This analysis describes what Ledger's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes the operational framework for data retention duration, permitting extended retention periods when justified by legal compliance requirements or contractual enforcement needs, rather than restricting retention to a fixed timeframe.
The updated policy removes explicit language stating that Ledger Recover and Ledger Multisig services are excluded from this privacy policy. Previously, users were directed to separate privacy policies for those services; that direction is now absent. This creates ambiguity about whether this policy now covers those services or whether separate policies still apply. The dramatic reduction in policy length (from 224 to 36 sentences) suggests substantial content was removed, though the specific implications depend on what other sections were condensed or eliminated. You should review the full updated policy to confirm what data practices and service exclusions remain in effect for all Ledger services you use.
View change record →Ledger removed language explicitly stating that this privacy policy does not cover Ledger Recover and Ledger Multisig services, and eliminated references to dedicated privacy policies for those services. This creates ambiguity about whether those services are now governed by the main privacy policy or whether separate policies exist but are no longer disclosed in this document. If you use Ledger Recover or Ledger Multisig, you should review the privacy disclosures for those specific services directly, as it is no longer clear from the main privacy policy whether separate protections apply.
View change record →Users' personal data will be retained during active service use and for the specified purposes outlined in the policy, with retention extended where Ledger determines retention is necessary to meet legal obligations or enforce its agreements.
How other platforms handle this
We retain personal data for as long as needed to provide our services, comply with our legal obligations, resolve disputes, and enforce our policies. Retention periods will vary depending on the type of data and the purposes for which we use it.
Microsoft retains personal data for as long as necessary to provide the products and fulfill the transactions you have requested, or for other legitimate purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements. Because these needs can vary for differen...
We keep information as long as we need it to provide our products and services and fulfil the purposes described in this policy. This is a case-by-case determination that depends on things like the nature of the information, why it is collected and processed, relevant legal or operational retention ...
Monitoring
Ledger has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Ledger will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.— Excerpt from Ledger's Ledger Privacy Policy
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes the operational framework for data retention duration, permitting extended retention periods when justified by legal compliance requirements or contractual enforcement needs, rather than restricting retention to a fixed timeframe.
Users' personal data will be retained during active service use and for the specified purposes outlined in the policy, with retention extended where Ledger determines retention is necessary to meet legal obligations or enforce its agreements.
ConductAtlas has identified this type of provision across 67 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Ledger.