Midjourney can be used at work only under specific conditions. Our verdict for a typical 50–500 person company handling client or regulated data: Limited. Generations are publicly visible by default unless you pay for Stealth Mode, and there is no enterprise governance surface. Fine for moodboards and ideation. Never upload client assets or unreleased product designs — "public by default" and NDAs do not mix.
| Vendor | Midjourney |
|---|---|
| Category | Image generation |
| Our tier verdict | Limited — Generations are publicly visible by default unless you pay for Stealth Mode, and there is no enterprise governance surface. |
| Trains on your data? | Yes. Midjourney’s terms grant it broad rights to prompts and generated images; images are public in the community feed by default on most plans. |
| Data retention | Prompts and images live in Midjourney’s systems and (by default) the public gallery; Stealth Mode on higher-tier plans limits public visibility. |
| Admin controls | None meaningful — no SSO, no admin console, no centralized workspace. |
| Compliance certifications | Not publicly documented |
| HIPAA / BAA | No. |
Midjourney’s terms grant it broad rights to prompts and generated images; images are public in the community feed by default on most plans.
Retention: Prompts and images live in Midjourney’s systems and (by default) the public gallery; Stealth Mode on higher-tier plans limits public visibility.
No. As a rule: no signed Business Associate Agreement means no protected health information (PHI) — regardless of how good the vendor’s general security posture is.
HIPAA is the gate: No. Until a BAA is confirmed in writing, treat Midjourney as off-limits for anything containing PHI — patient names, appointment details, clinical notes, even "anonymized" summaries that could be re-identified.
For SEC/FINRA-regulated firms the questions are recordkeeping and confidentiality: can communications through Midjourney be captured for books-and-records requirements, and do the data terms hold up in vendor due diligence? None meaningful — no SSO, no admin console, no centralized workspace.
The privilege question comes first: entering client-confidential facts into any third-party AI service must be evaluated as a potential disclosure. Because training/retention on Midjourney depends on account type and settings, assume client matter data is off-limits unless your firm controls the account and has verified the terms.
Why the tier verdict is "generic": Limited is the right starting classification for most 50–500 person companies — but a healthcare company, a law firm, and a SaaS startup should not have identical tool lists. The $79 policy kit classifies Midjourney and 24+ other tools specifically for your industry, company size, and the data your team handles.
And it goes stale: vendor data policies change quietly — a terms update can move a tool between tiers overnight. The $149/mo Monitor plan exists precisely because this page is only accurate as of July 2026.
Midjourney can be used at work only under specific conditions. Our verdict for a typical 50–500 person company handling client or regulated data: Limited. Generations are publicly visible by default unless you pay for Stealth Mode, and there is no enterprise governance surface. Fine for moodboards and ideation. Never upload client assets or unreleased product designs — "public by default" and NDAs do not mix.
Midjourney’s terms grant it broad rights to prompts and generated images; images are public in the community feed by default on most plans.
No. As a rule: no signed Business Associate Agreement means no protected health information (PHI) — regardless of how good the vendor’s general security posture is.
We classify Midjourney as Limited for a typical 50–500 person company. Generations are publicly visible by default unless you pay for Stealth Mode, and there is no enterprise governance surface. Your own classification should reflect your industry, data types, and which plan/account type your company actually uses.
A 4-document AI policy kit — acceptable use policy, tool tier list, acknowledgment form, manager FAQ — that classifies Midjourney and 24+ other tools for your company, industry, and data. Generated in about 10 minutes.
Generate my policy kit →We re-check vendor terms monthly and alert you when Midjourney’s data policy changes — plus regenerate your whole kit so it never goes stale. This directory is a snapshot — Monitor is the live feed.
See Monitor plan →Already have an AI policy? Check it for gaps in 30 seconds →