OpenAI
· OpenAI Privacy Policy
Data portability provisions establish operational procedures for users to obtain copies of their information and transfer it to other services. This mechanism affects how OpenAI manages user data requests and the technical infrastructure required to facilitate data retrieval.
This clause establishes a data portability mechanism that allows account holders to retrieve and transfer their stored content independent of Google's services. The authorization applies to the full scope of content maintained within a Google Account.
This provision establishes Salesforce's legal framework for cross-border data transfers from European jurisdictions to the United States, creating accountability mechanisms through DPF certification that include liability for onward transfers to third parties. The certification satisfies regulatory requirements under EU and UK data protection law that would otherwise restrict such transfers.
Affirm
· Affirm Privacy Policy
An open-ended retention standard without specific timelines means your financial and behavioral data may be retained indefinitely unless you affirmatively request deletion.
The absence of specific retention periods for most data categories means Betterment retains broad discretion over how long it holds your sensitive financial information, including after you close your account.
Brex
· Brex Privacy Policy
This retention framework engages GDPR storage limitation principles and CCPA/CPRA deletion right obligations, and the reference to regulatory and accounting requirements reflects Brex's financial services context where regulatory retention mandates may extend beyond standard privacy retention periods.
This provision establishes Amplitude's data retention framework but does not specify retention periods for particular categories of data, which may be relevant to GDPR Article 5(1)(e)'s storage limitation principle and to CCPA/CPRA's data minimization requirements.
The policy does not specify fixed retention periods for different categories of personal data, stating instead that retention continues as long as necessary for service provision or legal compliance, which means the practical duration of data retention for specific data types is not disclosed to users.
The policy does not specify fixed retention periods for individual data categories, instead relying on purpose-based retention criteria; this approach is consistent with GDPR storage limitation principles but may limit users' ability to predict when their data will be deleted.
The absence of specific retention periods for most data categories means consumers have limited visibility into how long their purchase history, location data, and behavioral profiles are kept, which affects the practical scope of deletion rights.
Egnyte
· Egnyte Privacy Policy
Open-ended retention language based on business necessity rather than fixed timeframes can mean personal data is held for extended periods, which affects deletion rights and security exposure.
This provision establishes Zendesk's stated data retention framework, which engages GDPR Article 5(1)(e) storage limitation requirements and equivalent principles under other regional frameworks, and is relevant for organizations assessing vendor data lifecycle management practices.
Without specific retention timeframes, it is difficult to know how long your data will be held, and the open-ended criteria could mean data is retained for extended periods beyond what users might reasonably expect.
Auth0
· Auth0 Privacy Policy
The absence of specific retention periods for most data categories means users cannot easily determine how long their information is kept or plan deletion requests around a known timeline.
Steam
· Steam Privacy Policy
The policy does not specify fixed retention periods for most data categories, meaning your data may be retained for extended periods based on Valve's internal assessments of operational and legal necessity.
Retention periods for financial and identity data are often long due to regulatory requirements in the payments sector, and understanding how long data is held affects the practical utility of deletion requests.
The absence of specific retention periods means your personal data, including purchase history and financial information, may be held indefinitely under broad business or legal justifications.
This provision establishes a purpose-based and legally required retention framework without specifying concrete retention periods for any category of personal data. The absence of defined retention timelines may complicate data subject deletion requests and may require evaluation under GDPR's storage limitation principle, which requires that data not be kept longer than necessary.
This provision establishes the framework under which OpenSea holds user data after account closure or inactivity, with retention periods tied to legal obligations and business purposes rather than fixed timeframes, which affects the practical scope of deletion requests.
This provision establishes an open-ended retention standard tied to service purposes and legal requirements rather than fixed timeframes. Under GDPR, the absence of specific retention periods for each data category may present compliance exposure, as the regulation requires personal data to be kept in a form that permits identification no longer than necessary for the stated purpose.
The absence of specific retention periods makes it difficult for users to know how long their data is held, and GDPR requires organizations to define and communicate retention periods with greater specificity than this clause provides.
The absence of specific retention periods makes it difficult for users to know how long their prompts, images, and account data are stored, and creates compliance ambiguity under GDPR's data minimization and storage limitation principles.
This provision establishes a purpose-based retention framework without specifying fixed retention periods for different data categories, which may affect compliance with GDPR storage limitation requirements and user ability to predict how long their data is held.
The retention clause does not specify fixed retention periods for any category of personal data, which may engage GDPR's storage limitation principle requiring that data not be kept longer than necessary for the specified purpose; the absence of defined retention schedules may be a point of inquiry for EU and UK supervisory authorities.
Medium
· Medium Privacy Policy
The absence of defined retention periods for specific data categories may present a compliance consideration under GDPR's storage limitation principle, which requires that personal data be kept no longer than necessary for the specified processing purpose.
The policy does not specify fixed retention periods for different categories of data, which under GDPR requires that retention periods or criteria be communicated to users; the absence of specific timeframes creates ambiguity about how long learning and behavioral data is retained.
Notion
· Notion Privacy Policy
The retention provision uses open-ended language ('as long as we reasonably need it') without specifying retention periods for different data categories, which creates uncertainty about how long specific types of data such as usage logs, deleted content, or account information are held.
Open-ended retention language keyed to business purpose rather than fixed time limits provides limited consumer visibility into how long specific data categories are retained, which is relevant to consumer deletion rights and data minimization obligations under applicable state privacy laws.
OpenAI
· OpenAI Privacy Policy
The policy does not specify fixed retention periods for individual data categories, which means the duration for which conversation content, uploaded files, and account data may be retained is not precisely defined for users.
Cohere
· Cohere Privacy Policy
The absence of specific retention periods means personal data including submitted inputs, account data, and usage data may be retained indefinitely as long as the account is active or legal obligations require it, without a fixed deletion timeline.