What are the institutional and regulatory implications of this document?

1. REGULATORY LANDSCAPE: This policy engages GDPR most directly given Mistral AI's French incorporation and EU operations, implicating requirements around lawful basis documentation, data subject rights (access, erasure, portability, objection), DPO appointment, and retention period justification. The EU AI Act may require evaluation given Mistral AI's role as a general-purpose AI model provider. CCPA may apply to California residents, though the policy does not explicitly address California-sp…

How does Mistral AI's Mistral AI Privacy Policy affect users?

Users of free-tier Mistral AI products operate under terms that authorize their chat inputs and outputs to be used for model training by default, with the burden of opt-out action placed on the user rather than requiring prior affirmative consent. The Memory feature's operation depends on explicit user consent for sensitive data categories, though the document does not specify the mechanics through which this consent is obtained or managed. Paid API and Le Chat Enterprise users are subject to d…

How often is Mistral AI's Mistral AI Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Mistral AI updates this document?

Yes. Monitor subscribers ($19/month) can add Mistral AI to their watchlist and receive same-day email alerts whenever this document or any other Mistral AI document changes.

CA-D-000443

Mistral AI Privacy Policy

Mistral AI

Last change detected May 6, 2026 Privacy policy

SHA-256: 07f15bc9cf914ef69a8… 2 versions captured 1 change documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Mistral AI ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

7 Total

0 High severity

4 Medium severity

3 Low severity

Summary

This document establishes Mistral AI's data processing practices for personal data collected through its products, including Le Chat and Mistral AI Studio. The policy authorizes the use of chat prompts and AI-generated responses for model training purposes under a legitimate interest legal basis, with this processing applied by default to free-tier users unless an opt-out election is made through account settings. The policy excludes paid API tiers and Le Chat Enterprise from this default model training use, and establishes separate processing terms for the Memory feature, which stores user-provided information including health data under an explicit consent requirement.

Technical / Legal Breakdown

This document is Mistral AI's Privacy Policy (effective April 8, 2026), governing personal data collection, use, and retention for consumer-facing products including Le Chat and Mistral AI Studio, with Mistral AI (a French company) acting as data controller under GDPR principles. The policy states it uses contractual necessity, legitimate interest, and consent as lawful bases for processing; notably, the terms authorize use of user Inputs and Outputs for AI model training under a legitimate interest basis unless users opt out, with an explicit carve-out stating that Le Chat Enterprise and paid API users are excluded from this training use. The training opt-out structure, reliance on legitimate interest rather than consent for model training, and the Memory feature's potential to store sensitive health data represent operationally distinct provisions; the policy asserts that sensitive data in the Memory feature is processed on explicit consent, though the degree to which incidental inclusion of sensitive data in prompts triggers adequate prior consent mechanisms warrants evaluation. As a French company with EU-based operations, this policy engages GDPR most directly, including obligations around data subject rights, lawful basis documentation, and DPO appointment; the EU AI Act may also require evaluation given Mistral AI's role as an AI model provider, and California residents may have additional rights under CCPA that are not explicitly addressed in this document.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

1 important change detected

2 versions captured · Last updated: May 2026

May 6, 2026

low

What changed Mistral AI corrected a typo in their privacy policy header on May 6, 2026. The text "Applicant Privacy POlicy" was changed to "Applicant Privacy Policy" (fixing the capitalization of "Policy"). This is a minor editorial correction with no material impact on your privacy rights or the company's data practices.

Why this matters This change is a spelling correction only and does not affect Mistral AI's privacy practices, data handling, or your rights. The company fixed a typo in the document navigation menu ("POlicy" to "Policy"), but the actual privacy policy terms remain unchanged. No action is needed on your part.

View full change record →

Medium — 4 provisions

Model Training Use of User Inputs and Outputs Compare →

By default, Mistral AI may use the prompts you type and the AI responses you receive to improve and train its AI models, unless you actively opt out. This does not apply if you pay for an API plan or use Le Chat Enterprise.

Added May 11, 2026 Standard Seen across 284 platforms
Memory Feature and Sensitive Data Storage Compare →

Le Chat has a Memory feature that saves information from your past conversations to personalize future responses. If you mention health or other sensitive details in a prompt, that information may be stored and used to tailor answers to you.

Added May 8, 2026 Standard Seen across 284 platforms
Data Retention for Le Chat Inputs and Outputs Compare →

For regular Le Chat users, your conversations are kept indefinitely until you delete them or close your account. For API users, conversations are kept for 30 rolling days for abuse monitoring, unless you have zero data retention enabled.

Added May 11, 2026 Standard Seen across 284 platforms
Third-Party Training Datasets Compare →

Mistral AI trains its AI models using data collected from the public internet and from third-party datasets, both of which may contain personal data about individuals who never interacted with Mistral AI and did not consent to this use.

Added May 11, 2026 Standard Seen across 284 platforms

Low — 3 provisions

IP Address Processing and Location-Based Output Personalization Compare →

Mistral AI uses part of your IP address to infer your location and tailor AI responses based on where you are. You can turn this off in your account settings.

Added May 11, 2026 Standard Seen across 284 platforms
Data Subject Rights and DPO Contact Compare →

Mistral AI provides a Data Protection Officer and a dedicated contact form for users who want to exercise their privacy rights, such as accessing, correcting, or deleting their personal data.

Added May 8, 2026 Standard Seen across 284 platforms
Hugging Face Data Collection Compare →

If you download a Mistral AI model from the Hugging Face platform, Mistral AI collects your Hugging Face username and email address for license enforcement and to send you product communications.

Added May 11, 2026 Standard Seen across 284 platforms

Monitoring

Mistral AI has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle AI Model Training on Free-Tier User Inputs and Outputs and similar clauses.

Compare across platforms →

Archival ProvenanceSource & Archival Record

Last Captured May 6, 2026 16:08 UTC

Capture Method Automated scheduled archival capture

Document ID CA-D-000443

Version ID CA-V-002291

Source URL https://legal.mistral.ai/terms/privacy-policy

Wayback Machine View external archival references →

SHA-256 07f15bc9cf914ef69a810d1d1e0c5c975c9bba6e16f039bdc4401d810fe3c9b7

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

Mistral AI Privacy Policy

May 6, 2026

Monitor governance changes across the platforms you rely on.