Mistral AI · Mistral Terms of Use · View original document ↗

Data Processing Addendum for Commercial Customers

Medium severity Low confidence Explicitdocumentlanguage Common · 300 of 352 platforms
Share 𝕏 Share in Share 🔒 PDF
Monitor governance changes for Mistral AI Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

The document lists a Data Processing Addendum as a distinct legal document available to commercial customers, indicating a separate controller-processor or controller-controller agreement exists for business use cases.

This analysis describes what Mistral AI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

The reference to a named data processing addendum signals that commercial customers are subject to specific data-processing terms, though those terms are not stated here.

Interpretive note: The excerpt is a document title only. No substantive legal proposition is stated. The canonical claim is limited to the fact that the label exists.

Consumer impact (what this means for users)

This provision applies to commercial customers rather than individual consumers. Under this structure, businesses using Mistral AI services are directed to a separate Data Processing Addendum that governs how personal data is processed in a commercial context.

How other platforms handle this

Anthropic Medium

We will only collect, use and disclose your personal data with your consent, unless otherwise permitted or required by law. Your consent may be given expressly or implied, depending on the circumstances and the sensitivity of the information involved.

ZipRecruiter Medium

authorize ZipRecruiter to connect your account to the account of a "Connected Site" (e.g., Google, LinkedIn, Monster, Facebook or Twitter), we may be able to access information you have provided to the Connected Site...

NVIDIA NIM Medium

telemetry information collected includes: (i) microservice settings, (ii) usage data and (iii) hardware environment.

See all platforms with this clause type →

Monitoring

Mistral AI has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Get Monitor Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
Data Processing Addendum

— Excerpt from Mistral AI's Mistral Terms of Use

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

(1) REGULATORY LANDSCAPE: A Data Processing Addendum directly engages GDPR Article 28, which requires that controllers use only processors providing sufficient guarantees and that processing be governed by a binding contract. The relevant enforcement authority is the applicable EU data protection supervisory authority in the member state of establishment. UK GDPR imposes equivalent requirements for UK-based commercial customers. (2) GOVERNANCE EXPOSURE: High for commercial customers processing personal data via Mistral AI services. The DPA must be reviewed to confirm it satisfies GDPR Article 28 mandatory clauses including processing instructions, confidentiality, security measures, sub-processor obligations, data subject rights assistance, and deletion or return of data. (3) JURISDICTION FLAGS: EU and EEA commercial customers face mandatory DPA requirements under GDPR. UK commercial customers face equivalent requirements under UK GDPR. California-based commercial customers should evaluate whether CCPA service provider agreement provisions are addressed. (4) CONTRACT AND VENDOR IMPLICATIONS: Procurement and legal teams must access and review the full Data Processing Addendum text to assess sub-processor lists, international transfer mechanisms (such as Standard Contractual Clauses), audit rights, and incident notification timelines. The index page does not disclose whether the DPA is pre-signed, negotiable, or unilaterally imposed. (5) COMPLIANCE CONSIDERATIONS: Commercial customers should conduct a data mapping exercise to identify what personal data is transferred to Mistral AI, confirm the DPA addresses all GDPR Article 28 mandatory provisions, and evaluate whether the listed sub-processors are acceptable under their own data governance policies.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 3 platforms — free Get Monitor

Free: track 3 platforms + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • FTC
    The FTC has jurisdiction over data processing practices affecting US commercial customers where unfair or deceptive practices may be implicated
    File a complaint →

Applicable regulations

EU AI Act
European Union
California AB 2013 AI Training Data Transparency
US-CA
CCPA/CPRA
California, USA
Connecticut Data Privacy Act Amendments
US-CT
ePrivacy Directive
European Union
FTC Act Section 5
United States Federal
GDPR
European Union
Indiana Consumer Data Protection Act
US-IN
Kentucky Consumer Data Protection Act
US-KY
Universal Opt-Out Mechanism Expansion 2026
US

Provision details

Document information
Document
Mistral Terms of Use
Entity
Mistral AI
Document last updated
May 5, 2026
Tracking information
First tracked
May 9, 2026
Last verified
July 9, 2026
Record ID
CA-P-016336
Document ID
CA-D-00511
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
3454131ed601461331dc932b6fcb8fa5b0b4c3d0059a1a398b38538a0f36f252
Analysis generated
May 9, 2026 22:47 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: Mistral AI
Document: Mistral Terms of Use
Record ID: CA-P-016336
Captured: 2026-05-09 22:47:37 UTC
SHA-256: 3454131ed6014613…
URL: https://conductatlas.com/platform/mistral-ai/mistral-terms-of-use/provision/CA-P-016336/data-processing-addendum-for-commercial-customers/
Accessed: July 13, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
Medium
Categories

Other risks in this policy

Related Analysis

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Get Compliance

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Mistral AI's Data Processing Addendum for Commercial Customers clause do?

The reference to a named data processing addendum signals that commercial customers are subject to specific data-processing terms, though those terms are not stated here.

How does this clause affect you?

This provision applies to commercial customers rather than individual consumers. Under this structure, businesses using Mistral AI services are directed to a separate Data Processing Addendum that governs how personal data is processed in a commercial context.

How many platforms have this type of clause?

ConductAtlas has identified this type of provision across 300 platforms. See the full comparison.

Is ConductAtlas affiliated with Mistral AI?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Mistral AI.