Your idea presents two problems:
1. Automatic cannot do any expansion of capabilities using customer data without first changing their policy so that they can access that data.
2. If/when Automatic changes their policy it will create a negative reaction from customers that the policy is being changed.
It's a lot easier to promise protection of the data and let the customer decide whether they believe the promise or not before they sign up.
OK. I wasn't making a recommendation for Automatic, I was just trying to explain to pc86 how dsr_'s preferred strategy (that Automatic keep no data) was very plausible and, in fact, is used by many companies.
2. If/when Automatic changes their policy it will create a negative reaction from customers that the policy is being changed.
It's a lot easier to promise protection of the data and let the customer decide whether they believe the promise or not before they sign up.