Mistral Le Chat
Mistral AI
Good disclosure · High confidence
A detailed GDPR policy with strong rights, an account-level training opt-out, named retention windows, and a clear statement that it does not sell or run targeted advertising.
What the policy says
Training opt-out exists but is on by default
The policy uses Le Chat inputs and outputs to train models subject to your opt-out, and offers a control to object to the use of your input and output data for model training directly from your account. Paid API use and Le Chat Enterprise are excluded from training. Training by default with an opt-out keeps the grade at B.
Does not sell or share for advertising
Mistral states it has not sold, shared, or engaged in targeted advertising with any consumer personal data in the preceding 12 months, which earns full credit on the ad-sharing indicator.
Concrete retention with user-controlled deletion
Le Chat inputs and outputs are kept until you delete your account or delete the conversation. API inputs default to thirty rolling days for abuse monitoring with a zero-data-retention option, and named multi-year ladders cover identity, account, billing, and lead data.
Named international safeguard and DPO, thinner security detail
International transfers rely on the European Commission Standard Contractual Clauses under Article 46 GDPR, and a Data Protection Officer is named with a contact route. Security safeguards are described only generically, and breach notification is silent.
Details
- Category
- Assistant
- Modalities
- text
- Processes biometrics
- No
- Policy last updated
- 2026-04-07
- Region scored
- Global / US-default
- Assessed
- 2026-06-20
Every grade scores what an app discloses about its data governance in its public privacy policy and terms, not its verified behaviour. A strong policy can hide weak practice, and a thin policy can hide good practice.