The absence of specific retention periods for most data categories means Betterment retains broad discretion over how long it holds your sensitive financial information, including after you close your account.
The policy does not specify fixed retention periods for individual data categories, instead relying on a purpose-based standard, which may make it difficult for consumers to know how long their data is held and may require evaluation under state laws that mandate retention period disclosures.
Auth0
· Auth0 Privacy Policy
The absence of specific retention periods for most data categories means users cannot easily determine how long their information is kept or plan deletion requests around a known timeline.
Waze
· Waze Privacy Policy
This provision asserts a purpose-based retention standard without specifying concrete retention periods for particular data types such as location history or driving behavior records, which limits users' ability to assess how long their data is held.
The absence of specific retention periods for most data categories means consumers have limited visibility into how long their purchase history, location data, and behavioral profiles are kept, which affects the practical scope of deletion rights.
The absence of specific retention periods means your personal data, including purchase history and financial information, may be held indefinitely under broad business or legal justifications.
Canva
· Canva Privacy Policy
The policy does not specify defined retention periods for particular data categories, which is relevant to GDPR's data minimization and storage limitation principles and may be a point of inquiry for compliance teams or data subject rights requests.
Knowing how long Afterpay retains your financial transaction history, account data, and behavioral information matters because longer retention periods mean your data remains available for use, sharing, or potential breach exposure for extended periods.
This provision establishes a purpose-based retention framework without specifying fixed retention periods for different data categories, which may affect compliance with GDPR storage limitation requirements and user ability to predict how long their data is held.
Egnyte
· Egnyte Privacy Policy
Open-ended retention language based on business necessity rather than fixed timeframes can mean personal data is held for extended periods, which affects deletion rights and security exposure.
Because retention periods vary significantly by data type and product and are not fixed, users cannot determine with certainty how long specific categories of their personal data will be held by Microsoft.
Twilio
· Twilio Privacy Notice
The notice does not state specific retention periods for most categories of personal data, meaning data collected from website visits and marketing interactions may be retained for extended periods at Twilio's discretion.
The policy does not specify defined retention periods for most categories of personal data, instead relying on a purpose-based standard; this approach may require evaluation under GDPR's storage limitation principle and equivalent requirements in other jurisdictions.
The absence of specific retention periods for most data categories means users cannot easily determine how long their personal information is held, limiting their ability to make informed decisions about their data.
Gusto
· Gusto Privacy Policy
Without specific retention periods disclosed for sensitive data categories like SSNs and bank account information, users cannot easily assess how long their most sensitive data remains in Gusto's systems.
Replit
· Replit Privacy Policy
The absence of specific retention periods for different data categories means users cannot readily assess how long their code, prompts, usage data, or account information will be retained, which is relevant to data minimization requirements under GDPR.
Square
· Square Privacy Notice
Open-ended retention language means your data could be held indefinitely under broad regulatory compliance justifications, limiting the practical effectiveness of deletion requests.
Affirm
· Affirm Privacy Policy
An open-ended retention standard without specific timelines means your financial and behavioral data may be retained indefinitely unless you affirmatively request deletion.
Brex
· Brex Privacy Policy
Open-ended retention tied to legal and regulatory obligations is common in financial services, but it means your data may be held for extended periods beyond your active use of Brex products.
Without defined retention periods for specific data types, personal data including browsing history, location, and health metrics may be retained for extended and undefined periods, which limits consumer ability to predict when their data will be deleted.
Chime
· Chime Privacy Policy
A deletion request may not result in complete removal of your data if Chime determines it has legal or business reasons to retain certain records, which is a standard but important limitation on the right to deletion.
The absence of specific data retention periods in the main policy text means users may not know how long their behavioral, communications, or account data is retained, which is relevant to both privacy risk and the exercise of deletion rights.
Rumble
· Rumble Privacy Policy
How long your data is kept and where it is stored affects your ability to exercise deletion rights and the risk that your information could be exposed in a data breach.
The absence of specific retention periods for most data categories means your personal information may be retained indefinitely for broadly stated business purposes, which may be difficult to challenge or verify.
Twitch
· Twitch Privacy Notice
Without specific retention periods disclosed, users cannot know how long their data, including sensitive information like billing details and chat history, is held by Twitch.
Garmin
· Garmin Privacy Statement
Open-ended retention tied to account activity means your health and location data may be held indefinitely if you remain a Garmin user, and some data may persist even after account deletion due to legal hold or dispute resolution exceptions.
The notice does not specify concrete retention periods for most data categories, which means the duration Zendesk holds your data is determined by Zendesk's internal policies and legal obligations rather than fixed timelines disclosed to users.
Hulu
· Hulu Privacy Policy
The absence of specific retention periods means your data may be held indefinitely under broadly defined business or legal purposes, which is a common but notable practice that limits your practical ability to know when your data will be deleted.
There is no fixed maximum retention period stated in the policy, meaning some categories of financial and personal data could be held for extended periods tied to legal and regulatory timelines.
Noom
· Noom Privacy Policy
Without specific retention periods, users cannot know how long their sensitive health data will be held, making it harder to assess long-term privacy exposure.