Notion
· Notion Privacy Policy
The retention provision uses open-ended language ('as long as we reasonably need it') without specifying retention periods for different data categories, which creates uncertainty about how long specific types of data such as usage logs, deleted content, or account information are held.
This provision establishes an open-ended retention standard tied to service purposes and legal requirements rather than fixed timeframes. Under GDPR, the absence of specific retention periods for each data category may present compliance exposure, as the regulation requires personal data to be kept in a form that permits identification no longer than necessary for the stated purpose.
The policy does not specify fixed retention periods for different categories of data, which under GDPR requires that retention periods or criteria be communicated to users; the absence of specific timeframes creates ambiguity about how long learning and behavioral data is retained.
This provision establishes a purpose-based and legally required retention framework without specifying concrete retention periods for any category of personal data. The absence of defined retention timelines may complicate data subject deletion requests and may require evaluation under GDPR's storage limitation principle, which requires that data not be kept longer than necessary.
The provision operationalizes Snapchat's data lifecycle management by defining automatic deletion schedules for ephemeral content while carving out exceptions for legally-required or operationally-necessary retention. This structure allocates data stewardship responsibilities between the platform and users.
This provision establishes the framework under which OpenSea holds user data after account closure or inactivity, with retention periods tied to legal obligations and business purposes rather than fixed timeframes, which affects the practical scope of deletion requests.
The policy does not specify fixed retention periods for different categories of personal data, stating instead that retention continues as long as necessary for service provision or legal compliance, which means the practical duration of data retention for specific data types is not disclosed to users.
OpenAI
· OpenAI Privacy Policy
The policy does not specify fixed retention periods for individual data categories, which means the duration for which conversation content, uploaded files, and account data may be retained is not precisely defined for users.
The absence of specific retention periods makes it difficult for users to know how long their prompts, images, and account data are stored, and creates compliance ambiguity under GDPR's data minimization and storage limitation principles.
Without specific retention periods stated in the policy, users cannot easily determine how long their prompt data, account information, or behavioral data will be stored, which limits their ability to manage their own data lifecycle.
Canva
· Canva Privacy Policy
The policy does not specify defined retention periods for particular data categories, which is relevant to GDPR's data minimization and storage limitation principles and may be a point of inquiry for compliance teams or data subject rights requests.
Open-ended retention language means your data could be kept indefinitely for broad purposes including legal defense, which may conflict with data minimization principles under GDPR and similar frameworks.
Writer
· Writer Privacy Policy
The policy does not specify exact retention periods for each data category, meaning users cannot easily determine how long their content and account data will be held.
Affirm
· Affirm Privacy Policy
An open-ended retention standard without specific timelines means your financial and behavioral data may be retained indefinitely unless you affirmatively request deletion.
The absence of specific retention periods for most data categories means Betterment retains broad discretion over how long it holds your sensitive financial information, including after you close your account.
This provision establishes a purpose-based retention framework without specifying fixed retention periods for different data categories, which may affect compliance with GDPR storage limitation requirements and user ability to predict how long their data is held.
Without specific retention timeframes, it is difficult to know how long your data will be held, and the open-ended criteria could mean data is retained for extended periods beyond what users might reasonably expect.
Acorns
· Acorns Privacy Policy
The retention standard stated in this provision is broadly defined by reference to service necessity, legal obligations, dispute resolution, and agreement enforcement, without specifying maximum retention periods for particular data categories, which may create compliance ambiguity under regulations that impose specific retention period requirements or data minimization obligations.
The policy does not specify fixed retention periods for individual data categories, instead relying on purpose-based retention criteria; this approach is consistent with GDPR storage limitation principles but may limit users' ability to predict when their data will be deleted.
The policy does not specify fixed retention periods for individual data categories, instead relying on a purpose-based standard, which may make it difficult for consumers to know how long their data is held and may require evaluation under state laws that mandate retention period disclosures.
The clause defines the retention standard as tied to business necessity and legal compliance rather than specifying fixed retention periods, meaning data persistence duration depends on the company's assessment of ongoing legitimate needs.
The absence of specific retention periods for most data categories means consumers have limited visibility into how long their purchase history, location data, and behavioral profiles are kept, which affects the practical scope of deletion rights.
Brex
· Brex Privacy Policy
Open-ended retention tied to legal and regulatory obligations is common in financial services, but it means your data may be held for extended periods beyond your active use of Brex products.
Without defined retention periods for specific data types, personal data including browsing history, location, and health metrics may be retained for extended and undefined periods, which limits consumer ability to predict when their data will be deleted.
Chime
· Chime Privacy Policy
A deletion request may not result in complete removal of your data if Chime determines it has legal or business reasons to retain certain records, which is a standard but important limitation on the right to deletion.
The absence of specific data retention periods in the main policy text means users may not know how long their behavioral, communications, or account data is retained, which is relevant to both privacy risk and the exercise of deletion rights.
Data retention and security policies establish the operational framework governing how long personal data remains in Walmart's systems and what technical and administrative controls apply to that data during the retention period.
Rumble
· Rumble Privacy Policy
How long your data is kept and where it is stored affects your ability to exercise deletion rights and the risk that your information could be exposed in a data breach.
The absence of specific retention periods for most data categories means your personal information may be retained indefinitely for broadly stated business purposes, which may be difficult to challenge or verify.
Twitch
· Twitch Privacy Notice
Without specific retention periods disclosed, users cannot know how long their data, including sensitive information like billing details and chat history, is held by Twitch.