Indefinite or open-ended retention tied to broad purposes like 'enforce our agreements' or 'resolve disputes' means data may be retained for longer than users might expect, and specific deletion timelines are not guaranteed.
Miro
· Miro Privacy Policy
If Miro retains your data for extended periods after account closure or inactivity, your information may remain in Miro systems longer than you would expect. Users who close accounts should consider submitting a deletion request to ensure timely removal.
Fly.io
· Fly.io Privacy Policy
Open-ended retention language means your personal data may be held indefinitely unless you actively request deletion, and the criteria for determining retention length are not defined with precision.
Visa
· Visa Privacy Notice
The clause defines the operational scope and duration of data retention practices, establishing that retention periods are determined by functional necessity rather than fixed time limits, and explicitly authorizing retention to support regulatory compliance and dispute resolution activities.
This provision establishes the operational framework governing data lifecycle management, linking retention duration to business necessity and regulatory mandate rather than indefinite storage. The multi-factor assessment approach (amount, nature, sensitivity, risk, legal requirements) creates a structured basis for retention decisions.
Stripe
· Stripe Privacy Policy
The retention standard creates an operational baseline tied to functional necessity and legal mandate rather than a fixed timeline, establishing that retention duration varies by data category and regulatory context. This framework allocates responsibility to Stripe for determining appropriate retention periods based on stated purposes and legal requirements.
This provision operationalizes Apple's retention obligations by establishing criteria for determining storage duration rather than specifying fixed retention periods. The framework ties retention duration to purpose fulfillment and risk assessment, creating a variable retention standard based on data classification and processing necessity.
Open-ended retention language tied to business necessity can mean data is kept for extended periods; users who close their accounts should confirm deletion of sensitive data including avatar likeness and voice recordings.
Loom
· Loom Privacy Policy
This provision establishes the operational scope and duration of data retention within Loom's service infrastructure. The clause authorizes extended retention periods beyond active service use by reference to multiple institutional purposes, which affects the timeline and conditions under which personal information is maintained in company systems.
The clause defines the operational framework for data lifecycle management, establishing that retention is conditioned on service delivery necessity and legal compliance rather than indefinite retention. This creates a structured basis for determining when personal information will be deleted from Wix systems.
Fastly
· Fastly Privacy Policy
The clause defines the operational framework for data lifecycle management, establishing both retention triggers (fulfillment of stated purposes and legal obligations) and termination conditions (deletion or anonymization upon loss of necessity). This structure addresses regulatory compliance requirements and establishes predictable data handling procedures.
The absence of specific retention periods in the public policy makes it difficult for users to know how long their IP addresses, usage logs, and account data are stored, which is relevant to understanding the scope of potential data exposure.
Adobe
· Adobe Privacy Policy
This provision establishes Adobe's data retention schedule across two categories: operational data tied to active account status and compliance-related data with extended retention periods. The ten-year post-interaction retention window applies to contractual records independent of account status, creating a defined operational framework for data lifecycle management.
The clause establishes the operational framework for data retention periods, conditioning retention duration on three categories: service functionality, legal compliance obligations, and explicit notice to users. This structure creates multiple retention basises rather than a fixed retention window.
Uber
· Uber Privacy Notice
The clause defines the operational scope and duration of data retention by linking retention periods to specific business and legal functions rather than establishing fixed time limits, which affects the company's data management obligations and compliance framework.
Open-ended retention periods tied to broadly defined purposes such as 'legal obligations' and 'enforcing agreements' may result in personal data being retained for extended periods without a clear maximum duration disclosed to consumers.
Intuit
· Intuit Privacy Statement
Open-ended retention language tied to legal obligations and dispute resolution means sensitive financial data, including tax records and government identifiers, could be retained for extended periods without a specific deletion deadline.
The absence of specific retention periods for individual personal information categories, particularly health and pharmacy data, creates compliance considerations under CCPA/CPRA's data minimization requirements and HIPAA's record retention standards. Retention periods that are not bounded by specific timelines may face scrutiny under CPRA's proportionality standard.
The absence of specific retention periods for categories such as code snippet data, telemetry, and account information means users and enterprise customers cannot determine from the policy alone when their data will be deleted. GDPR's data minimization and storage limitation principles require that retention periods be defined and justified.
BeReal
· BeReal Privacy Policy
The absence of specific retention timelines for categories of data such as dual-camera imagery and location data makes it difficult for users to know exactly how long their most sensitive information is held.
ADP
· ADP Privacy Statement
Without specific retention timelines for each data category, it is difficult for individuals or employers to predict when their data will be deleted, which affects the practical ability to enforce deletion rights.
StockX
· StockX Privacy Policy
Without specific retention periods defined for different data types, users cannot easily predict when their personal information, including sensitive data like government IDs, will be deleted.
Netflix
· Netflix Privacy Statement
Data retention periods determine the operational lifecycle of personal information within Netflix's systems and establish the timeframes during which Netflix maintains records for service delivery, legal compliance, and business purposes.
Open-ended retention language tied to 'business needs' and 'legal obligations' without specific retention periods means consumers have limited visibility into how long sensitive data such as location records, call logs, and financial information is actually stored.
The retention standard is tied to broadly stated purposes rather than specific time periods, which means the duration of data retention may vary and is not fixed to a defined schedule visible to users.
GOAT
· GOAT Privacy Policy
Open-ended retention periods mean your data could be held indefinitely under broad business justifications, with limited ability for users in most jurisdictions to compel deletion beyond what specific privacy rights provide.
The absence of specific retention periods for individual data categories, particularly voice recordings and voice models, creates potential tension with GDPR's data minimization and storage limitation principles, which require that retention periods be specified or determinable.
Lime
· Lime Privacy Policy
Without a specified maximum retention period, your location history, trip records, and account data may be retained indefinitely, which has implications for both privacy risk and your rights to have data deleted.
Udemy
· Udemy Privacy Policy
This provision establishes the temporal scope of Udemy's data processing activities and determines how long personal data including learning activity, payment records, and communications content remains subject to Udemy's use and sharing permissions.
The absence of defined retention periods for specific data types like authentication logs means Cisco may retain this data for an extended and indeterminate period, which is relevant to privacy rights and data minimization requirements.