Mistral AI · Mistral AI Privacy Policy

Data Subject Rights Under GDPR

Low severity
Share 𝕏 Share in Share 🔒 PDF

What it is

Mistral AI is legally obligated to respond to requests from users who want to access, correct, delete, export, or restrict their personal data, and has a DPO contactable via a web form or by post.

Consumer impact (what this means for users)

You can formally request access to, correction of, deletion of, or a copy of your personal data held by Mistral AI by contacting their Data Protection Officer via the Privacy Requests form, and Mistral AI is legally required to respond.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Visit https://mistral.ai/en/contact and submit a Privacy Request addressed to the DPO. Specify the right you are exercising (e.g., erasure, access, portability) and provide your account details. Mistral AI must respond within one month under GDPR.

Cross-platform context

See how other platforms handle Data Subject Rights Under GDPR and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

EU and UK users have strong legal rights to control their personal data held by Mistral AI, including the right to delete their account data and object to model training use.

View original clause language
To reply to your requests to exercise your rights on your personal data [...] Your Civil Identity Data, Your Account Data, Your Contact Data, Any other personal data included in your privacy request [...] Our legal obligation to reply to your requests.

Institutional analysis (Compliance & legal intelligence)

(1) REGULATORY FRAMEWORK: This provision fulfils Mistral AI's obligations under GDPR Arts. 15–22, encompassing rights of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20), objection (Art. 21), and rights related to automated decision-making (Art. 22). GDPR Art. 12 requires responses within one month, extendable to three months for complex requests, with no fee for routine requests. The French Loi Informatique et Libertés provides equivalent rights. California CPRA §§1798.100–1798.125 provides parallel rights for California residents. (2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    The FTC has authority under Section 5 of the FTC Act over deceptive practices involving consumer data rights, and can act where a company fails to honour stated privacy commitments including data deletion or access rights.
    File a complaint →

Provision details

Document information
Document
Mistral AI Privacy Policy
Entity
Mistral AI
Document last updated
April 29, 2026
Tracking information
First tracked
April 30, 2026
Last verified
April 30, 2026
Record ID
CA-P-004356
Document ID
CA-D-00443
Evidence Provenance
Source URL
https://legal.mistral.ai/terms/privacy-policy
Wayback Machine
View archived versions →
SHA-256
73a02ec10fcf1627015be32bbcec27aa65278073cf29aaf0a9823340b9de2a08
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Mistral AI | Document: Mistral AI Privacy Policy | Record: CA-P-004356
Captured: 2026-04-30 08:58:00 UTC | SHA-256: 73a02ec10fcf1627…
URL: https://conductatlas.com/platform/mistral-ai/mistral-ai-privacy-policy/data-subject-rights-under-gdpr/
Accessed: May 2, 2026
Classification
Severity
Low
Categories
Unknown

Other provisions in this document