Kimi
Moonshot AI
Partial disclosure · High confidence
Dealbreaker flag
- Trains on user content (prompts, audio, images, videos, files) by default with no opt-out named in the policy.
Grants a full set of GDPR-style rights and says it does not sell data. It also trains on your content by default with no opt-out, and retention is vague.
What the policy says
Trains on inputs by default with no opt-out
User Content including prompts, audio, images, videos, and files is processed to provide and improve the Services, including training and optimizing the models, with the legal basis given as legitimate interests or consent depending on jurisdiction. The policy names no general training opt-out toggle. That absence sets the training dealbreaker flag.
Full data-subject rights
The policy grants explicit rights of access, rectification, erasure, restriction, data portability in a structured machine-readable format, objection, and consent withdrawal, with requests routed to membership@moonshot.ai.
Does not sell, sharing enumerated
It states the company does not sell personal information and lists processor categories such as hosting, payment, analytics, and security partners, though it does not link a named sub-processor list or DPA.
Vague retention and no named transfer safeguard
Retention is held only for as long as necessary with no day-count, deletion on account closure carries no timeline number, and international transfers cite appropriate safeguards and adequate protection without naming SCCs, adequacy, or DPF.
Details
- Category
- Assistant
- Modalities
- text
- Processes biometrics
- No
- Policy last updated
- 2025-07-07
- Region scored
- Global / US-default
- Assessed
- 2026-06-20
Every grade scores what an app discloses about its data governance in its public privacy policy and terms, not its verified behaviour. A strong policy can hide weak practice, and a thin policy can hide good practice.