Firstly, MOST businesses don't store any credit card information so it's easier to be PCI compliant if the need arises and in order to limit liability. So if you trust the business enough to put in your CC#, you don't have to worry about the biggest issue.
Secondly, I don't know of ANY company that deletes customer data upon cancellation. I've worked at a few ecom companies now, and the marketing team would just LOL at that idea. Past customers are pretty much your highest converters. No way are you gonna get rid of your data on them.
MAYBE in Europe with GDPR. Even still, no company I've worked at does this even for European customers. I'm skeptical a meaningful percentage of companies do.
Secondly, I don't know of ANY company that deletes customer data upon cancellation. I've worked at a few ecom companies now, and the marketing team would just LOL at that idea. Past customers are pretty much your highest converters. No way are you gonna get rid of your data on them.
MAYBE in Europe with GDPR. Even still, no company I've worked at does this even for European customers. I'm skeptical a meaningful percentage of companies do.