details, device information, IP address, how you use the service, everything you type or upload, and inferences it draws about your preferences.
This analysis describes what Midjourney's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy discloses a broad set of data categories collected across account, device, behavioral, and content dimensions, including the content of prompts and uploaded images, which may contain personal or sensitive information.
This provision means Midjourney collects not just account identifiers but also the substantive content of what you type (prompts) and upload, as well as behavioral and device data; users should be aware that creative and potentially personal content submitted via prompts is captured and retained by Midjourney.
Cross-platform context
See how other platforms handle Data Collection Scope and similar clauses.
Compare across platforms →Monitoring
Midjourney has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We collect information you provide directly to us, such as when you create an account, use the Services, or contact us for support. This includes: identifiers such as your name, email address, and username; payment information (processed through third-party payment processors); device and browser information; IP addresses; usage and interaction data; content you submit including prompts and uploaded images; and inferred preferences based on your use of the Services.— Excerpt from Midjourney's Midjourney Data Retention & Privacy FAQ
REGULATORY LANDSCAPE: The breadth of data collection described engages GDPR data minimization principles (Article 5), CCPA/CPRA disclosure requirements for categories of personal information collected, and FTC expectations for clear and conspicuous disclosure. Payment information processed through third-party processors may engage PCI DSS standards; the policy states payment data is handled by third-party processors, which limits Midjourney's direct PCI scope but does not eliminate vendor oversight obligations. GOVERNANCE EXPOSURE: Medium. The collection of inferred preferences and behavioral interaction data, combined with content-level data (prompts, images), creates a rich data profile. The policy's reference to inferred preferences may require evaluation under GDPR's automated decision-making provisions (Article 22) if inferences are used to make decisions affecting users. JURISDICTION FLAGS: California residents have CPRA rights to know, correct, and limit use of sensitive personal information. EU/EEA users have GDPR rights to access and data portability. The collection of IP addresses alongside behavioral data may constitute processing of location-related data under some EU DPA interpretations. CONTRACT AND VENDOR IMPLICATIONS: Data mapping exercises should account for the full scope of data categories disclosed, particularly prompt content, which may contain third-party personal data. Vendor assessments should confirm that third-party payment processors maintain adequate data security certifications. COMPLIANCE CONSIDERATIONS: Compliance teams should verify that consent mechanisms and privacy notices at point of collection accurately reflect all categories listed in the policy. Data retention schedules should be documented for each category, particularly for prompt and image content that may be used for AI training.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy discloses a broad set of data categories collected across account, device, behavioral, and content dimensions, including the content of prompts and uploaded images, which may contain personal or sensitive information.
This provision means Midjourney collects not just account identifiers but also the substantive content of what you type (prompts) and upload, as well as behavioral and device data; users should be aware that creative and potentially personal content submitted via prompts is captured and retained by Midjourney.
ConductAtlas has identified this type of provision across 12 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Midjourney.