GF has clear disclaimers with how they use data.
This is from their data use policy.
- Right to erasure (‘right to be forgotten’)
10.1. The data subject has the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay, and the Controller has the obligation to erase personal data without undue delay where one of the following grounds applies:
(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(b) the data subject withdraws consent on which the processing is based, where the processing takes place on the basis of the data subject’s consent given for processing personal data for one or more specific purposes and where there is no other legal ground for the processing;
© the data subject objects to the processing, on grounds relating to his or her particular situation, in accordance with the Regulation, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing for direct marketing purpose and where there is no other legal ground for the processing;
(d) the personal data have been unlawfully processed;
(e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject;
(f) the personal data have been collected in relation to the offer of information society services to a child, in accordance with the Regulation.
10.2. Where the Controller has made the personal data public and is obliged pursuant to paragraph 10.1 to erase the personal data, the Controller, taking account of available technology and the cost of implementation, takes reasonable measures, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
10.3. Paragraphs 10.1 and 10.2 do not apply to the extent that processing is necessary:
(a) for exercising the right of freedom of expression and information;
(b) for compliance with a legal obligation which requires processing by Union or Member State law to which the Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
© for reasons of public interest in the area of public health in accordance with the Regulation;
(d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with the Regulation, in so far as the right referred to in paragraph 10.1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(e) for the establishment, exercise or defence of legal claims.
10.4. In addition, the Controller may offer, within the application or emails that will be sent to you, the possibility to be forgotten and all your personal data to be erased, without the obligation of fulfilling all the above mentioned conditions, by accessing any link regarding the erasure of all personal data, and in this case the EULA will cease with immediate effect in the same time with the erasure of personal data and all your data will be erased.