Midjourney states that it draws inferences about users, including conclusions about their preferences, psychological trends, behavior, and aptitude, and that these inferences are both collected and disclosed to third parties.
This analysis describes what Midjourney's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy confirms that Midjourney generates and discloses inferences about user characteristics and behavior, which under CCPA and CPRA may be subject to specific opt-out and deletion rights beyond standard data categories.
The updated privacy policy removed language describing how Midjourney shares personal data, the security measures protecting that data, children's privacy safeguards, procedures for notifying users of policy changes, and links to related policies. Users no longer have explicit disclosure of these practices within the privacy policy itself. The removal of language on how policy changes are communicated may mean users have less notice of future privacy modifications than previously stated.
View change record →Midjourney states it collects and discloses inferences drawn about users, including conclusions about preferences, psychological trends, and behavior; California residents have the right to request deletion and opt out of the sharing of this category of information.
How other platforms handle this
In the event of a merger, acquisition, reorganization, bankruptcy, or other similar event, your personal data may be transferred to a successor entity or third party as part of that transaction.
We may disclose your information if we believe that disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements. We may also disclose your information if we believe it...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
Monitoring
Midjourney has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Inferences Conclusions that could be used to create a profile reflecting an individual's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, aptitude. [Collected: YES. Disclosed: YES.]— Excerpt from Midjourney's Midjourney Privacy Policy
1) REGULATORY LANDSCAPE: Under CPRA amendments to the CCPA, inferences drawn from personal information to create a consumer profile are a defined category subject to specific consumer rights including deletion and opt-out of sharing. GDPR Article 22 and related recitals may also engage automated decision-making considerations depending on how inferences are operationalized. Enforcement authorities include the California Privacy Protection Agency and EU/UK data protection authorities. 2) GOVERNANCE EXPOSURE: Medium. The disclosure that inferences are both collected and shared with third parties triggers CPRA obligations around consumer profile data, including the right to opt out of sharing. The policy does not specify the mechanism by which inferences are generated or the third parties to whom they are disclosed, which may create gaps in required CCPA/CPRA disclosures. 3) JURISDICTION FLAGS: California residents have heightened rights under CPRA regarding consumer profile inferences. EEA and UK users may have rights to object to processing of inferences under GDPR legitimate interests grounds. Illinois and New York may also have relevant consumer protection considerations depending on the nature of inferences drawn. 4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise procurement teams should confirm whether vendor agreements address the generation and disclosure of inferences derived from organizational user activity, particularly if Midjourney services are used in professional or employment contexts where behavioral profiling of employees could raise additional legal considerations. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should assess whether the policy's disclosure of inference collection and sharing satisfies CPRA's specific requirements for consumer profile data, whether a do-not-share mechanism covers this category operationally, and whether data subject rights requests for deletion extend to derived inferences stored separately from raw personal data.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy confirms that Midjourney generates and discloses inferences about user characteristics and behavior, which under CCPA and CPRA may be subject to specific opt-out and deletion rights beyond standard data categories.
Midjourney states it collects and discloses inferences drawn about users, including conclusions about preferences, psychological trends, and behavior; California residents have the right to request deletion and opt out of the sharing of this category of information.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Midjourney.