Midjourney states that personal data it collects may include data gathered during the process of training its machine learning models, meaning your submitted prompts, images, and related information may be used to develop or improve its AI systems.
This analysis describes what Midjourney's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy explicitly identifies machine learning training as a context in which personal data is collected and used, which has implications for how users' submitted content and behavioral data may be processed beyond the immediate service interaction.
Interpretive note: The policy identifies ML training as a data collection context but does not specify which data categories are used in training or the lawful basis for this processing under GDPR, creating interpretive uncertainty about the scope of this provision.
The updated privacy policy removed language describing how Midjourney shares personal data, the security measures protecting that data, children's privacy safeguards, procedures for notifying users of policy changes, and links to related policies. Users no longer have explicit disclosure of these practices within the privacy policy itself. The removal of language on how policy changes are communicated may mean users have less notice of future privacy modifications than previously stated.
View change record →User-submitted prompts, uploaded images, and associated personal data may be processed in connection with Midjourney's machine learning model training, as stated in the policy's description of applicable data collection scopes.
How other platforms handle this
We use information to enhance the quality, reliability, and/or accuracy of our AI Features by creating, developing, training, testing, improving, and maintaining AI and ML models run by Strava or our service providers. We use aggregated, de-identified data for this purpose. We also use personal info...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Monitoring
Midjourney has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Applicability: This Policy applies to personal data that Midjourney collects, uses, and discloses and which may include: (i) data collected through the Services, (ii) data collected through the process of training Midjourney machine learning algorithms, (iii) data collected through Midjourney websites, and (iv) data collected from third party sources.— Excerpt from Midjourney's Midjourney Privacy Policy
1) REGULATORY LANDSCAPE: The use of personal data for machine learning training engages GDPR Articles 5, 6, and 13 regarding lawful basis, purpose limitation, and transparency, as well as CCPA requirements around disclosure of business and commercial purposes. The EU AI Act may also engage obligations depending on classification of Midjourney's systems. Relevant enforcement authorities include EU national data protection authorities, the UK ICO, and the FTC under unfair or deceptive practices standards. 2) GOVERNANCE EXPOSURE: High. The policy discloses ML training as a data use context but does not specify the lawful basis under GDPR for this processing, the categories of data used in training, or the data retention period for training data. This creates material exposure under GDPR's purpose limitation and data minimization principles, and may require a legitimate interests assessment or explicit consent depending on the data types involved. 3) JURISDICTION FLAGS: EEA, Switzerland, and UK users face heightened exposure because GDPR's lawful basis requirements apply to each specific processing purpose, including ML training. If user-submitted prompts or images are used to train models, the lawful basis must be identified and disclosed. California users may have deletion rights that extend to personal data used in training, which creates operational complexity if data has been incorporated into model weights. 4) CONTRACT AND VENDOR IMPLICATIONS: Organizations deploying Midjourney in enterprise contexts should evaluate whether vendor data processing agreements include provisions addressing the use of customer-submitted data in model training, including any opt-out mechanisms or data segregation commitments. This is a common due diligence trigger in enterprise AI procurement. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should evaluate whether the policy's disclosure of ML training as a data use purpose is accompanied by a clearly identified lawful basis for each relevant user jurisdiction, whether data subject deletion requests can be honored for data incorporated into trained models, and whether data minimization practices are in place to limit the categories of personal data used in training.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy explicitly identifies machine learning training as a context in which personal data is collected and used, which has implications for how users' submitted content and behavioral data may be processed beyond the immediate service interaction.
User-submitted prompts, uploaded images, and associated personal data may be processed in connection with Midjourney's machine learning model training, as stated in the policy's description of applicable data collection scopes.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Midjourney.