Delete closes your account. It does not clear your data.
The button says "delete my account." Read it literally. It deletes your account: your login, your profile, your ability to sign back in and see what they have. It very rarely deletes the data underneath. The account is the door. The data is the building, and closing the door does not empty it.
That gap is the trap. The screen confirms the one thing you can see, your access, and stays quiet about the one thing you cannot, the retention. You read "account deleted" as "they no longer have me." Those are different sentences, and the company is content to let you blur them.
How long can they be sued? That is how long they keep you.
There are two kinds of reason a company holds you after you go.
The first is fixed. Tax rules make a business keep its financial records for around six years. Money-laundering rules make a regulated firm keep who you are and what you did for about five after you close the account. These are floors, they are dated, and there is no arguing them. A firm that deletes early can be fined for it.
The second is not fixed at all. Somewhere in every retention policy is a line about keeping data for "the establishment, exercise or defence of legal claims," usually next to "legitimate interests." Read plainly: if someone might sue us over this, we keep what we would need to defend ourselves. No statute sets that period. The company sets it, by guessing how long a claim could plausibly arrive, and keeps you at least that long.
So the real question behind your retention is not how long they need your data to run the service. It is how long they can be sued for what happened here. You are kept for their defence, on a clock they drew.
Same clause, different clocks
Watch the number swing by industry, and you can read the exposure off it.
A clinic or a health app keeps your records for years, a child's into their mid-twenties, some for decades. A claim over care can surface long after the fact, and for someone treated as a child the clock to bring one does not start until they are an adult. Long tail of risk, long retention.
A recruiter that turned you down keeps your application for months, then drops it. The claim it fears, that the rejection was discriminatory, has to be brought almost at once. Short window to sue, short window to keep.
A service that introduced you to other people keeps a quieter file: a safety and abuse record, in case what happened after the introduction comes back to its door. It sets that window itself and writes it into the policy in plain sight.
Same sentence in every policy. The length is the tell.
They cannot afford to anonymise you yet
The thing that protects the company is that the record still points to you. To fight a disputed charge, or to answer a police or tax demand, it has to put a real name against a real transaction. Strip that out too early and it has thrown away its own defence. So while the window is open, a company thinking clearly does not want you anonymised. It wants you whole. A promise that your data was "deleted and/or anonymised" while that window runs is either untrue or against their own interest, and anonymised rarely survives contact with reality anyway.
The services that sell you a clean exit
There is a whole industry now that promises to delete you: fire off a wave of requests, watch a dashboard fill with green ticks, "removed from 214 companies." It feels like closure. It is the delete button again, at scale, and with the same blind spot. A tick that says "done" cannot show you the tax record still in the archive, the safety file with your name on it, the five-year money-laundering hold. It reports the access closed and calls the data gone.
Whether those services mean to or not, the effect is a favour to the company. A user who believes they are erased stops asking the questions that would actually constrain the data, and false closure is the most useful thing you can hand a company that is keeping you anyway. A green tick is not evidence. It is the reassurance of the delete button, dressed up and sold back to you.
The request that actually bites: stop processing
Here is the bitter, more useful truth. You often cannot make them delete the slice they are shielding. You can make them stop using it.
They are keeping it for one declared reason. Purpose limitation, a rule sitting in the same law as your right to erasure, says they cannot quietly use it for another. Data held to satisfy a tax auditor or a fraud investigator is not data they are allowed to feed to their marketing, their profiling, their models, or their partners. So the request that does not bounce off a retention clause is not "delete it." It is "if you are keeping this to meet a legal duty, keep it only for that."
Object to the uses that were never about defending a claim: the marketing, the model training, the sharing, the profiling. Restrict the rest to the archive. The compliance hold is a cage the company built for itself. The effective move is to make it keep the data inside the bars, not to demand a release it is allowed to refuse.
Keep the record, not the checkmark
The window is the company's, but it ends. The money-laundering record has to be deleted once its period runs out. The claims clock closes. When it does, the "defence of legal claims" reason is spent, and a fresh deletion request meets nothing on the other side. No company writes to tell you that day has come, and no dashboard of ticks was ever watching for it. The only thing that is, is your own record: the day you left, the window they quoted, the uses you told them to stop, and exactly what they wrote back.
It is the same shape everywhere, from a dating profile to a bank to a privacy policy you have read a hundred times without reading once. Do not trust the delete button, and do not buy a nicer one. Object to what they cannot justify, restrict what they can, and keep the receipt. Start your record →