Without specific retention periods, users cannot know how long their data is kept after they stop using the service, and the 'legitimate business interests' basis could support extended retention.
The absence of specific retention periods means your data could be retained indefinitely as long as any of the broadly stated purposes apply, including enforcing agreements, which provides limited clarity for users seeking to understand when their data will be deleted.
The retention period is not specified with precision, meaning data could be held for extended periods without a defined endpoint tied to your specific relationship with Amplitude.
There is no fixed maximum retention period stated in the policy, meaning some categories of financial and personal data could be held for extended periods tied to legal and regulatory timelines.
Without specific retention periods stated, it is difficult for individuals to know how long their data will be held or to anticipate when deletion might occur without a formal request.
Microsoft
· Microsoft Privacy Statement (Legacy)
The statement does not commit to specific retention periods across all data types or products, meaning that some categories of personal data may be retained for extended periods depending on the service and legal context involved.
The policy does not specify concrete retention periods for different categories of data, meaning users cannot easily determine how long their uploaded content, conversations, or account data will be held.
The notice does not specify concrete retention periods for most data categories, which means the duration Zendesk holds your data is determined by Zendesk's internal policies and legal obligations rather than fixed timelines disclosed to users.
The clause defines the operational scope and duration of data retention by establishing three retention triggers: service delivery, legal obligation, and dispute/enforcement purposes. This framework determines how long personal data remains in active systems and what post-retention procedures apply.
Uber
· Uber Privacy Notice
The absence of specific retention timelines for most data categories, including location history and trip records, means personal data may be retained for extended periods beyond the active service relationship, subject to Uber's internal determination of necessity.
Notion
· Notion Privacy Policy
This provision establishes the operational framework governing Notion's data lifecycle management and defines the triggering events for data deletion. The retention standard tied to stated purposes and legal obligations creates a dual-track approach where deletion occurs upon account termination unless legal mandates require continued retention.
Hulu
· Hulu Privacy Policy
The absence of specific retention periods means your data may be held indefinitely under broadly defined business or legal purposes, which is a common but notable practice that limits your practical ability to know when your data will be deleted.
Garmin
· Garmin Privacy Statement
Open-ended retention tied to account activity means your health and location data may be held indefinitely if you remain a Garmin user, and some data may persist even after account deletion due to legal hold or dispute resolution exceptions.
The retention requirement reflects Betterment's obligation to comply with federal recordkeeping standards that mandate preservation of customer financial records. This practice affects the company's data management operations and establishes the baseline duration for which customer information remains in the company's systems.
Indefinite or lengthy data retention means that detailed records of your viewing habits, payment history, and account activity may be stored by Paramount+ for years after you stop using the service.
Microsoft
· Microsoft Privacy Statement (Legacy)
The provision establishes a variable retention framework rather than fixed deletion schedules, meaning data retention periods are determined by operational necessity and legal obligation rather than automatic time-based erasure, creating differentiated retention obligations across product categories and data classifications.
The retention period is defined broadly by reference to legal obligations and dispute resolution rather than a fixed timeframe, meaning sensitive financial and identity data may be retained for extended periods depending on applicable regulatory requirements.
Retention periods determine how long your personal information remains in Delta's systems and available for use or potential disclosure; the lack of specific timeframes in the main policy and reliance on a separate notice reduces transparency.
Data retention periods affect how long your behavioral profile persists in Google's systems, which matters both for privacy and for how long historical data can inform ad targeting or be subject to legal process.
Visa
· Visa Privacy Notice
The absence of specific retention periods makes it difficult for consumers to know how long their data is held and may conflict with GDPR's data minimization and storage limitation principles.
Zillow
· Zillow Privacy Notice
Retention period disclosures are required under CCPA/CPRA and are relevant to consumer deletion rights; indefinite or purpose-based retention policies without specific timeframes may be subject to regulatory scrutiny in jurisdictions requiring retention limitation disclosures.
The provision operationalizes Delta's data sharing practices by notifying customers of partner relationships and establishing a framework for customers to exercise control over privacy settings, thereby creating a documented mechanism for transparency and user management of data sharing.
Rumble
· Rumble Privacy Policy
This provision establishes Rumble's stated security posture and its limitation of representations regarding data security outcomes; the 'reasonable measures' standard is the operative benchmark for FTC enforcement purposes and is consistent with broadly observed industry practice.
This provision discloses Coursera's security posture using a standard industry disclaimer that appropriate measures are in place but absolute security cannot be guaranteed. The document does not specify the particular security standards, certifications, or frameworks used, which limits third-party assessment of adequacy.
Nintendo's qualified security assurance means that in the event of a data breach, the company's contractual exposure may be limited by this disclaimer, and users should understand that no absolute security guarantee is made for payment card data, account credentials, or gameplay records.
Fastly
· Fastly Privacy Policy
Personal data can transfer to a third party whose privacy practices may differ from Fastly's without you receiving prior individual notice or having a right to object, which is a common but material provision in corporate data flows.
This clause establishes the operational mechanism by which user data may be transferred to acquiring entities or transaction counterparties. It clarifies that information sharing during corporate restructuring events is within the scope of authorized data practices under the privacy policy.
This provision establishes the operational framework under which user data may be transferred to successor entities or acquirers during corporate restructuring events. It clarifies that information collected under the privacy policy may be treated as a transferable business asset subject to the same privacy obligations.
In a business acquisition or merger, your personal data could be transferred to a new company with different privacy practices, and you may not receive advance notice or have an opportunity to opt out before the transfer occurs.
Uber
· Uber Privacy Notice
Data sharing with service providers is operationally necessary for Uber to execute ride and delivery transactions. The provision specifies which data categories are transmitted to which parties, establishing the scope of third-party access required for service delivery.