The policy does not specify fixed retention periods for different data categories, meaning personal data and submitted content could be retained for extended periods unless you actively request deletion.
Fiverr
· Fiverr Privacy Policy
Retention periods are not specified with precision, meaning Fiverr may retain your personal data for extended periods after you stop using the service, including for unspecified legal obligation and dispute resolution purposes.
Without defined retention periods for specific data categories, users and enterprise customers cannot easily assess how long their submitted content, usage data, or account information will be stored.
The retention standard is tied to broadly stated purposes rather than specific time periods, which means the duration of data retention may vary and is not fixed to a defined schedule visible to users.
Indefinite or open-ended retention tied to broad purposes like 'enforce our agreements' or 'resolve disputes' means data may be retained for longer than users might expect, and specific deletion timelines are not guaranteed.
This provision establishes a purpose-based retention standard without specifying defined retention timelines for different categories of personal data, which may present disclosure adequacy considerations under GDPR's data minimization and storage limitation principles.
The absence of specific retention periods means personal data may be retained for an indeterminate period after you stop using the service, until you actively request deletion or your account is closed.
The absence of specific retention timelines in the general notice means consumers cannot easily determine how long their purchase history, location data, or biometric identifiers will be retained, which is relevant to the practical effectiveness of deletion rights.
This provision does not specify retention periods for individual data categories, including conversation history and voice data, which creates compliance uncertainty under GDPR's data minimization and storage limitation principles and under state privacy laws requiring disclosure of retention practices.
Open-ended retention periods tied to broadly defined purposes such as 'legal obligations' and 'enforcing agreements' may result in personal data being retained for extended periods without a clear maximum duration disclosed to consumers.
Open-ended retention language means your data, including document content, may be retained for extended periods beyond the immediate transaction, and the specific retention periods are not detailed in the public notice.
Open-ended retention language means your data could be kept indefinitely without a clear endpoint, which affects both your privacy expectations and your ability to request deletion.
The absence of specific retention periods in the public policy makes it difficult for users to know how long their IP addresses, usage logs, and account data are stored, which is relevant to understanding the scope of potential data exposure.
Intuit
· Intuit Privacy Statement
Open-ended retention language tied to legal obligations and dispute resolution means sensitive financial data, including tax records and government identifiers, could be retained for extended periods without a specific deletion deadline.
Udemy
· Udemy Privacy Policy
This provision establishes the temporal scope of Udemy's data processing activities and determines how long personal data including learning activity, payment records, and communications content remains subject to Udemy's use and sharing permissions.
The absence of specified retention periods for distinct data categories, including query content, voice audio, and conversation history, creates uncertainty for compliance assessments and may engage GDPR storage limitation requirements, which mandate that personal data not be retained longer than necessary for the specified purpose.
The litigation hold carve-out means Squarespace may retain your data beyond the period you would expect or request deletion, and the retention periods are not specified with defined timeframes.
Open-ended retention language tied to 'business needs' and 'legal obligations' without specific retention periods means consumers have limited visibility into how long sensitive data such as location records, call logs, and financial information is actually stored.
GitHub
· GitHub Privacy Statement
The policy does not specify retention periods for individual data categories, stating instead that retention is based on necessity and legal obligation; this means users cannot determine from this document alone how long specific types of data will be held.
The absence of fixed retention timelines means users cannot rely on a defined period after which their data will be deleted, and the scope of legitimate retention grounds is broad.
Klarna
· Klarna Privacy Policy
Your financial and personal data may be held by Klarna for an extended and unspecified period after you stop using the service, and the policy does not commit to specific maximum retention periods for most data categories.
The absence of defined retention periods for specific data types like authentication logs means Cisco may retain this data for an extended and indeterminate period, which is relevant to privacy rights and data minimization requirements.
The policy does not specify defined maximum retention periods for specific data categories, meaning personal data including account information, transaction records, and browsing data may be retained indefinitely for broad business purposes.
Deleting your account does not immediately erase all of your data; Dropbox retains information for legal compliance, dispute resolution, and contract enforcement purposes for unspecified additional periods.
Grindr
· Grindr Privacy Policy
Open-ended retention periods for sensitive data including health information, sexual orientation, and location mean your most private information could be held indefinitely, increasing the risk of breach or misuse over time.
The policy does not specify fixed retention periods for different categories of personal data, instead using purpose-based and legal-obligation criteria, which means users cannot determine from this document alone how long specific data types will be retained.
GOAT
· GOAT Privacy Policy
Open-ended retention periods mean your data could be held indefinitely under broad business justifications, with limited ability for users in most jurisdictions to compel deletion beyond what specific privacy rights provide.
The policy does not specify fixed retention periods for most data categories, relying instead on a reasonableness standard; data may persist after account closure for legal and enforcement purposes, meaning deletion of your account does not guarantee immediate or complete erasure of all personal data.
The absence of specific retention periods for categories such as code snippet data, telemetry, and account information means users and enterprise customers cannot determine from the policy alone when their data will be deleted. GDPR's data minimization and storage limitation principles require that retention periods be defined and justified.
The absence of specific retention periods for sensitive financial and identity data means Public may retain your SSN, trading history, and financial account information for an indeterminate period after you close your account.