For regular Le Chat users, your conversations are kept indefinitely until you delete them or close your account. For API users, conversations are kept for 30 rolling days for abuse monitoring, unless you have zero data retention enabled.
This analysis describes what Mistral AI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Le Chat conversations do not automatically expire, meaning every prompt and response you have ever sent is retained by Mistral AI until you take action to delete it, which creates a significant accumulating personal data record.
Le Chat users' full conversation history is retained indefinitely unless manually deleted or the account is closed; API users have a 30-day default retention window that can be reduced to zero, giving them more control over data minimization.
How other platforms handle this
We retain personal information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. The specific retention periods depend on the type of information and the purposes for which it is processed.
We keep information for as long as we need it to provide our products, comply with legal obligations, or for other legitimate purposes, such as to maintain safety, security, and integrity.
After your account is deleted, we keep data about interactions you've had on our service to prevent abuse, ban evaders and others in an effort to protect and ensure the safety and security of our service and our members.
Monitoring
Mistral AI has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Data we use to provide Le Chat to you: we keep your Input and Output until you delete your account or until you delete the conversation from Le Chat. [...] Except for specific APIs, we keep your Input and Output for the period necessary to generate the Output and then for thirty (30) rolling days to monitor abuse (unless zero data retention is activated).— Excerpt from Mistral AI's Mistral AI Privacy Policy
1. REGULATORY LANDSCAPE: This provision engages GDPR's data minimization and storage limitation principles, which require that personal data is kept no longer than necessary for the specified purpose. CNIL may evaluate whether indefinite retention of Le Chat conversations until user deletion satisfies the storage limitation requirement, or whether a maximum retention period should be specified. For API users, the 30-day rolling retention for abuse monitoring should be evaluated against proportionality requirements. 2. GOVERNANCE EXPOSURE: Medium. The indefinite retention of Le Chat conversations is conditional on user action to delete, which may not satisfy GDPR's storage limitation principle without a documented justification for the open-ended retention period. The zero data retention option for API users is a positive control mechanism but may not be uniformly available across all API tiers. 3. JURISDICTION FLAGS: EU and EEA users' rights to erasure under GDPR are relevant here; the policy does permit account deletion and conversation deletion as mechanisms. California residents may have CCPA deletion rights that require affirmative fulfillment within specified timeframes. Indefinite retention practices may face heightened scrutiny in jurisdictions with stricter data minimization requirements. 4. CONTRACT AND VENDOR IMPLICATIONS: Enterprise and API customers should confirm through contract terms whether zero data retention is available for their tier and what the process is to activate it. SLA and data processing addendum language should specify retention periods and deletion timelines to avoid ambiguity in vendor relationships. 5. COMPLIANCE CONSIDERATIONS: Legal teams should document the justification for indefinite Le Chat conversation retention and assess whether a maximum retention period or automatic deletion policy would better satisfy GDPR storage limitation principles. Data subject erasure request workflows should be tested to confirm that account deletion and conversation deletion are effective and complete. Retention schedules should be reflected in data processing records maintained under GDPR.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Le Chat conversations do not automatically expire, meaning every prompt and response you have ever sent is retained by Mistral AI until you take action to delete it, which creates a significant accumulating personal data record.
Le Chat users' full conversation history is retained indefinitely unless manually deleted or the account is closed; API users have a 30-day default retention window that can be reduced to zero, giving them more control over data minimization.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Mistral AI.