When the service ends, Mistral AI will delete or return your personal data. After 30 days from termination, the data will no longer be accessible.
This analysis describes what Mistral AI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The 30-day post-termination accessibility window defines a hard cutoff after which data retrieval or portability may not be possible, which customers must account for in their own data retention and business continuity planning. The provision defers to Mistral AI's internal deletion policies and procedures rather than specifying a deletion standard, which may limit customer visibility into the actual deletion process.
Business customers must complete any data export or retrieval within 30 days of service termination. The agreement states that deletion is conducted in accordance with Mistral AI's internal policies, which are referenced but not fully detailed in the DPA itself.
How other platforms handle this
Consensys reserves the right to change, suspend, or discontinue any aspect of the Services at any time, including hours of operation or availability of the Service or any feature, without notice and without liability.
We may update these terms and conditions at any time by giving you 30 days' notice. If you do not agree to the changes, you can close your account before the changes take effect. If you do not close your account, we will take this to mean that you accept the changes.
Twilio reserves the right to modify the terms of this Agreement at any time. Twilio will provide at least 30 days' notice of changes that materially alter your rights or obligations. Your continued use of the Services after any modification constitutes your acceptance of the updated Agreement.
Monitoring
Mistral AI has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"After the end of the provision of the Mistral AI Products, Mistral AI will delete or return to Customer all Personal Data Processed on Customer's behalf, in accordance with Mistral AI's deletion policies and procedures. Customer acknowledges that the Personal Data will no longer be accessible upon the expiry of a thirty (30) days period following the termination of the Customer's access to and use of the Mistral AI Products.— Excerpt from Mistral AI's Mistral AI Data Processing Addendum
(1) REGULATORY LANDSCAPE: This provision engages GDPR Article 28(3)(g), which requires processor agreements to address data deletion or return at the end of services. The provision is structured to satisfy this requirement but references Mistral AI's internal deletion policies rather than specifying a technical deletion standard (e.g., cryptographic erasure, secure overwrite). GDPR does not mandate a specific deletion timeline post-termination, but the 30-day window and internal policy reference may be evaluated by supervisory authorities in the context of controller accountability. (2) GOVERNANCE EXPOSURE: Low. The provision is consistent with standard industry practice for processor agreements. The primary risk is operational rather than regulatory: customers that fail to plan for data export before termination may lose access to data they need for their own compliance obligations (e.g., audit logs, records retention). (3) JURISDICTION FLAGS: Customers in regulated sectors (financial services, healthcare, public sector) may have data retention obligations that require access to data beyond 30 days post-termination, creating a conflict between their regulatory requirements and the DPA's deletion timeline. This is particularly relevant in the EU under sector-specific regulations and in the US under HIPAA, SEC, or FINRA record retention rules. (4) CONTRACT AND VENDOR IMPLICATIONS: Procurement teams should assess whether 30 days is sufficient for data export operations at the scale their deployment requires. The reference to Mistral AI's internal deletion policies should prompt a request for documentation of those policies as part of vendor due diligence, to ensure deletion standards meet the customer's own regulatory obligations. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should establish a data export protocol to be executed upon any notice of termination, and should request written confirmation of data deletion from Mistral AI following the 30-day period. Records of the deletion confirmation should be maintained as evidence of GDPR Article 28 compliance.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The 30-day post-termination accessibility window defines a hard cutoff after which data retrieval or portability may not be possible, which customers must account for in their own data retention and business continuity planning. The provision defers to Mistral AI's internal deletion policies and procedures rather than specifying a deletion standard, which may limit customer visibility into the actual deletion process.
Business customers must complete any data export or retrieval within 30 days of service termination. The agreement states that deletion is conducted in accordance with Mistral AI's internal policies, which are referenced but not fully detailed in the DPA itself.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Mistral AI.