What can I do about this clause?

{'method': 'EMAIL', 'recipient': 'privacy@glean.com', 'difficulty': 'MODERATE', 'action_type': 'DELETE_DATA', 'instructions': 'Contact privacy@glean.com to request information about how long your personal data is retained and to request deletion. If you are an employer, negotiate specific retention and deletion terms in your Data Processing Agreement with Glean.', 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'The FTC considers failure to honor stated data retention and deletion practices a deceptive trade practice under Section 5 of the FTC Act.', 'complaint_url': 'https://reportfraud.ftc.gov/'}

What is the severity of this clause?

ConductAtlas classifies this Data Retention Policy clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Do other platforms have similar clauses?

Yes. ConductAtlas has identified similar Data Retention Policy clauses across approximately 64 other tracked platforms. You can compare how platforms differ on this clause type in the cross-platform comparison view.

Data Retention Policy — Glean

Share 𝕏 Share in Share 🔒 PDF

What it is

Glean keeps your data for as long as needed to run its services, and when acting for your employer, it keeps data based on what your employer instructs.

Consumer impact (what this means for users)

Glean does not specify fixed retention periods for most data categories, meaning your workplace activity data could be retained indefinitely unless your employer has negotiated specific deletion timelines in the contract.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Delete Your Data

Contact privacy@glean.com to request information about how long your personal data is retained and to request deletion. If you are an employer, negotiate specific retention and deletion terms in your Data Processing Agreement with Glean.

Cross-platform context

See how other platforms handle Data Retention Policy and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Vague retention language ('as long as necessary') without specific timeframes creates difficulty for enterprise customers in meeting GDPR data minimization and storage limitation requirements, and employees have no direct visibility into how long their data is kept.

View original clause language

We retain personal data for as long as necessary to provide our services, comply with our legal obligations, resolve disputes, and enforce our agreements. When we process personal data as a processor on behalf of business customers, we retain personal data in accordance with the customer's instructions and our Data Processing Agreement.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: GDPR Article 5(1)(e) storage limitation principle requires personal data to be kept no longer than necessary for the purpose; Article 13(2)(a) requires disclosure of retention periods or criteria. CCPA does not mandate specific retention periods but requires disclosure of retention practices in the privacy policy. UK GDPR and nFADP impose equivalent storage limitation requirements. Failure to specify retention periods in a privacy policy is a recognized compliance gap cited by the ICO and EU DPAs.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

FTC

The FTC considers failure to honor stated data retention and deletion practices a deceptive trade practice under Section 5 of the FTC Act.
File a complaint →

Provision details

Document information

Document

Glean Privacy Policy

Entity

Glean

Document last updated

April 29, 2026

Tracking information

First tracked

April 30, 2026

Last verified

April 30, 2026

Record ID

CA-P-004387

Document ID

CA-D-00505

Evidence Provenance

Source URL

https://www.glean.com/privacy-policy

Wayback Machine

View archived versions →

SHA-256

bf35161360eff21ce3dcd83598198afb291214ea440a7d5ff199884f65aef203

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Glean | Document: Glean Privacy Policy | Record: CA-P-004387
Captured: 2026-04-30 09:15:11 UTC | SHA-256: bf35161360eff21c…
URL: https://conductatlas.com/platform/glean/glean-privacy-policy/data-retention-policy/
Accessed: May 2, 2026

Classification

Severity

Medium

Data Retention Policy