The policy states that Uber retains personal data as long as necessary for stated service purposes and legal obligations, and will delete data upon request unless retention is required for legal, regulatory, safety, or fraud prevention purposes, with Uber determining the applicability of those exceptions.
This analysis describes what Uber's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes that Uber retains discretion to determine the duration and scope of data retention and to decline deletion requests based on broadly stated exceptions including safety and fraud prevention, which are categories not limited to specific statutory retention obligations.
Interpretive note: The policy does not specify retention periods by data category or enumerate the precise scope of the safety and fraud prevention exceptions, creating ambiguity about when deletion requests will be honored.
Under this clause, Uber retains personal data for self-determined durations across service and legal purposes, and deletion requests may be declined where Uber determines that safety, fraud prevention, legal, or regulatory grounds apply. Users can submit deletion requests through the Uber app or privacy.uber.com, but the outcome depends on Uber's assessment of applicable exceptions.
How other platforms handle this
We retain personal information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. The specific retention periods depend on the type of information and the purposes for which it is processed.
We keep information for as long as we need it to provide our products, comply with legal obligations, or for other legitimate purposes, such as to maintain safety, security, and integrity.
After your account is deleted, we keep data about interactions you've had on our service to prevent abuse, ban evaders and others in an effort to protect and ensure the safety and security of our service and our members.
Monitoring
Uber has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Uber retains user data for as long as necessary for the purposes described above, including to provide its services and comply with legal obligations. Users may request deletion of their data at any time. Following a deletion request, Uber deletes data unless it must be retained due to legal, regulatory, safety, fraud prevention, or other grounds consistent with applicable law.— Excerpt from Uber's Uber Privacy Notice
1. REGULATORY LANDSCAPE: GDPR Article 17 establishes a right to erasure subject to specified exceptions including legal obligation compliance and public interest grounds; the policy's safety and fraud prevention exceptions should be assessed against whether they constitute recognized GDPR Article 17(3) carve-outs. CCPA and CPRA establish a right to deletion with enumerated exceptions that include security, fraud detection, and legal obligation compliance. The breadth of the policy's stated exceptions may require evaluation against the specific enumerated exceptions in applicable statutes. 2. GOVERNANCE EXPOSURE: Medium. The policy's retention framework relies on broadly stated functional categories rather than specific retention periods tied to data type or purpose, which may create compliance gaps under GDPR's storage limitation principle and documentation requirements under Article 30 Records of Processing Activities. 3. JURISDICTION FLAGS: EU and UK users have the strongest rights to challenge retention practices under GDPR's storage limitation and data minimization principles. California residents have CPRA-defined deletion rights with enumerated exceptions. Emerging state privacy laws in Virginia, Colorado, and Connecticut impose analogous deletion rights. 4. CONTRACT AND VENDOR IMPLICATIONS: The policy's retention discretion provisions should be assessed against Uber's downstream data processor agreements to confirm that vendor contracts impose consistent retention and deletion obligations, preventing retention of user data at the processor level after deletion from Uber's primary systems. 5. COMPLIANCE CONSIDERATIONS: Compliance teams should evaluate whether Uber maintains documented retention schedules by data category that satisfy GDPR Article 30 requirements. The practical response rate and timeline for deletion requests, and the proportion declined on exception grounds, represents a material compliance monitoring area. EU and UK data protection impact assessments should address the safety and fraud prevention retention exception scope.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes that Uber retains discretion to determine the duration and scope of data retention and to decline deletion requests based on broadly stated exceptions including safety and fraud prevention, which are categories not limited to specific statutory retention obligations.
Under this clause, Uber retains personal data for self-determined durations across service and legal purposes, and deletion requests may be declined where Uber determines that safety, fraud prevention, legal, or regulatory grounds apply. Users can submit deletion requests through the Uber app or privacy.uber.com, but the outcome depends on Uber's assessment of applicable exceptions.
ConductAtlas has identified this type of provision across 2 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Uber.