Samsung keeps your personal data for as long as needed to run its services, meet legal obligations, and satisfy reporting requirements, rather than specifying fixed deletion timelines.
This analysis describes what Samsung's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Without defined retention periods for specific data types, personal data including browsing history, location, and health metrics may be retained for extended and undefined periods, which limits consumer ability to predict when their data will be deleted.
Interpretive note: The policy does not specify retention periods by data category, and whether Samsung's retention disclosures satisfy CPRA's specific disclosure requirements is a matter of regulatory interpretation.
Samsung's policy does not commit to fixed deletion timelines for specific categories of personal data, meaning that sensitive data such as health metrics, location history, and behavioral profiles may be retained for as long as Samsung determines is necessary.
How other platforms handle this
Please note there are situations where Spotify is unable to delete your data, for example when: it's still necessary to process the data for the purpose we collected it for; we have an overriding interest in continuing to process the data, for example where we need the data to protect our services f...
When you delete your account, Roblox initiates permanent deletion of data in our systems. For safety and security purposes (e.g., bot prevention), Roblox may process persistent identifiers for up to two years after account deletion.
Some operating system developers, such as Apple, allow mobile application users to request deletion of accounts created within an application. If you request deletion of your account, State Farm may still retain your information for legal, auditing, regulatory and business purposes. Retention period...
Monitoring
Samsung has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We retain your personal information for as long as is necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your personal information, and whether we can achieve those purposes through other means.— Excerpt from Samsung's Samsung Privacy Policy
REGULATORY LANDSCAPE: CPRA requires that personal information be retained no longer than necessary for the disclosed purpose, and that retention periods be disclosed for each category of personal information. GDPR imposes a storage limitation principle requiring defined retention schedules. The FTC has cited indefinite or undefined retention periods as a component of unfair data practices in enforcement actions. GOVERNANCE EXPOSURE: Medium. The use of a necessity-based rather than time-based retention standard may be consistent with general U.S. practice but may not satisfy CPRA's specific retention disclosure requirements or GDPR's storage limitation principle for any users covered by those frameworks. JURISDICTION FLAGS: California CPRA regulations require that businesses disclose the retention period or criteria used to determine the retention period for each category of personal information in their privacy policy. If Samsung's retention disclosures do not specify periods by category, this may be a compliance gap for California. GDPR requires specific retention periods for EU users, addressed under Samsung's separate EU notice. CONTRACT AND VENDOR IMPLICATIONS: Service provider agreements should include contractual data retention limits and deletion schedules aligned with Samsung's disclosed practices. Audit rights over vendor data retention should be included in procurement contracts. COMPLIANCE CONSIDERATIONS: Legal teams should assess whether Samsung's privacy policy meets CPRA's retention disclosure requirements by category of personal information, and whether retention schedules for sensitive personal information such as health data, location, and biometric data have been documented and operationalized.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Without defined retention periods for specific data types, personal data including browsing history, location, and health metrics may be retained for extended and undefined periods, which limits consumer ability to predict when their data will be deleted.
Samsung's policy does not commit to fixed deletion timelines for specific categories of personal data, meaning that sensitive data such as health metrics, location history, and behavioral profiles may be retained for as long as Samsung determines is necessary.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Samsung.