What are the institutional and regulatory implications of this document?

1) REGULATORY LANDSCAPE: This policy engages GDPR and UK GDPR for EEA, Switzerland, and UK users, citing consent, contract performance, and legitimate interests as legal bases; the California Consumer Privacy Act (CCPA) for California residents, with disclosures across categories including identifiers, commercial information, internet activity, sensory data, and inferences; and COPPA for users under 13. The policy's assertion that cross-border data transfers are authorized by user consent to th…

How does Midjourney's Midjourney Privacy Policy affect users?

The policy establishes that user-submitted prompts, uploaded images, IP addresses, usage data, and cookies are collected and may be shared with service providers, advertising partners, and analytics companies. The document authorizes use of personal data in connection with machine learning model training. Users in the EU, UK, and California may exercise data subject rights—including access, deletion, and portability—by submitting requests through www.midjourney.com/account.

How often is Midjourney's Midjourney Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Midjourney updates this document?

Yes. Watcher subscribers ($9.99/month) can add Midjourney to their watchlist and receive same-day email alerts whenever this document or any other Midjourney document changes.

CA-D-000094

Midjourney Privacy Policy

Midjourney

Last change detected May 2, 2026 Privacy policy

SHA-256: b45bf00132dfd3f872c… 4 versions captured 4 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Midjourney ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

10 Total

0 High severity

6 Medium severity

4 Low severity

Summary

This document establishes Midjourney's data collection and processing practices for users of its website, Discord servers, and related services. Midjourney collects usernames, submitted prompts and images, IP addresses, browsing activity, cookies, and derived behavioral inferences, with authorization to share this information with advertising partners, analytics providers, and acquirers in business transactions. Users in the EU, UK, and California are granted rights to request access, correction, and deletion of personal data through www.midjourney.com/account.

Technical / Legal Breakdown

This document is Midjourney's privacy policy (last updated June 2, 2025) governing the collection, use, and disclosure of personal data collected through midjourney.com, Discord servers administered by Midjourney, and any other means of accessing the Services, with legal bases including consent, contract performance, and legitimate interests. The agreement states that Midjourney collects identifiers, IP addresses, user prompts (including text, images, and spoken input converted to text), usage data, cookies, contact information, organizational information, commercial information, internet activity, sensory data (uploaded images), and inferences drawn about users; the terms authorize sharing this data with service providers, analytics and advertising partners, and third parties in the context of business transfers or law enforcement requests. The policy discloses that Midjourney draws inferences about users to create profiles reflecting preferences, characteristics, and behavior, and that personal data may be used for machine learning training, which represents a materially distinct operational scope compared to many consumer-facing service privacy policies; the agreement asserts that cross-border data transfers are authorized by user consent to the policy itself, a mechanism whose adequacy under GDPR and UK data protection law may require evaluation beyond the assertion made here. The policy engages GDPR and UK GDPR for EEA, Switzerland, and UK users, citing consent, contract performance, and legitimate interests as legal bases, and the CCPA for California residents, disclosing collection and disclosure across multiple data categories including identifiers, commercial information, internet activity, sensory data, and inferences; EU users are provided rights to access, correction, deletion, portability, and objection, while California residents receive CCPA-specific rights including a do-not-sell or share opt-out. Compliance teams should note that the policy's use of personal data to train machine learning models, combined with the breadth of collected data categories including user-submitted prompts and uploaded images, creates material data governance obligations under GDPR and CCPA that warrant ongoing audit of consent mechanisms, data retention schedules, and vendor data processing agreements.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

4 important changes detected

4 versions captured · Last updated: May 2026

May 2, 2026

low

What changed Midjourney restructured its Privacy Policy on May 2, 2026 by adding table of contents entries and section headers for standard privacy topics including data collection, data sharing, security, children's privacy, third-party links, policy changes, and supplemental regional terms. The underlying policy content remains functionally the same; the change is organizational and structural in nature, making the document more navigable and establishing clearer section boundaries.

