Waze
· Waze Privacy Policy
This provision asserts a purpose-based retention standard without specifying concrete retention periods for particular data types such as location history or driving behavior records, which limits users' ability to assess how long their data is held.
Steam
· Steam Privacy Policy
The policy does not specify fixed retention periods for most data categories, meaning your data may be retained for extended periods based on Valve's internal assessments of operational and legal necessity.
The policy does not specify defined retention periods for most categories of personal data, instead relying on a purpose-based standard; this approach may require evaluation under GDPR's storage limitation principle and equivalent requirements in other jurisdictions.
Writer
· Writer Privacy Policy
The policy does not specify exact retention periods for each data category, meaning users cannot easily determine how long their content and account data will be held.
The absence of specific retention periods makes it difficult for users to know how long their data is held, and GDPR requires organizations to define and communicate retention periods with greater specificity than this clause provides.
Square
· Square Privacy Notice
Open-ended retention language means your data could be held indefinitely under broad regulatory compliance justifications, limiting the practical effectiveness of deletion requests.
Retention periods for financial and identity data are often long due to regulatory requirements in the payments sector, and understanding how long data is held affects the practical utility of deletion requests.
Cohere
· Cohere Privacy Policy
The absence of specific retention periods means personal data including submitted inputs, account data, and usage data may be retained indefinitely as long as the account is active or legal obligations require it, without a fixed deletion timeline.
The policy does not specify fixed retention periods for different categories of personal data, stating instead that retention continues as long as necessary for service provision or legal compliance, which means the practical duration of data retention for specific data types is not disclosed to users.
This provision establishes an open-ended retention standard tied to service purposes and legal requirements rather than fixed timeframes. Under GDPR, the absence of specific retention periods for each data category may present compliance exposure, as the regulation requires personal data to be kept in a form that permits identification no longer than necessary for the stated purpose.
The absence of specific retention periods makes it difficult for users to know how long their prompts, images, and account data are stored, and creates compliance ambiguity under GDPR's data minimization and storage limitation principles.
Slack
· Slack Privacy Policy
This provision establishes the operational framework for data retention lifecycle management, distinguishing between Customer Data (subject to customer-directed retention controls) and Other Information (retained under Slack's discretionary criteria). The provision clarifies that retention obligations are conditioned on both contractual terms and applicable law, and that control mechanisms vary by service tier.
The absence of specific retention periods for most data categories means consumers have limited visibility into how long their purchase history, location data, and behavioral profiles are kept, which affects the practical scope of deletion rights.
Because retention periods vary significantly by data type and product and are not fixed, users cannot determine with certainty how long specific categories of their personal data will be held by Microsoft.
The absence of specific retention periods means your personal data, including purchase history and financial information, may be held indefinitely under broad business or legal justifications.
Knowing how long Afterpay retains your financial transaction history, account data, and behavioral information matters because longer retention periods mean your data remains available for use, sharing, or potential breach exposure for extended periods.
The clause defines the retention standard as tied to business necessity and legal compliance rather than specifying fixed retention periods, meaning data persistence duration depends on the company's assessment of ongoing legitimate needs.
The policy does not specify fixed retention periods for individual data categories, instead relying on purpose-based retention criteria; this approach is consistent with GDPR storage limitation principles but may limit users' ability to predict when their data will be deleted.
Gusto
· Gusto Privacy Policy
Without specific retention periods disclosed for sensitive data categories like SSNs and bank account information, users cannot easily assess how long their most sensitive data remains in Gusto's systems.
Canva
· Canva Privacy Policy
The policy does not specify defined retention periods for particular data categories, which is relevant to GDPR's data minimization and storage limitation principles and may be a point of inquiry for compliance teams or data subject rights requests.
Okta
· Okta Privacy Policy
The absence of specific, published retention periods for different data categories may make it harder for individuals to understand how long their data is held and may create compliance questions under GDPR's data minimization and storage limitation principles.
Acorns
· Acorns Privacy Policy
The retention standard stated in this provision is broadly defined by reference to service necessity, legal obligations, dispute resolution, and agreement enforcement, without specifying maximum retention periods for particular data categories, which may create compliance ambiguity under regulations that impose specific retention period requirements or data minimization obligations.
Egnyte
· Egnyte Privacy Policy
Open-ended retention language based on business necessity rather than fixed timeframes can mean personal data is held for extended periods, which affects deletion rights and security exposure.
Without specific retention timeframes, it is difficult to know how long your data will be held, and the open-ended criteria could mean data is retained for extended periods beyond what users might reasonably expect.
Figma
· Figma Privacy Policy
The retention standard of 'as long as necessary' is broad and gives Figma significant discretion over how long your data, including design file content, is kept after you stop using the service.
This provision establishes a purpose-based retention framework without specifying fixed retention periods for different data categories, which may affect compliance with GDPR storage limitation requirements and user ability to predict how long their data is held.
This provision establishes a purpose-based and legally required retention framework without specifying concrete retention periods for any category of personal data. The absence of defined retention timelines may complicate data subject deletion requests and may require evaluation under GDPR's storage limitation principle, which requires that data not be kept longer than necessary.
This provision establishes the framework under which OpenSea holds user data after account closure or inactivity, with retention periods tied to legal obligations and business purposes rather than fixed timeframes, which affects the practical scope of deletion requests.
The absence of specific retention periods for most data categories means Betterment retains broad discretion over how long it holds your sensitive financial information, including after you close your account.
The clause defines the operational framework governing data lifecycle management, establishing both the primary retention period (service delivery and policy purposes) and extended retention categories (legal and regulatory obligations). This structure creates distinct retention pathways based on regulatory status and business necessity rather than user discretion.