If you connect an external service to Mistral AI, you are allowing Mistral AI to access that service, send your prompts to it, and store data from it. Mistral AI takes no responsibility for anything that happens with or through those third-party services, including data loss or misuse.
This analysis describes what Mistral AI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision delineates the scope of Mistral AI's operational responsibility when users connect the service to external platforms. It establishes that Mistral AI assumes no liability for third-party service performance, availability, or data handling, and explicitly disclaims responsibility for MCP server functionality and data processing conducted by those servers.
When you connect a third-party service or MCP server, your input data may be transmitted to and processed by that external service under its own terms, with Mistral AI disclaiming all responsibility for how that service handles your data. This creates a data flow outside Mistral AI's control that users must independently assess.
How other platforms handle this
If you use a third-party service — like a social network or login service — to access our services, those services will tell us basic information about you, like your username and profile picture. In addition, information about you may be shared with other businesses within the Snap Inc. corporate f...
We may share personal information with third-party service providers and partners who support our business operations, including identity verification providers, payment processors, analytics providers, marketing partners, and blockchain analytics companies.
You may elect to use or integrate platforms, add-ons, services, or products not provided by Exafunction ("Third-Party Platforms") (e.g. User IDE's, Web Search, MCP Servers) subject to your agreement with the relevant provider and not this Agreement. We do not control nor shall we have liability for ...
Monitoring
Mistral AI has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"By enabling these connections, you grant us the permission to (a) access the Third-Party Services, (b) send your Input to the Third-Party Service, and (c) where applicable, retrieve, process, and store the necessary data to use as Inputs to generate Outputs. You acknowledge that Third-Party Services are not Mistral AI Products and Mistral AI is not responsible for any Third-Party Service or your use of any Third-Party Service, including any disruptions, data loss, or issues with Mistral AI Products arising from your use of the Third-Party Service. Furthermore, if you use a MCP Server to connect a Mistral AI Product to a Third-Party Service, you acknowledge that Mistral AI has no control over such third-party MCP Server and bears no responsibility for your use of such MCP Server or for how the MCP Server processes or interprets your Input.— Excerpt from Mistral AI's Mistral AI Terms of Service
(1) REGULATORY LANDSCAPE: The third-party service integration provision creates data flows to external processors or controllers that may engage data protection law in user jurisdictions. Under UK GDPR and equivalent frameworks, users should understand that their data may be processed by third parties with separate privacy policies. The disclaimer of Mistral AI responsibility for MCP server data handling does not necessarily eliminate Mistral AI's status as a data controller for the initial data transmission. The FTC Act may engage if the risks of third-party data transmission are not adequately disclosed. (2) GOVERNANCE EXPOSURE: Medium. The MCP server disclaimer is notably broad, disclaiming responsibility for how the MCP server 'processes or interprets your Input.' As MCP servers are a relatively new integration mechanism, the security and privacy implications are not yet well-established in regulatory guidance, which creates uncertainty about appropriate due diligence standards. The liability disclaimer for third-party services combined with the general liability cap means users have very limited recourse if data loss or privacy violations occur through third-party connections. (3) JURISDICTION FLAGS: Organizations in regulated industries, such as financial services or healthcare, should assess whether connecting Mistral AI to third-party services via MCP servers creates regulated data flows that require contractual protections beyond what Mistral AI's terms provide. California users should consider whether CCPA rights apply to data shared with third-party services through Mistral AI integrations. (4) CONTRACT AND VENDOR IMPLICATIONS: Procurement teams should note that Mistral AI does not accept liability for third-party service integrations and does not warrant compatibility. Organizations deploying Mistral AI with third-party integrations should conduct independent vendor assessments of each connected service. The statement that Mistral AI has 'no control' over MCP servers should be understood as a liability allocation rather than a technical statement. (5) COMPLIANCE CONSIDERATIONS: Data mapping exercises should include all third-party services connected to Mistral AI products and should document the data flows, processing purposes, and applicable terms for each integration. Organizations should confirm that each connected third-party service has been assessed for compliance with applicable data protection law independently, as Mistral AI's disclaimer does not provide coverage for regulatory obligations that may attach to the organization.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision delineates the scope of Mistral AI's operational responsibility when users connect the service to external platforms. It establishes that Mistral AI assumes no liability for third-party service performance, availability, or data handling, and explicitly disclaims responsibility for MCP server functionality and data processing conducted by those servers.
When you connect a third-party service or MCP server, your input data may be transmitted to and processed by that external service under its own terms, with Mistral AI disclaiming all responsibility for how that service handles your data. This creates a data flow outside Mistral AI's control that users must independently assess.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Mistral AI.