Mistral AI claims full ownership of all aggregated or anonymized data derived from how you use their products, including usage events, performance metrics, and feedback, and may use this data to build or improve its products.
This analysis describes what Mistral AI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The agreement asserts that usage-derived data is Mistral AI's sole property, meaning customers have no ownership or retrieval rights over this data category, and it is explicitly excluded from definitions of Customer Data or Outputs.
This provision means that data generated by your use of Mistral AI products, including how often you use features and performance metrics, belongs to Mistral AI and cannot be exported or deleted by customers as part of their data rights.
How other platforms handle this
We may share your personal information with our affiliates, meaning entities that control, are controlled by, or are under common control with Consensys. We also share information with service providers who assist in operating our services, subject to confidentiality obligations.
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
RedCard. We share information with our financial partners to operate the Target RedCard program.
Monitoring
Mistral AI has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We create aggregated or anonymized datasets or statistics based on usage and operational data related to your use of the Mistral AI Products (such as product usage events, performance metrics, billing metrics, and Feedback) (collectively, "Usage Data"). We may use the Usage Data for our business purposes, including to conduct research, improve the Mistral AI Products, create new Mistral AI Products, or enhance product performance, functionality, and user experience. Usage Data is the sole property of Mistral AI and does not constitute Customer Data or Outputs.— Excerpt from Mistral AI's Mistral AI Additional Product Terms
REGULATORY LANDSCAPE: This provision engages GDPR principles of purpose limitation and data minimization where usage data may contain or derive from personal data of end users or employees. If aggregation or anonymization is insufficient under GDPR standards, the assertion that this data is outside the scope of Customer Data may face regulatory challenge. The EU AI Act may also implicate obligations around training data transparency for AI systems. GOVERNANCE EXPOSURE: Medium. The broad definition of Usage Data, which includes Feedback and billing metrics, and the assertion of sole ownership may conflict with GDPR obligations if any personal data elements persist through the aggregation process. The exclusion of Usage Data from Customer Data definitions limits customers' ability to invoke data subject rights or contractual data protections over this category. JURISDICTION FLAGS: EU and EEA customers face the highest exposure given GDPR requirements on lawful basis for processing and data subject rights. California residents or businesses with California employee data may have additional considerations under CCPA. The document does not specify the anonymization standard applied, which is a relevant gap for EU compliance. CONTRACT AND VENDOR IMPLICATIONS: Procurement teams should assess whether the Usage Data definition captures data that their DPA or internal data governance policies treat as proprietary or personal. The claim that Usage Data is Mistral AI's sole property may conflict with enterprise data ownership clauses in negotiated agreements. B2B contracts that include audit rights over AI training data may be affected by this provision. COMPLIANCE CONSIDERATIONS: Legal teams should review whether the anonymization and aggregation processes described meet GDPR Article 4 definitions and EDPB anonymization guidance. Data mapping exercises should categorize Usage Data separately from Customer Data to reflect the contractual distinction. Organizations subject to internal AI governance policies should assess whether permitting this use of operational data is consistent with those policies.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The agreement asserts that usage-derived data is Mistral AI's sole property, meaning customers have no ownership or retrieval rights over this data category, and it is explicitly excluded from definitions of Customer Data or Outputs.
This provision means that data generated by your use of Mistral AI products, including how often you use features and performance metrics, belongs to Mistral AI and cannot be exported or deleted by customers as part of their data rights.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Mistral AI.