Why this matters The restructured Privacy Policy does not appear to change the actual terms of data collection, use, or protection. The addition of section headers and a table of contents improves document organization and accessibility. Existing privacy rights, disclosures, and obligations remain in place under the reorganized structure.

View full change record →

April 21, 2026

high

What changed Midjourney removed 7 sentences and structural elements from its Privacy Policy on April 21, 2026, including the introduction, sections on sharing personal data, security, children's privacy, links to other websites, and policy change procedures. The document now contains 127 sentences. The removed language appears to include core privacy disclosures and procedural safeguards that were previously indexed as separate policy sections.

Why this matters The updated privacy policy removed language describing how Midjourney shares personal data, the security measures protecting that data, children's privacy safeguards, procedures for notifying users of policy changes, and links to related policies. Users no longer have explicit disclosure of these practices within the privacy policy itself. The removal of language on how policy changes are communicated may mean users have less notice of future privacy modifications than previously stated.

View full change record →

April 19, 2026 low

Midjourney's privacy policy was reorganized on April 19, 2026 to add structural headings and table of contents entries. The update added seven new section headers covering Introduction, Data Sharing, Security, …

View change record →

March 16, 2026 low

Midjourney removed structural navigation and organizational elements from its Privacy Policy on March 16, 2026, including section headings for introduction, data sharing, security, children's privacy, external links, and policy update …

View change record →

Medium — 6 provisions

Use of Personal Data for Machine Learning Training Compare →

Midjourney states that personal data it collects may include data gathered during the process of training its machine learning models, meaning your submitted prompts, images, and related information may be used to develop or improve its AI systems.

Added May 12, 2026 Common Seen across 104 platforms
Inference Generation and Disclosure

Midjourney states that it draws inferences about users, including conclusions about their preferences, psychological trends, behavior, and aptitude, and that these inferences are both collected and disclosed to third parties.

Added May 12, 2026 Rare
Advertising and Analytics Cookie Sharing Compare →

Midjourney states it may share your personal information with third-party advertising and analytics partners who use cookies or similar technologies to measure performance and deliver targeted ads.

Added May 12, 2026 Standard Seen across 189 platforms
Cross-Border Data Transfer via Policy Consent Compare →

Midjourney states that agreeing to this privacy policy and submitting your data constitutes your consent to transferring personal data across borders, including to jurisdictions with different data protection laws.

Added May 12, 2026 Standard Seen across 262 platforms
CCPA Do Not Sell or Share Opt-Out Compare →

Midjourney states it does not sell personal information but acknowledges it may share personal information with advertising cookie partners, and that California residents have the right to opt out of this sharing.

Added May 7, 2026 Standard Seen across 262 platforms
Data Retention Policy Compare →

Midjourney states it retains personal data only as long as necessary for the purposes described in the policy, and may retain data longer to comply with legal obligations, resolve disputes, or improve service security and functionality.

Added April 3, 2026 Standard Seen across 223 platforms

Low — 4 provisions

Law Enforcement Disclosure with User Notification Compare →

Midjourney states it will notify users and provide a copy of any law enforcement request for their personal data, unless legally prohibited from doing so, such as by a court-issued gag order.

Added May 12, 2026 Standard Seen across 246 platforms
GDPR and UK GDPR User Rights Compare →

Users in the EEA, Switzerland, and UK have the right to access, correct, delete, port, restrict, or object to processing of their personal data, and may withdraw consent at any time or lodge a complaint with a data protection authority.

Added May 12, 2026 Standard Seen across 262 platforms
Business Transfer of Personal Data Compare →

Midjourney states that your personal data may be transferred to another company as part of a merger, acquisition, bankruptcy, or sale of business assets.

Added May 7, 2026 Standard Seen across 246 platforms
Children's Privacy and COPPA Compliance Compare →

Midjourney states its service is not directed at children under 13 and that it will delete personal data collected from children under 13 if it becomes aware of such collection without parental consent.

Added May 7, 2026 Common Seen across 155 platforms