⚠ Key Privacy Concerns
Midjourney scores 38/100 (Grade D) under this methodology, the lowest grade among the AI services reviewed here. Creations are public by default, and Midjourney's own docs state they can surface on the Explore page even when made in private Discord servers or bot direct messages. Prompts and uploaded photos, videos, documents, and messages are collected as personal data; the policy states it covers data collected through training Midjourney's machine learning algorithms and describes no training opt-out; advertising cookies are treated as a possible CCPA "share"; and the architecture splits your data between two companies, Midjourney and Discord. Automated assessment of the published policy (Last Updated June 2, 2025), as of July 8, 2026; verify the current sources.
✓ Relative Strengths
The published documents state Midjourney does not sell personal information and does not store your credit card details (payment runs through processors). There is a real, self-service deletion path: account and associated data deleted within 30 days, with a 7-day window to reverse a mistaken request. And the law-enforcement section commits to promptly notifying you, with a copy of the request, unless legally prohibited, which is stronger notice language than many peers publish. Automated assessment, as of July 8, 2026.
Category Scores
What the policy lists: username, prompts (text, images, and spoken input summarized to text), photos, videos, documents and messages you input, IP address, usage data, tracking technologies and cookies, contact information, organizational information such as company title, email, and survey responses. The policy also states it covers data collected while training Midjourney's machine learning algorithms and from third-party sources such as public databases and the public internet. Automated read, as of July 8, 2026.
Who can get data: service providers, vendors, consultants and business partners, third-party analytics and advertising partners (cookies), acquirers in business transfers including bankruptcy, law enforcement (with a notice commitment), and, functionally, everyone: generations are publicly viewable and remixable by default, and Discord runs its own separate collection. The CCPA section concedes advertising cookies may be a "share," with an opt-out in Privacy Settings. Automated read, as of July 8, 2026.
How long: as long as necessary for the stated purposes, with legal-obligation carve-outs; usage data generally shorter. A published FAQ commits to deleting account and associated data within 30 days of a request (7-day reversal window). Two survivals temper this: the Terms of Service license over your content is perpetual and irrevocable and survives termination, and publicly posted generations may already have been viewed or remixed. Automated read, as of July 8, 2026.
Your controls: privacy for generations requires paying for Pro or Mega (Stealth Mode), and Stealth is best-efforts and limited to midjourney.com publication. The published documents describe no opt-out from model training. On the plus side: a CCPA sharing opt-out and cookie consent controls in Privacy Settings, and self-service deletion. Automated read, as of July 8, 2026.
Security posture: data is stored on Midjourney servers in the US per the published FAQ; the policy commits to commercially acceptable measures but expressly states absolute security cannot be guaranteed. The two-company architecture (Midjourney plus Discord) multiplies the surfaces where something can go wrong. No breach-notification commitments beyond law are published. Automated read, as of July 8, 2026.
Clarity: the CCPA table discloses categories collected (identifiers, commercial information, internet activity, uploaded images as sensory data, inferences), and access or portability requests get written responses within 45 days (extendable to 90), up to twice per 12 months. But how training-related collection interacts with user content is not explained, the Midjourney/Discord split is easy to miss, and the policy even mixes entity names (Midjourney, Inc. and Midjourney LLC). Automated read, as of July 8, 2026.
Analysis