What are the institutional and regulatory implications of this document?

(1) REGULATORY EXPOSURE: This policy directly engages GDPR (Regulation 2016/679) Articles 5, 6, 7, 9, 13, 17, 20, 21, and 22; the French Loi Informatique et Libertés; and the EU AI Act (Regulation 2024/1689) insofar as large language model training and deployment is implicated. The primary enforcement authority is France's CNIL (Commission Nationale de l'Informatique et des Libertés), with Article 56 GDPR one-stop-shop mechanisms applicable for cross-border processing. California users may invo…

How does Mistral AI's Mistral AI Privacy Policy affect users?

Mistral AI collects your chat prompts, AI responses, feedback ratings, IP address, usage data, and account information when you use Le Chat or Mistral AI Studio. Free-tier users' conversations are used to train AI models unless they opt out, and a Memory feature may store sensitive personal details — including health information — mentioned in conversations. You can opt out of AI model training and turn off the Memory feature through your account settings on Mistral AI.

How often is Mistral AI's Mistral AI Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Mistral AI updates this document?

Yes. Watcher subscribers ($9.99/month) can add Mistral AI to their watchlist and receive same-day email alerts whenever this document or any other Mistral AI document changes.

Mistral AI Privacy Policy — Mistral AI

8 Total

2 High severity

4 Medium severity

2 Low severity

Summary

This is Mistral AI's privacy policy covering how the company collects and uses your personal data when you use products like Le Chat and Mistral AI Studio. The most important thing to know is that if you use the free version of Le Chat or free APIs, Mistral AI can use your chat messages and AI-generated responses to train its AI models unless you actively opt out. You can opt out of your conversations being used for AI model training through your account settings, and you can also turn off or delete the Memory feature that stores personal details from your conversations.

Technical Summary

This Privacy Policy, effective April 8, 2026, governs Mistral AI's collection and processing of personal data for individual users of its consumer-facing products (Le Chat, Mistral AI Studio), with Mistral AI (a French entity, SIREN 952 418 325) acting as data controller and invoking GDPR-compliant lawful bases including contractual performance, legitimate interest, and consent. The document creates significant obligations for Mistral AI to honor data subject rights (access, rectification, erasure, portability, objection, and restriction) and imposes opt-out rights for users regarding the use of their Inputs and Outputs for AI model training. Notably, the policy uses 'legitimate interest' as the lawful basis for AI model training on free-tier user Inputs and Outputs — a contested legal ground under GDPR that has drawn regulatory scrutiny across multiple EU supervisory authorities — and explicitly carves out paid API and Le Chat Enterprise users from this training use. The policy engages GDPR (Regulation 2016/679), the French Data Protection Act (Loi Informatique et Libertés), and the EU AI Act (Regulation 2024/1689); the primary enforcement authority is the French CNIL, though cross-border processing triggers Article 56 GDPR cooperation mechanisms with other EU supervisory authorities. Material compliance considerations include the adequacy of the legitimate interest assessment (LIA) for model training, the Memory feature's handling of sensitive health data under GDPR Article 9, and the policy's explicit exclusion of business users (who are directed to a separate Data Processing Addendum).

Evidence Provenance

Captured April 29, 2026 08:11 UTC

Document ID CA-D-000443

Version ID CA-V-001021

Source URL https://legal.mistral.ai/terms/privacy-policy

Wayback Machine View archived versions →

SHA-256 ab6ea5e3ac35578430bfa2c6958460947ea11b245373b931812b918094ad9b7d

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Cryptographically signed

Institutional Analysis

🔒 Institutional analysis locked

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Upgrade to Professional — $149/mo

Change Timeline

April 29, 2026 — Initial capture

Initial snapshot — monitoring begins

ab6ea5e3…

View full version history (0 captures) →

High Severity — 2 provisions

AI Model Training on Free-Tier User Inputs and Outputs

Mistral AI uses the messages you type and the AI's responses from the free version of Le Chat to train its AI models, unless you actively opt out in your account settings. Paid enterprise and API customers are automatically excluded from this.

Added April 30, 2026
Memory Feature and Sensitive Health Data Storage

Le Chat's Memory feature stores details from your conversations to personalise future responses, and if you mention health or other sensitive information, this may be saved as a 'Memory' — requiring your explicit consent for that sensitive data.

Added April 30, 2026

Medium Severity — 4 provisions

Data Retention — API Inputs and Outputs (30-Day Rolling Window)

For API users, Mistral AI keeps your prompts and AI responses for 30 days after generation to monitor for abuse, unless you have activated zero data retention. Agents API data is kept until you close your account.

Added April 30, 2026
Legitimate Interest as Lawful Basis for Product Improvement

Mistral AI uses your data including your conversations, feedback, and identity data to conduct research and improve its products, relying on 'legitimate interest' rather than your consent as the legal justification.

Added April 30, 2026
Third-Party Training Dataset Disclosure

Mistral AI trains its AI models using datasets from third parties and publicly available internet data, which may contain your personal information even after filtering attempts.

Added April 30, 2026
Data Retention for Le Chat Conversations

Mistral AI keeps all your Le Chat conversations indefinitely unless you delete them manually or close your account — there is no automatic expiry period for chat history.

Added April 30, 2026

Low Severity — 2 provisions

Data Subject Rights Under GDPR

Mistral AI is legally obligated to respond to requests from users who want to access, correct, delete, export, or restrict their personal data, and has a DPO contactable via a web form or by post.

Added April 30, 2026
IP Address Processing and Opt-Out

Mistral AI uses part of your IP address to tailor AI responses based on your location, but you can turn this off in your account preferences.

Added April 30, 2026

Cross-platform context

See how other platforms handle AI Model Training on Free-Tier User Inputs and Outputs and similar clauses.

Compare across platforms →