That's not enough. Someone standing in front of such a system cannot tell whether records are kept, or shared.
1. One risk is that the government will slowly erode any limitations. In Germany, one of the most privacy oriented countries, restaurants were required to collect contact information. This was announced as being strictly for covid contract tracing purposes. Less than a month later, the police in multiple states were found to have demanded and received access to those lists for reasons entirely unrelated to covid. So any default level of trust has already been betrayed.
2. Another risk is that the vendors themselves might prefer "alternative definitions" of record keeping and data sharing for various reasons (e.g. processing in the cloud and/or by third-party companies with even less restrictions, data collection for ML training purposes, selling the same dataset for profit, "flagged as hidden" vs "never actually stored", "stored to persistent media then deleted" vs "never persistently stored", preventing access by contractual/legal vs technical means...). The people making such promises are never ever the engineers that actually understand their system. And similar to the previous paragraph, companies have every incentive to slowly erode any guarantees they might've actually met at some point.
3. The people buying the products (shop owners) as a general rule have neither the expertise, time, motivation nor source code level access to call the vendors out.
1. One risk is that the government will slowly erode any limitations. In Germany, one of the most privacy oriented countries, restaurants were required to collect contact information. This was announced as being strictly for covid contract tracing purposes. Less than a month later, the police in multiple states were found to have demanded and received access to those lists for reasons entirely unrelated to covid. So any default level of trust has already been betrayed.
2. Another risk is that the vendors themselves might prefer "alternative definitions" of record keeping and data sharing for various reasons (e.g. processing in the cloud and/or by third-party companies with even less restrictions, data collection for ML training purposes, selling the same dataset for profit, "flagged as hidden" vs "never actually stored", "stored to persistent media then deleted" vs "never persistently stored", preventing access by contractual/legal vs technical means...). The people making such promises are never ever the engineers that actually understand their system. And similar to the previous paragraph, companies have every incentive to slowly erode any guarantees they might've actually met at some point.
3. The people buying the products (shop owners) as a general rule have neither the expertise, time, motivation nor source code level access to call the vendors out.