The policy states that Meta retains user data for as long as necessary to provide services, meet legal obligations, or fulfill stated legitimate purposes including safety and security, without specifying fixed retention periods for most data categories.
This analysis describes what Threads's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes that data retention timelines are determined by Meta based on operational and legal necessity criteria rather than fixed periods disclosed to users, which has implications for the operability of deletion requests and data minimization compliance under GDPR and CCPA/CPRA.
Interpretive note: The policy does not specify retention periods for individual data categories, making it difficult to assess the full operational scope of this provision without additional Meta documentation.
The updated policy no longer explicitly discloses that user interactions with AI systems will be used to improve Meta's AI, nor does it describe how data is shared or collected in specific detail. Previously, the policy offered a 24/7 AI support assistant and clear pathways to manage or delete account data; these references are now absent. The removal of these disclosures does not necessarily mean the practices have stopped, but users no longer have explicit written confirmation of these features or data uses within the published policy.
View change record →The updated policy establishes that interactions with Meta's AI assistant will be used to improve Meta's AI systems. The policy states that by using the service, users agree to Meta's AI terms. Previously, the policy did not explicitly disclose this use of conversational data for AI training purposes. This means user conversations with the AI support assistant are now expressly authorized for use in improving Meta's broader AI infrastructure.
View change record →The updated policy narrows the terms users explicitly agree to by using the service from a three-part agreement (Meta Terms, AI terms, and Privacy Policy) to AI terms only. The policy now explicitly discloses that interactions with AIs will be used to improve AI at Meta. This means continued use of the service constitutes acceptance of this narrower agreement scope and explicit participation in AI training data use. You should review Meta's AI terms directly to understand what they cover and what controls, if any, are available.
View change record →New provision establishing indefinite data retention based on company discretion rather than user control, which significantly impacts data deletion expectations.
View full change record →Under this clause, personal data collected on Threads may be retained for indeterminate periods based on Meta's assessment of service needs, legal obligations, and safety purposes. Users may submit deletion requests, but the policy's retention language means certain data may be preserved after a deletion request based on the criteria described.
How other platforms handle this
After your account is deleted, we keep data about interactions you've had on our service to prevent abuse, ban evaders and others in an effort to protect and ensure the safety and security of our service and our members.
We retain personal information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. The specific retention periods depend on the type of information and the purposes for which it is processed.
We retain your personal information for as long as necessary to provide our Services, comply with our legal obligations, resolve disputes, and enforce our agreements. Even after you close your account, we may retain certain information as required by law or for our legitimate business purposes.
Monitoring
Threads has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We keep information for as long as we need it to provide our products, comply with legal obligations, or for other legitimate purposes, such as to maintain safety, security, and integrity.— Excerpt from Threads's Threads Privacy Policy
1. REGULATORY LANDSCAPE: GDPR Article 5(1)(e) requires that personal data be kept in a form that permits identification for no longer than is necessary for the specified purpose (storage limitation principle). Vague retention language that relies on open-ended operational and legal necessity criteria may create tension with this principle and has been the subject of regulatory scrutiny in the EU. CCPA/CPRA requires disclosure of retention periods or the criteria used to determine them. 2. GOVERNANCE EXPOSURE: Medium. The absence of specific retention period disclosures for individual data categories is a noted gap in many large platform privacy policies and has been flagged by EU supervisory authorities. For organizations that rely on Meta platform data in their own data processing activities, this ambiguity complicates their own retention schedule alignment. 3. JURISDICTION FLAGS: EU/EEA supervisory authorities apply the storage limitation principle strictly, and data protection impact assessments for Threads-related processing should account for indefinite retention risk. California's CPRA requires disclosure of retention periods or the criteria used to determine them, and the absence of specific periods may attract CPPA scrutiny. 4. CONTRACT AND VENDOR IMPLICATIONS: Where Meta acts as a service provider or processor, its retention practices should be assessed against the data processing agreements in place. If Meta retains data beyond the period permitted by the service provider agreement, this may affect the classification of the relationship. 5. COMPLIANCE CONSIDERATIONS: Legal teams should document how Meta's retention practices interact with their own data lifecycle management and deletion obligations. Deletion request workflows should be tested to confirm that requests submitted via Meta's portal result in deletion consistent with the policy's stated criteria.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes that data retention timelines are determined by Meta based on operational and legal necessity criteria rather than fixed periods disclosed to users, which has implications for the operability of deletion requests and data minimization compliance under GDPR and CCPA/CPRA.
Under this clause, personal data collected on Threads may be retained for indeterminate periods based on Meta's assessment of service needs, legal obligations, and safety purposes. Users may submit deletion requests, but the policy's retention language means certain data may be preserved after a deletion request based on the criteria described.
ConductAtlas has identified this type of provision across 7 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Threads.