Stripe
· Stripe Privacy Policy
This definition establishes the scope of information subject to Stripe's data handling practices and retention policies. The broad categorization of Personal Data—including technical identifiers like device information and IP addresses—determines what information falls under the policy's procedural requirements.
Waze
· Waze Privacy Policy
The provision grants operational discretion to Waze in determining retention timelines across different data categories, subject to legal compliance and stated purposes. This framework allows the entity to maintain data according to functional necessity rather than fixed deletion schedules.
Intuit
· Intuit Privacy Statement
This provision operationalizes Intuit's data lifecycle management by creating categories of permissible retention periods (purpose-driven, legally-mandated, and claims-related) and establishing a process for eventual deletion or anonymization. The significance lies in the explicit authorization to retain data beyond account closure when legal, accounting, or fraud prevention purposes apply.
The clause conditions data retention duration on subscription tier, creating differentiated data lifecycle management based on customer classification. This operational structure determines the timeframe during which event-level data remains available for analysis and reporting.
The provision establishes user-controlled data retention parameters, allowing modification of the default 18-month retention period through settings. This mechanism determines the duration Google Gemini retains chat history and associated activity data before automatic purging.
This clause allocates discretion to Duolingo to determine retention duration based on operational necessity and legal compliance obligations. It establishes a standards-based retention framework rather than specifying defined retention windows, which affects how long user data remains in the company's systems.
Uber
· Uber Privacy Notice
This provision establishes that Uber retains discretion to determine the duration and scope of data retention and to decline deletion requests based on broadly stated exceptions including safety and fraud prevention, which are categories not limited to specific statutory retention obligations.
Plaid
· Plaid Terms of Use
This provision establishes that disconnecting an application through a partner interface does not automatically result in deletion of financial data from Plaid's systems, and that consumers must take an additional affirmative step through the Plaid portal to request data deletion.
The scope of account deletion is narrower than consumers may expect: deleting your mobile app account does not erase your personal data from State Farm's systems, and the business purpose retention basis is broadly stated without defined time limits.
This provision operationalizes Coinbase's compliance obligations under anti-money laundering (AML) and know-your-customer (KYC) regulatory frameworks, which require financial institutions to maintain customer identity and transaction records for specified periods to satisfy regulatory reporting and audit requirements.
The clause defines the operational scope and duration of data retention by establishing multiple grounds for retention: service functionality, stated privacy purposes, legal compliance requirements, and additional communications. This framework governs how long Amazon maintains personal data across different functional categories.
Stripe
· Stripe Privacy Policy
The retention standard ties data persistence to multiple operational categories—service delivery, regulatory compliance, dispute resolution, and agreement enforcement—rather than establishing a fixed retention period. This framework permits extended retention periods when any of these purposes remain active.
The clause defines the operational duration of data retention and establishes user-initiated deletion as the mechanism for terminating storage. This determines the period during which Mistral AI maintains access to conversation data for service administration and any other authorized uses.
Le Chat conversations do not automatically expire, meaning every prompt and response you have ever sent is retained by Mistral AI until you take action to delete it, which creates a significant accumulating personal data record.
Square
· Square Privacy Notice
This clause establishes Square's data retention framework by conditioning storage duration on operational and legal necessities rather than specifying predetermined deletion schedules. This operational approach allows the company to maintain records across multiple compliance and risk management functions simultaneously.
Without defined retention limits for most categories of personal data, your information may remain in Amazon's systems for extended periods, increasing the potential impact of a data breach and limiting your practical ability to have data fully erased.
Stripe
· Stripe Privacy Policy
Data retention for compliance and fraud prevention is standard operational practice in payment processing, as financial services entities are subject to regulatory mandates requiring preservation of transaction records and fraud detection capabilities for specified periods.
Roblox
· Roblox Privacy and Cookie Policy
The clause creates a carve-out from full data deletion by permitting extended retention of identifying information beyond account termination, which maintains the entity's ability to track or recognize returning users or devices during the two-year retention window for fraud and abuse prevention.
The absence of a specified data retention limit means the company retains operational discretion over retention duration based on stated purposes, rather than a defined schedule or automatic deletion protocol. The security disclaimer establishes that data protection relies on good faith efforts rather than contractual commitments to specific safeguards.
This provision establishes the operational framework for T-Mobile's data lifecycle management, defining retention periods across multiple service categories and business functions. The clause grounds retention authority in both regulatory compliance obligations and legitimate business operations rather than indefinite retention.
EA
· EA Privacy and Cookie Policy
Open-ended retention standards create operational flexibility for the entity to maintain data archives beyond typical engagement periods, which has implications for the duration users' personal information remains in EA's systems and available for processing.
The clause creates a retention framework tied to service necessity rather than indefinite storage, establishing operational obligations for data lifecycle management. It specifies procedural requirements—deletion, anonymization, or secure isolation—that govern how personal information transitions from active use to non-operational status.
DeepL
· DeepL Privacy Policy
This provision establishes retention duration in general terms without specifying category-by-category retention periods, which may limit users' ability to assess how long specific data types are held. The reference to legal retention requirements means some data may be retained after account closure.
Adyen
· Adyen Privacy Policy
The absence of specific retention periods for most data categories makes it difficult for individuals to know how long their financial and personal data is held, and purpose-based retention can result in extended storage where business or legal purposes are broadly defined.
There is no fixed maximum retention period for most personal data at TransUnion, and anonymized data derived from your information may be kept and used forever, even if you later request deletion of your identifiable data.
Because Coinbase is subject to financial regulatory recordkeeping requirements under the Bank Secrecy Act and related rules, certain data including transaction records and identity documents may be retained for five years or more after account closure, limiting the practical effect of deletion requests.
The policy does not specify fixed retention periods for most data categories, instead using purpose-based retention language; the carve-out allowing extended retention to improve service functionality could cover a broad range of operational activities.
The retention provision does not specify defined retention periods for any category of personal information, relying instead on general necessity language, which may require evaluation against GDPR data minimization and storage limitation principles requiring specific, documented retention schedules.
The additional retention period beyond account closure is not defined by a specific timeframe, meaning your data may be retained for an indeterminate period after you close your account, which limits the practical effect of account deletion.
Lyft
· Lyft Privacy Policy
An open-ended retention standard without specific timeframes for each data category makes it difficult for users to know how long sensitive information like location history and trip data is retained, which affects their ability to exercise deletion rights meaningfully.