The absence of specific retention periods means users cannot know how long their or their children's data is kept, and deletion requests are handled on a case-by-case basis rather than through an automated process.
Ford
· Ford Privacy Policy
An open-ended retention standard means Ford may retain your data including vehicle telematics, location history, and consumer profiles for extended periods unless you submit a deletion request.
Roblox
· Roblox Privacy Policy
The policy establishes a 45-day response window for deletion requests with an optional 45-day extension, which is relevant to both CCPA/CPRA (which sets a 45-day statutory response deadline) and GDPR (which requires response without undue delay and within one month with a possible two-month extension); the retention language is broadly stated and does not specify retention periods by data category.
Oura
· Oura Privacy Policy
This provision establishes that data deletion upon account closure is subject to carve-outs for legal obligation and protection of Oura's legal interests, the latter of which is a broad retention basis that is not further defined in the policy. Compliance teams should assess whether this carve-out is appropriately scoped and disclosed under applicable law.
Knowing how long Supabase retains your personal data and what security protections are in place is important for assessing your ongoing privacy exposure after you stop using the service.
Uber
· Uber Privacy Notice
This provision establishes that Uber retains discretion to determine the duration and scope of data retention and to decline deletion requests based on broadly stated exceptions including safety and fraud prevention, which are categories not limited to specific statutory retention obligations.
Plaid
· Plaid Terms of Use
This provision establishes that disconnecting an application through a partner interface does not automatically result in deletion of financial data from Plaid's systems, and that consumers must take an additional affirmative step through the Plaid portal to request data deletion.
The scope of account deletion is narrower than consumers may expect: deleting your mobile app account does not erase your personal data from State Farm's systems, and the business purpose retention basis is broadly stated without defined time limits.
Le Chat conversations do not automatically expire, meaning every prompt and response you have ever sent is retained by Mistral AI until you take action to delete it, which creates a significant accumulating personal data record.
Without defined retention limits for most categories of personal data, your information may remain in Amazon's systems for extended periods, increasing the potential impact of a data breach and limiting your practical ability to have data fully erased.
Adyen
· Adyen Privacy Policy
The absence of specific retention periods for most data categories makes it difficult for individuals to know how long their financial and personal data is held, and purpose-based retention can result in extended storage where business or legal purposes are broadly defined.
DeepL
· DeepL Privacy Policy
This provision establishes retention duration in general terms without specifying category-by-category retention periods, which may limit users' ability to assess how long specific data types are held. The reference to legal retention requirements means some data may be retained after account closure.
Gemini
· Gemini Privacy Policy
Understanding how long your data is retained is important, particularly given the sensitivity of the financial and identity data Gemini collects and the regulatory requirements that mandate retention of financial records.
The retention period is not specified in concrete terms, meaning your data could be kept for an indefinite period under the broadly stated 'legitimate interests' justification, and residual backup copies may persist even after a deletion request.
Open-ended retention standards without specific time limits for sensitive data categories like browsing history, viewing data, or biometrics may not satisfy state laws that require defined retention schedules, and longer retention increases data breach risk.
The absence of a defined retention period means your personal data, including contact details, location history, and device identifiers, could be held indefinitely as long as Craigslist determines a functional reason exists.
The absence of specific retention periods for sensitive financial data like SSNs and tax returns means your data may remain in Intuit's systems for extended periods, increasing the window of exposure to breach or secondary use.
Cursor
· Cursor Privacy Policy
The policy discloses that certain interactions not visible in a user's history may be retained for safety and system monitoring purposes, meaning the absence of data in a user's visible history does not confirm that data has been deleted.
Unity
· Unity Privacy Policy
The absence of specific, published retention periods for key data types such as advertising identifiers and behavioral data makes it difficult for users to know when their information will be deleted, and regulators in some jurisdictions require more granular retention schedules.
EA
· EA Privacy and Cookie Policy
The absence of defined retention periods means users cannot predict when their data will be deleted, and the broad 'operational or other legitimate reasons' exception could support extended retention well beyond what users might expect.
Retention periods are not defined with specific timeframes in this provision, meaning the duration for which personal data may be held is discretionary within the bounds of stated business necessity and applicable law.
Eufy
· Eufy Privacy Policy
Without specific retention periods stated for sensitive data categories like video footage and biometric data, users cannot know how long their most sensitive information is kept, and regulators may view this as inconsistent with data minimization principles.
The additional retention period beyond account closure is not defined by a specific timeframe, meaning your data may be retained for an indeterminate period after you close your account, which limits the practical effect of account deletion.
Lyft
· Lyft Privacy Policy
An open-ended retention standard without specific timeframes for each data category makes it difficult for users to know how long sensitive information like location history and trip data is retained, which affects their ability to exercise deletion rights meaningfully.
Because Coinbase is subject to financial regulatory recordkeeping requirements under the Bank Secrecy Act and related rules, certain data including transaction records and identity documents may be retained for five years or more after account closure, limiting the practical effect of deletion requests.
The retention provision does not specify defined retention periods for any category of personal information, relying instead on general necessity language, which may require evaluation against GDPR data minimization and storage limitation principles requiring specific, documented retention schedules.
There is no fixed maximum retention period for most personal data at TransUnion, and anonymized data derived from your information may be kept and used forever, even if you later request deletion of your identifiable data.
The policy does not specify fixed retention periods for most data categories, instead using purpose-based retention language; the carve-out allowing extended retention to improve service functionality could cover a broad range of operational activities.
Netflix
· Netflix Privacy Statement
The policy does not state specific retention durations for most data categories, instead reserving discretion to determine retention based on business and legal purposes; this may be relevant to users exercising deletion rights under GDPR, CCPA, or other applicable law.
Yelp
· Yelp Privacy Policy
Account closure does not result in immediate deletion of personal data; Yelp retains data indefinitely for broadly stated legal and business purposes, which means personal information persists even after a user has ended their relationship with the platform.