Samsung vs NordVPN

Samsung's data appetite is unusually broad for a hardware maker: voice recordings stored on servers with potential third-party retention, keyboard input logging via Predictive Text synced across devices, and persistent hardware identifiers that survive ad-ID resets. The company explicitly acknowledges that sharing with business partners may constitute a data sale under US law (CCPA). Full GDPR-grade rights are reserved for EEA/UK/Swiss residents; everyone else gets basic access and deletion with no response-time commitments. Retention timelines are vague and there are no named security certifications or breach notification windows.

NordVPN genuinely doesn't log your VPN activity — that part of the privacy pitch holds up — but outside the tunnel it runs a large advertising and analytics infrastructure full of US-based trackers, shares data within a broad corporate group, markets to you for a year after you cancel, and retains billing records for a decade.