Is Midjourney safe for work?
High risk · 97Midjourney, Inc. · Image · facts partly unverified, check sources
Midjourney is high-risk for default at-work use (97/100): it trains on your data by default.
97
High risk
Watch out: All prompts and generated images are public by default and licensed for model training, and Stealth Mode (Pro/Mega only) merely hides outputs from the public gallery without exempting them from training, so confidential work-related content should not be used.
Data and compliance facts
- Trains on consumer-tier data
- Yes
- Trains on business-tier data
- Yes
- Training opt-out available
- No
- SOC 2 Type II
- Unverified
- ISO 27001
- Unverified
- ISO 42001 (AI management)
- Unverified
- GDPR Data Processing Addendum
- Unverified
- HIPAA BAA
- Unverified
- EU data residency
- Unverified
- SSO / SAML
- Unverified
- Data retention
- Not specified in Midjourney's published Terms of Service or help docs; no defined retention or deletion timeline was found, and Midjourney retains a perpetual license to submitted content.
Why it scores 97 out of 100
- +30Trains on your data by default. On the free/consumer tier your inputs are used to train the vendor's models unless you change a setting.
- +22Trains on business-tier data. Even paid/team data may be used for training. That is unusual and high-risk.
- +12No SOC 2 Type II. No independent SOC 2 Type II attestation found.
- +6No ISO 27001. No ISO/IEC 27001 information-security certification found.
- +12No GDPR DPA. No standard Data Processing Addendum offered, a problem for any team with EU/UK users.
- +6No EU data residency. Data cannot be guaranteed to stay in the EU.
- +4No SSO/SAML. No enterprise single sign-on, so account access is harder to govern.
- +5No HIPAA BAA. No Business Associate Agreement, so do not use it with protected health information.