Databricks · Databricks Privacy Notice

Data Retention Policy

Medium severity
Share 𝕏 Share in Share 🔒 PDF

What it is

Databricks keeps your personal data for as long as they think they need it for their purposes or legal obligations, without specifying exact timeframes for different types of data.

Consumer impact (what this means for users)

Databricks does not commit to specific retention periods for different categories of personal data, meaning your contact details, behavioral data, and other personal information could be held for extended periods; EU/UK residents can submit a deletion request to accelerate data removal by contacting privacy@databricks.com.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Email privacy@databricks.com requesting deletion of your personal data and specifying the categories of data you want removed. Databricks must respond within 45 days (CCPA) or one month (GDPR).

Cross-platform context

See how other platforms handle Data Retention Policy and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Vague retention periods mean your data could be kept indefinitely — EU users have the right to ask for deletion, and the absence of specific timeframes is a potential compliance weakness under GDPR.

View original clause language
We will retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: Data retention is governed by GDPR Art. 5(1)(e) (storage limitation principle — data must not be kept longer than necessary), Art. 13(2)(a) and Art. 14(2)(a) (requirement to provide retention periods or criteria at collection), CCPA/CPRA §1798.100(a)(3) (right to know retention periods), and UK GDPR equivalent provisions. EDPB Guidelines on data minimisation and storage limitation apply. Enforced by EU DPAs and UK ICO.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    FTC Act Section 5 applies to deceptive or inadequate disclosures about data retention practices that mislead consumers about how long their data is kept
    File a complaint →

Provision details

Document information
Document
Databricks Privacy Notice
Entity
Databricks
Document last updated
April 29, 2026
Tracking information
First tracked
April 30, 2026
Last verified
April 30, 2026
Record ID
CA-P-004412
Document ID
CA-D-00458
Evidence Provenance
Source URL
https://www.databricks.com/legal/privacynotice
Wayback Machine
View archived versions →
SHA-256
c2601098042d922e6c540b44624976b336394366f0003fd04e5ca853cfbadda2
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Databricks | Document: Databricks Privacy Notice | Record: CA-P-004412
Captured: 2026-04-30 10:03:00 UTC | SHA-256: c2601098042d922e…
URL: https://conductatlas.com/platform/databricks/databricks-privacy-notice/data-retention-policy/
Accessed: May 2, 2026
Classification
Severity
Medium
Categories
Unknown

Other provisions in this document