Here is our independent evaluation of Le Chat (Mistral AI), at the heart of the Web3 revolution and the quest for a sovereign and privacy-respecting AI. Based on an exclusive framework and a rigorous audit of publicly available data, this analysis reflects our vision of a future where privacy is a fundamental right.
The scoring system is based on a comprehensive guide created specifically for this project, accessible here. This ranking is dynamic, evolving with innovations and feedback from the decentralized community.
Our mission: to enlighten and inform, without filter or influence, to build together a fairer and more transparent AI ecosystem.
update : 25/08/06
Key Insights from the Mistral Privacy and Data Review
Model
- Premier Models: Codestral 25.08, Voxtral Mini Transcribe, Mistral OCR 25.05, Ministral 3B, Ministral 8B, Codestral 25.01, Mistral Large 2, Pixtral Large, Mistral Small 2, Mistral Embed, Codestral Embed, Mistral Moderation.
- Open Models: Voxtral Small, Voxtral Mini, Mistral Small 3.2, Mistral Small 3.1, Mistral Small 3, Codestral Mamba, Pixtral 12B, Mistral Nemo 12B, Mathstral 7B, Mixtral 8x7B, Mistral 7B.
Data Collection
Prompts stored: Mistral AI provides clear and transparent practices for data storage, with Le Chat inputs retained until user deletion (or zero retention activation) and API data stored for 30 days unless zero retention is enabled. Fine-Tuning and Agents API data retention is also clearly defined. The availability of zero data retention and alignment with GDPR standards justify an A rating, as these practices demonstrate a strong commitment to user privacy and data minimization.
Use for training: Users can opt out of data use for training, and Le Chat Pro is excluded from training by default unless users opt in, which is a best-in-class approach. Feedback mechanisms (e.g., “thumbs up/down”) are also opt-out, ensuring user control. This robust, user-centric approach to training data usage, combined with clear opt-out options, warrants an A rating for exceeding standard expectations
Account required: An account is required for La Plateforme and certain endpoints, typically involving an email or phone number. Standard API key registration is available for broader access. C
Data retention duration: Mistral clearly outlines retention periods: Le Chat data is kept until deletion, API data for 30 days (unless zero retention is activated), Fine-Tuning/Agents API data until account termination, and civil identity data for 5 years post-termination. While the long retention of civil identity data slightly impacts the score, the transparency and GDPR compliance, along with zero retention options, support a B rating, reflecting a strong but not perfect policy.
User Control
Deletion possible: Mistral offers multiple clear channels for data deletion, including account settings, a “Privacy Requests” form, and direct contact with the Privacy Team at support@mistral.ai. These accessible and user-friendly mechanisms align with GDPR requirements and demonstrate a strong commitment to user control, justifying an A rating for robust deletion processes.
Export possible: There is no explicit mention of data export options for users. This would typically be detailed in the user agreement or privacy policy. D
Granularity control: Limited granularity control is available, primarily through opt-in/opt-out for training and zero data retention requests. Free users can object to data processing via email, the Help Center, or letter, though Pro users have easier in-interface controls (e.g., two-click opt-out). B
Explicit user consent: Consent is implied via acceptance of Terms of Service and Privacy Policy. Explicit consent is required for non-essential cookies and certain training opt-ins. Free users’ right to object was added post-GDPR complaint in February 2025, ensuring compliance. B
Transparency
Clear policy: Mistral AI provides a Privacy Policy and Terms of Service, accessible via their website and Help Center. Specifics are detailed in these documents, though not always in public-facing extracts. B
Change notification: No explicit proactive notification process for policy changes is mentioned; users are advised to check the Privacy Policy regularly for updates. D
Model documentation: Extensive technical documentation is available for models, endpoints, and deployment (e.g., La Plateforme, Mistral OCR), ensuring high transparency for technical offerings. A
Privacy by Design
Encryption (core & advanced): Mistral AI employs end-to-end encryption for data in transit and at rest, with AES-256 used at the disk level for secure storage, ensuring robust data protection. A
Auditability & Certification: Certified under ISO 27001/9001/14001/50001 and ANSSI II-901, with regular audits to maintain high security and compliance standards. A
Transparency & Technical Documentation: Extensive technical documentation exists for models and deployment, but privacy-specific measures (e.g., data processing details) are less comprehensive, rated as partial. B
User-Configurable Privacy Features: Limited to zero data retention requests and training opt-out options. Pro users have easier access to opt-out controls via the interface. B
Hosting & Sovereignty
Sovereignty: Mistral AI is hosted in EU tier-3+ data centers, providing options for sovereign and private hosting. This ensures compliance with EU data protection regulations and enhances data sovereignty. A
Legal jurisdiction: Mistral AI operates under EU legal jurisdiction, which is known for strong data protection laws. This provides an additional layer of legal protection for user data. A
Local option: Mistral AI models can be self-hosted, allowing for local deployment and greater control over data. This is ideal for organizations with stringent data privacy requirements. A
Big Tech dependence: While some endpoints are available via Big Tech clouds (Azure, AWS, GCP), Mistral AI offers sovereign and self-hosting options, reducing dependence on Big Tech infrastructure. B
Open Source
Publicly available model: Many of Mistral AI’s models are fully open source, including weights, code, and training data. This promotes transparency and community collaboration. A
Clear open source license: Mistral AI models are released under Apache 2.0 or Mistral Research License, providing clear guidelines for use and modification. A
Inference code available: Inference code for open models is accessible, well-maintained, and documented on platforms like GitHub. This facilitates ease of use and integration. A
Remarks
Privacy and Data Review: Overall Score
79.3/100
- Data Collection : 20 + 20 + 5 + 15 = 60
- User Control : 20 + 0 + 15 + 15 = 50
- Transparency : 15 + 0 + 20 = 35
- Privacy by Design : 20 + 15 + 20 + 15 + 15 = 85
- Hosting & Sovereignty : 20 + 20 + 20 + 15 = 75
- Open Source : 20 + 20 + 20 = 60
Total : 60 + 50 + 35 + 85 + 75 + 60 = 365
23 x 20 = 460
365 / 460 x 100 = 79.3
This evaluation is provided for informational purposes only and reflects a subjective analysis based on publicly available data at the time of publication. We do not guarantee absolute accuracy and disclaim all liability for errors or misinterpretations. Any disputes must be submitted in writing to futurofintenet@proton.me
For full methodology, see our complete scoring guide here: LLM Privacy Rating Guide
