Midjourney states that personal data it collects may include data gathered during the process of training its machine learning models, meaning your submitted prompts, images, and related information may be used to develop or improve its AI systems.
This analysis describes what Midjourney's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy explicitly identifies machine learning training as a context in which personal data is collected and used, which has implications for how users' submitted content and behavioral data may be processed beyond the immediate service interaction.
Interpretive note: The policy identifies ML training as a data collection context but does not specify which data categories are used in training or the lawful basis for this processing under GDPR, creating interpretive uncertainty about the scope of this provision.
The updated privacy policy removed language describing how Midjourney shares personal data, the security measures protecting that data, children's privacy safeguards, procedures for notifying users o…
User-submitted prompts, uploaded images, and associated personal data may be processed in connection with Midjourney's machine learning model training, as stated in the policy's description of applicable data collection scopes.
How other platforms handle this
We use your personal data to develop, train, and improve our artificial intelligence and machine learning models. This includes using your transaction data, behavioral data, and interaction data to enhance our fraud detection, credit assessment, and personalization capabilities. We take steps to pro...
We use Personal Data to detect and prevent fraud, and to develop and improve our fraud detection models and other machine learning systems. This may include using transaction data, device information, and other Personal Data to train and refine our systems.
engage in any of the foregoing in connection with any use, creation, development, modification, prompting, fine-tuning, training, testing, benchmarking or validation of any artificial intelligence or machine learning tool, model, system, algorithm, product or other technology ("AI Tool").
Monitoring
Midjourney has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Applicability: This Policy applies to personal data that Midjourney collects, uses, and discloses and which may include: (i) data collected through the Services, (ii) data collected through the process of training Midjourney machine learning algorithms, (iii) data collected through Midjourney websites, and (iv) data collected from third party sources.— Excerpt from Midjourney's Midjourney Privacy Policy
1) REGULATORY LANDSCAPE: The use of personal data for machine learning training engages GDPR Articles 5, 6, and 13 regarding lawful basis, purpose limitation, and transparency, as well as CCPA requirements around disclosure of business and commercial purposes. The EU AI Act may also engage obligations depending on classification of Midjourney's systems. Relevant enforcement authorities include EU national data protection authorities, the UK ICO, and the FTC under unfair or deceptive practices standards. 2) GOVERNANCE EXPOSURE: High. The policy discloses ML training as a data use context but does not specify the lawful basis under GDPR for this processing, the categories of data used in training, or the data retention period for training data. This creates material exposure under GDPR's purpose limitation and data minimization principles, and may require a legitimate interests assessment or explicit consent depending on the data types involved. 3) JURISDICTION FLAGS: EEA, Switzerland, and UK users face heightened exposure because GDPR's lawful basis requirements apply to each specific processing purpose, including ML training. If user-submitted prompts or images are used to train models, the lawful basis must be identified and disclosed. California users may have deletion rights that extend to personal data used in training, which creates operational complexity if data has been incorporated into model weights. 4) CONTRACT AND VENDOR IMPLICATIONS: Organizations deploying Midjourney in enterprise contexts should evaluate whether vendor data processing agreements include provisions addressing the use of customer-submitted data in model training, including any opt-out mechanisms or data segregation commitments. This is a common due diligence trigger in enterprise AI procurement. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should evaluate whether the policy's disclosure of ML training as a data use purpose is accompanied by a clearly identified lawful basis for each relevant user jurisdiction, whether data subject deletion requests can be honored for data incorporated into trained models, and whether data minimization practices are in place to limit the categories of personal data used in training.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
How 10 AI platforms describe the use of user data for model training, improvement, and development, based on archived governance provisions.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy explicitly identifies machine learning training as a context in which personal data is collected and used, which has implications for how users' submitted content and behavioral data may be processed beyond the immediate service interaction.
User-submitted prompts, uploaded images, and associated personal data may be processed in connection with Midjourney's machine learning model training, as stated in the policy's description of applicable data collection scopes.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Midjourney.