Microsoft
· Microsoft Privacy Statement (Legacy)
The statement does not commit to specific retention periods across all data types or products, meaning that some categories of personal data may be retained for extended periods depending on the service and legal context involved.
The absence of specific retention periods means your data could be retained indefinitely as long as any of the broadly stated purposes apply, including enforcing agreements, which provides limited clarity for users seeking to understand when their data will be deleted.
Without specific retention periods stated, it is difficult for individuals to know how long their data will be held or to anticipate when deletion might occur without a formal request.
The policy does not specify concrete retention periods for different categories of data, meaning users cannot easily determine how long their uploaded content, conversations, or account data will be held.
Noom
· Noom Privacy Policy
Without specific retention periods, users cannot know how long their sensitive health data will be held, making it harder to assess long-term privacy exposure.
Hulu
· Hulu Privacy Policy
The absence of specific retention periods means your data may be held indefinitely under broadly defined business or legal purposes, which is a common but notable practice that limits your practical ability to know when your data will be deleted.
Uber
· Uber Privacy Notice
The absence of specific retention timelines for most data categories, including location history and trip records, means personal data may be retained for extended periods beyond the active service relationship, subject to Uber's internal determination of necessity.
Visa
· Visa Privacy Notice
The absence of specific retention periods makes it difficult for consumers to know how long their data is held and may conflict with GDPR's data minimization and storage limitation principles.
Zillow
· Zillow Privacy Notice
Retention period disclosures are required under CCPA/CPRA and are relevant to consumer deletion rights; indefinite or purpose-based retention policies without specific timeframes may be subject to regulatory scrutiny in jurisdictions requiring retention limitation disclosures.
Indefinite or lengthy data retention means that detailed records of your viewing habits, payment history, and account activity may be stored by Paramount+ for years after you stop using the service.
The retention period is defined broadly by reference to legal obligations and dispute resolution rather than a fixed timeframe, meaning sensitive financial and identity data may be retained for extended periods depending on applicable regulatory requirements.
Retention periods determine how long your personal information remains in Delta's systems and available for use or potential disclosure; the lack of specific timeframes in the main policy and reliance on a separate notice reduces transparency.
Data retention periods affect how long your behavioral profile persists in Google's systems, which matters both for privacy and for how long historical data can inform ad targeting or be subject to legal process.
This provision discloses Coursera's security posture using a standard industry disclaimer that appropriate measures are in place but absolute security cannot be guaranteed. The document does not specify the particular security standards, certifications, or frameworks used, which limits third-party assessment of adequacy.
Rumble
· Rumble Privacy Policy
This provision establishes Rumble's stated security posture and its limitation of representations regarding data security outcomes; the 'reasonable measures' standard is the operative benchmark for FTC enforcement purposes and is consistent with broadly observed industry practice.
Nintendo's qualified security assurance means that in the event of a data breach, the company's contractual exposure may be limited by this disclaimer, and users should understand that no absolute security guarantee is made for payment card data, account credentials, or gameplay records.
Fastly
· Fastly Privacy Policy
Personal data can transfer to a third party whose privacy practices may differ from Fastly's without you receiving prior individual notice or having a right to object, which is a common but material provision in corporate data flows.
Klarna
· Klarna Privacy Policy
Your personal data flows to merchants when you use Klarna at checkout; the merchant's own privacy practices then govern how that data is used, which may be different from Klarna's own policy.
Uber
· Uber Privacy Notice
This provision authorizes real-time location and identifying information to be made visible to members of the public (riders and recipients), which creates personal safety considerations for drivers and constitutes a distinct data sharing pathway from internal or business partner disclosures.
This provision defines the operational boundaries of external data sharing, including sharing with domain administrators (relevant to Google Workspace users) and partners engaged for processing; the stated restrictions are subject to the listed exceptions, which include broad legal and safety grounds.
Declining to provide certain personal data could result in loss of access to ZipRecruiter's job search or recruiting services, framing data provision as a prerequisite for service access rather than a freely given choice.
The policy discloses specific rights and a contact mechanism, which is relevant because the practical scope of these rights may differ depending on whether the user is a direct consumer or accessing Atlassian through an employer account, where the employer administrator controls data.
These rights are the primary mechanism by which individuals can control their personal data held by Checkout.com, and knowing the contact point and applicable rights is essential to exercising them effectively.
Adyen
· Adyen Privacy Policy
This clause implements statutory data subject rights obligations, establishing the procedural mechanism through which individuals may exercise control over their personal data held by Adyen. The availability of designated contact channels creates an operational requirement for Adyen to receive and respond to rights requests according to applicable data protection frameworks.
This clause operationalizes data subject rights under privacy regulations by establishing the procedural mechanism through which individuals can exercise statutory rights and outlining the verification requirements Apple applies before fulfilling requests.
The clause operationalizes Revolut's obligations under data protection regulations by establishing procedural mechanisms through which users can assert control over personal data processing. The provision specifies both the substantive rights available and the operational channels through which those rights may be exercised.
The provision operationalizes data subject rights commonly required under privacy regulations such as GDPR and CCPA by establishing a framework through which users can exercise control over their personal information retained and processed by the service provider.
Netflix
· Netflix Privacy Statement
This clause creates a procedural mechanism for exercising data subject rights under privacy regulations. By designating a specific contact and email address, the provision establishes the operational pathway through which Netflix processes access, deletion, portability, and correction requests.
Klarna
· Klarna Privacy Policy
These provisions implement statutory data subject rights under regulations like GDPR and similar privacy frameworks, establishing formal mechanisms through which individuals can exercise control over personal data processing and obtain transparency into data holdings.
DeepL
· DeepL Privacy Policy
This provision enumerates the data subject rights DeepL recognizes and the mechanism through which users may exercise them. The right to lodge a supervisory authority complaint provides a direct regulatory escalation path independent of DeepL's own response.