X vs Samsung

X collects everything you do on and off the platform, infers your identity even when you're signed out, and explicitly allows third-party 'collaborators' to use your data to train their own AI models. There is no meaningful way to stop the core collection, your public posts are available via API for mass scraping, and security is disclosed only in the vaguest terms.

Samsung's data appetite is unusually broad for a hardware maker: voice recordings stored on servers with potential third-party retention, keyboard input logging via Predictive Text synced across devices, and persistent hardware identifiers that survive ad-ID resets. The company explicitly acknowledges that sharing with business partners may constitute a data sale under US law (CCPA). Full GDPR-grade rights are reserved for EEA/UK/Swiss residents; everyone else gets basic access and deletion with no response-time commitments. Retention timelines are vague and there are no named security certifications or breach notification windows.