What can I do about this clause?

{'method': 'EMAIL', 'recipient': 'privacy@stability.ai', 'difficulty': 'MODERATE', 'action_type': 'DELETE_DATA', 'instructions': 'Email privacy@stability.ai to request information about how long your specific personal data is retained and to request deletion of data that is no longer necessary for the original purpose of collection.', 'deadline_days': 30, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'The FTC can act under Section 5 where vague data retention practices constitute unfair or deceptive treatment of consumers, particularly if retention is longer than represented.', 'complaint_url': 'https://reportfraud.ftc.gov/'}

What is the severity of this clause?

ConductAtlas classifies this Data Retention clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Do other platforms have similar clauses?

Yes. ConductAtlas has identified similar Data Retention clauses across approximately 39 other tracked platforms. You can compare how platforms differ on this clause type in the cross-platform comparison view.

Data Retention — Stability AI

Share 𝕏 Share in Share 🔒 PDF

What it is

Stability AI keeps your personal data for as long as it decides is necessary, without specifying concrete retention periods for different data types.

Consumer impact (what this means for users)

Stability AI does not specify fixed retention periods for different categories of personal data, meaning your account information, usage data, and submitted content could be retained for an indeterminate period based solely on the company's assessment of necessity.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Delete Your Data
Within 30 days
Email privacy@stability.ai to request information about how long your specific personal data is retained and to request deletion of data that is no longer necessary for the original purpose of collection.

Cross-platform context

See how other platforms handle Data Retention and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Vague retention language means your data could be held indefinitely without clear limits, which is a known area of regulatory scrutiny under GDPR's storage limitation principle.

View original clause language

We will retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: GDPR Art. 5(1)(e) requires data to be kept in a form permitting identification for no longer than necessary — the 'storage limitation' principle. GDPR Art. 13(2)(a) requires disclosure of retention periods or the criteria used to determine them. UK GDPR and ICO guidance similarly require specific or criteria-based retention disclosures. California CPRA §1798.100(a)(5) grants consumers the right to know retention periods for each category of personal information.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

FTC

The FTC can act under Section 5 where vague data retention practices constitute unfair or deceptive treatment of consumers, particularly if retention is longer than represented.
File a complaint →

Provision details

Document information

Document

Stability AI Privacy Policy

Entity

Stability AI

Document last updated

April 29, 2026

Tracking information

First tracked

April 28, 2026

Last verified

April 28, 2026

Record ID

CA-P-003730

Document ID

CA-D-00330

Evidence Provenance

Source URL

https://stability.ai/privacy-policy

Wayback Machine

View archived versions →

SHA-256

ab8463c1a698bccc246c55dd2af2b3ea094ea7c70c2ca61b926c6b9eac014966

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Stability AI | Document: Stability AI Privacy Policy | Record: CA-P-003730
Captured: 2026-04-28 05:31:08 UTC | SHA-256: ab8463c1a698bccc…
URL: https://conductatlas.com/platform/stability-ai/stability-ai-privacy-policy/data-retention/
Accessed: May 2, 2026

Classification

Severity

Medium

Data Retention