Mistral AI · Mistral AI Privacy Policy

Data Retention — API Inputs and Outputs (30-Day Rolling Window)

Medium severity
Share 𝕏 Share in Share 🔒 PDF

What it is

For API users, Mistral AI keeps your prompts and AI responses for 30 days after generation to monitor for abuse, unless you have activated zero data retention. Agents API data is kept until you close your account.

Consumer impact (what this means for users)

If you or a business you use deploys Mistral AI's APIs, your conversation data is retained for up to 30 days for abuse monitoring unless the operator has enabled zero data retention — creating a window during which your data is accessible to Mistral AI.

Cross-platform context

See how other platforms handle Data Retention — API Inputs and Outputs (30-Day Rolling Window) and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Developers and businesses using the API should know their users' data is retained for 30 days by default, which may conflict with their own privacy commitments or data minimisation obligations.

View original clause language
Data we use to provide our APIs to you: Except for specific APIs, we keep your Input and Output for the period necessary to generate the Output and then for thirty (30) rolling days to monitor abuse (unless zero data retention is activated). If you use our Agents API, we keep your Input and Output until you terminate your account. If you use our Fine-Tuning API, we keep your fine-tuning data until you delete it from Mistral AI Studio or until you terminate your account.

Institutional analysis (Compliance & legal intelligence)

(1) REGULATORY FRAMEWORK: This provision implicates GDPR Art. 5(1)(e) (storage limitation principle), which requires personal data be kept no longer than necessary for the stated purpose. The 30-day retention for abuse monitoring must be justified by a documented necessity assessment. GDPR Art. 28(3)(g) requires data processing agreements to specify retention and deletion obligations, making this provision directly relevant to DPA compliance for commercial API customers. (2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    The FTC's authority over unfair or deceptive data practices extends to data retention practices that may conflict with representations made to consumers by operators using the Mistral AI API.
    File a complaint →

Provision details

Document information
Document
Mistral AI Privacy Policy
Entity
Mistral AI
Document last updated
April 29, 2026
Tracking information
First tracked
April 30, 2026
Last verified
April 30, 2026
Record ID
CA-P-004353
Document ID
CA-D-00443
Evidence Provenance
Source URL
https://legal.mistral.ai/terms/privacy-policy
Wayback Machine
View archived versions →
SHA-256
73a02ec10fcf1627015be32bbcec27aa65278073cf29aaf0a9823340b9de2a08
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Mistral AI | Document: Mistral AI Privacy Policy | Record: CA-P-004353
Captured: 2026-04-30 08:58:00 UTC | SHA-256: 73a02ec10fcf1627…
URL: https://conductatlas.com/platform/mistral-ai/mistral-ai-privacy-policy/data-retention-api-inputs-and-outputs-30-day-rolling-window/
Accessed: May 2, 2026
Classification
Severity
Medium
Categories
Unknown

Other provisions in this document