Le Chat has a Memory feature that saves information from your past conversations to personalize future responses. If you mention health or other sensitive details in a prompt, that information may be stored and used to tailor answers to you.
This analysis describes what Mistral AI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Sensitive personal data such as health information that you casually mention in a chat prompt could be automatically stored and retained by the Memory feature, creating a personal profile that persists across your Le Chat sessions.
Interpretive note: The policy states explicit consent governs sensitive data saved as Memories, but the specific mechanism for obtaining that consent before sensitive data from free-form prompts is saved is not described in sufficient detail to confirm GDPR compliance.
The Memory feature may store health or other sensitive personal details mentioned in prompts; the policy states explicit consent governs sensitive data in Memories, but users should actively review and manage their Memory settings to control what is retained.
Cross-platform context
See how other platforms handle Memory Feature and Sensitive Data Storage and similar clauses.
Compare across platforms →Monitoring
Mistral AI has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"To enhance your experience on Le Chat via the Memory feature by providing you more relevant and personalized answers based on your past interactions with Le Chat. [...] Your Input (prompts). If you include sensitive data in your Input, such as health details, this data may be stored as a Memory to provide you with more relevant and personalized answers. [...] Your explicit consent for any sensitive data explicitly included in your input and saved as a Memory. You can: Access, add, delete or edit your Memories at all time through your settings. Turn off Memories at all times through your settings.— Excerpt from Mistral AI's Mistral AI Privacy Policy
1. REGULATORY LANDSCAPE: This provision engages GDPR's special category data rules, which require explicit consent and heightened protections for health data and other sensitive categories. The CNIL, as the lead supervisory authority for Mistral AI, would evaluate whether the consent mechanism for sensitive data in Memories is specific, informed, freely given, and unambiguous as required under GDPR. The EU AI Act's transparency requirements may also apply to AI systems that build persistent user profiles. 2. GOVERNANCE EXPOSURE: High. The mechanism by which explicit consent is obtained for sensitive data incidentally included in free-form chat prompts is not fully specified in this policy. Regulators may question whether a general notice in a privacy policy constitutes adequate explicit consent for special category data processing under GDPR. The distinction between 'explicitly included' sensitive data and incidentally mentioned sensitive data introduces interpretive ambiguity. 3. JURISDICTION FLAGS: EU and EEA users face heightened exposure given GDPR's strict requirements for special category data. Health data stored in Memories may also engage health data protection frameworks in other jurisdictions. Illinois BIPA would not directly apply unless biometric data is involved, but state-level health privacy laws may apply to US users. 4. CONTRACT AND VENDOR IMPLICATIONS: Organizations deploying Le Chat for employees or customers should assess whether the Memory feature's storage of employee or customer sensitive data creates additional data controller obligations or requires data processing agreements beyond standard terms. 5. COMPLIANCE CONSIDERATIONS: Legal teams should evaluate whether the consent mechanism for sensitive data in Memories meets GDPR's explicit consent standard, including whether users receive a specific, granular consent request before sensitive data is saved. A data mapping exercise should confirm how Memory data is stored, for how long, and whether it is segregated from other processing activities. User-facing controls (access, edit, delete, turn off) should be audited for ease of use and effectiveness.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Sensitive personal data such as health information that you casually mention in a chat prompt could be automatically stored and retained by the Memory feature, creating a personal profile that persists across your Le Chat sessions.
The Memory feature may store health or other sensitive personal details mentioned in prompts; the policy states explicit consent governs sensitive data in Memories, but users should actively review and manage their Memory settings to control what is retained.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Mistral AI.