The absence of specific retention periods for categories such as code snippet data, telemetry, and account information means users and enterprise customers cannot determine from the policy alone when their data will be deleted. GDPR's data minimization and storage limitation principles require that retention periods be defined and justified.
Lime
· Lime Privacy Policy
Without a specified maximum retention period, your location history, trip records, and account data may be retained indefinitely, which has implications for both privacy risk and your rights to have data deleted.
Open-ended retention criteria mean personal data may be kept for extended periods, and users cannot easily predict when their data will be deleted without submitting a specific deletion request.
BeReal
· BeReal Privacy Policy
The absence of specific retention timelines for categories of data such as dual-camera imagery and location data makes it difficult for users to know exactly how long their most sensitive information is held.
ADP
· ADP Privacy Statement
Without specific retention timelines for each data category, it is difficult for individuals or employers to predict when their data will be deleted, which affects the practical ability to enforce deletion rights.
Chegg
· Chegg Privacy Policy
The absence of specific retention periods means Chegg may hold your personal data indefinitely under broad justifications, limiting users' ability to predict when their data will be deleted.
Deleting your account does not immediately erase all of your data; Dropbox retains information for legal compliance, dispute resolution, and contract enforcement purposes for unspecified additional periods.
The absence of specified retention periods for distinct data categories, including query content, voice audio, and conversation history, creates uncertainty for compliance assessments and may engage GDPR storage limitation requirements, which mandate that personal data not be retained longer than necessary for the specified purpose.
GitHub
· GitHub Privacy Statement
The policy does not specify retention periods for individual data categories, stating instead that retention is based on necessity and legal obligation; this means users cannot determine from this document alone how long specific types of data will be held.
Open-ended retention language tied to broad purposes like service improvement and AI training means personal data, including conversation history, could be retained for extended and indeterminate periods.
The policy does not specify fixed retention periods for different data categories, meaning personal data and submitted content could be retained for extended periods unless you actively request deletion.
This provision establishes a purpose-based retention standard without specifying defined retention timelines for different categories of personal data, which may present disclosure adequacy considerations under GDPR's data minimization and storage limitation principles.
Open-ended retention language means your data, including document content, may be retained for extended periods beyond the immediate transaction, and the specific retention periods are not detailed in the public notice.
Open-ended retention language tied to business necessity can mean data is kept for extended periods; users who close their accounts should confirm deletion of sensitive data including avatar likeness and voice recordings.
The absence of specific retention timelines in the general notice means consumers cannot easily determine how long their purchase history, location data, or biometric identifiers will be retained, which is relevant to the practical effectiveness of deletion rights.
Without defined retention periods for specific data categories, users and enterprise customers cannot easily assess how long their submitted content, usage data, or account information will be stored.
This provision does not specify retention periods for individual data categories, including conversation history and voice data, which creates compliance uncertainty under GDPR's data minimization and storage limitation principles and under state privacy laws requiring disclosure of retention practices.
The litigation hold carve-out means Squarespace may retain your data beyond the period you would expect or request deletion, and the retention periods are not specified with defined timeframes.
The absence of specific retention periods in the public policy makes it difficult for users to know how long their IP addresses, usage logs, and account data are stored, which is relevant to understanding the scope of potential data exposure.
Open-ended retention language means your data could be kept indefinitely without a clear endpoint, which affects both your privacy expectations and your ability to request deletion.
This provision establishes a principles-based rather than fixed-period retention framework, which may require evaluation under GDPR data minimization and storage limitation principles where specific retention schedules are expected by supervisory authorities.
Fly.io
· Fly.io Privacy Policy
Open-ended retention language means your personal data may be held indefinitely unless you actively request deletion, and the criteria for determining retention length are not defined with precision.
The retention period is not precisely defined, which means your health and fitness data could be held for an extended and uncertain duration even after you stop using or delete your account.
Miro
· Miro Privacy Policy
If Miro retains your data for extended periods after account closure or inactivity, your information may remain in Miro systems longer than you would expect. Users who close accounts should consider submitting a deletion request to ensure timely removal.
Indefinite or open-ended retention tied to broad purposes like 'enforce our agreements' or 'resolve disputes' means data may be retained for longer than users might expect, and specific deletion timelines are not guaranteed.
The absence of specific retention periods means personal data may be retained for an indeterminate period after you stop using the service, until you actively request deletion or your account is closed.
Fiverr
· Fiverr Privacy Policy
Retention periods are not specified with precision, meaning Fiverr may retain your personal data for extended periods after you stop using the service, including for unspecified legal obligation and dispute resolution purposes.
Retention periods determine how long your personal data exists in CoreWeave's systems, affecting both your privacy and the company's obligation to delete data upon request.
Grindr
· Grindr Privacy Policy
Open-ended retention periods for sensitive data including health information, sexual orientation, and location mean your most private information could be held indefinitely, increasing the risk of breach or misuse over time.
Zoom
· Zoom Privacy Statement
The absence of specific retention period commitments for most data categories in the statement means users and enterprises cannot determine from this document alone how long meeting recordings, transcripts, or usage data are retained. This is relevant for compliance teams conducting data minimization assessments.