Data Retention Policy
Last Updated: January 22, 2025
This Data Retention Policy explains how flonexstackqz ("we," "us," or "our") retains, stores, and deletes personal data and other information collected through our educational platform and services. This policy applies to all users of flonexstackqz.mom.
1. Purpose and Scope
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. This policy outlines our retention practices and schedules for different categories of data.
2. Data Categories and Retention Periods
2.1 Account Information
Personal information associated with user accounts, including name, email address, phone number, and profile details:
- Active accounts: Retained for the duration of account activity
- Inactive accounts: Retained for 3 years after last login or activity
- Deleted accounts: Permanently deleted within 90 days of deletion request, except where legal obligations require longer retention
2.2 Learning and Course Data
Information related to course enrollments, progress, assessments, and certifications:
- Active learners: Retained for the duration of enrollment plus 5 years after course completion
- Course completion records: Retained for 7 years to maintain certification validity
- Assessment and quiz results: Retained for 5 years after completion
- Video session recordings: Retained for 90 days after session date, unless saved by instructor for educational purposes (maximum 2 years)
2.3 Communication Records
Messages, emails, and other communications between users and instructors or support staff:
- Support tickets: Retained for 3 years after ticket closure
- Email correspondence: Retained for 2 years after last communication
- Platform messages: Retained for 1 year after account deletion or 3 years of inactivity
- Marketing communications: Retained until user unsubscribes or withdraws consent
2.4 Payment and Financial Data
Transaction records, invoices, and payment information:
- Transaction records: Retained for 7 years from transaction date for accounting and tax purposes
- Payment method details: Tokenized information retained until card expiration or user removal
- Invoices and receipts: Retained for 7 years in compliance with financial regulations
- Refund records: Retained for 7 years from refund date
2.5 Technical and Usage Data
System logs, analytics data, cookies, and device information:
- Server logs: Retained for 90 days for security and troubleshooting purposes
- Analytics data: Aggregated data retained indefinitely; individual user data retained for 26 months
- Cookie data: Retained according to individual cookie expiration periods (typically 30 days to 2 years)
- Error and crash reports: Retained for 1 year
2.6 Legal and Compliance Data
Information retained for legal, regulatory, or compliance purposes:
- Consent records: Retained for 7 years after consent withdrawal
- Data subject requests: Retained for 3 years after request fulfillment
- Legal hold data: Retained for the duration of legal proceedings plus 3 years
- Incident and breach records: Retained for 7 years from incident resolution
3. Retention Criteria
We determine retention periods based on the following criteria:
- The nature and sensitivity of the data
- Potential risk of harm from unauthorized use or disclosure
- The purposes for which we process the data
- Whether we can achieve those purposes through other means
- Applicable legal, regulatory, tax, accounting, or other requirements
- Legitimate business interests and operational needs
4. Data Deletion Procedures
4.1 Automated Deletion
Our systems automatically identify and delete data that has exceeded its retention period through scheduled processes that run monthly. Automated deletion applies to:
- Expired session recordings
- Old server logs and temporary files
- Inactive user accounts beyond retention thresholds
- Expired cookies and tracking data
4.2 Manual Deletion
Certain data categories require manual review before deletion, including:
- Account data with active financial transactions
- Records subject to legal hold or investigation
- Certification and completion records still within validity period
- Data required for ongoing dispute resolution
4.3 Deletion Methods
We employ secure deletion methods appropriate to the data type and storage medium:
- Database records: Permanent deletion with overwriting
- Backup systems: Data removed from backups during next backup cycle
- Physical media: Secure destruction or degaussing when decommissioned
- Third-party systems: Deletion requests sent to all applicable processors
5. Exceptions to Retention Periods
We may retain data beyond standard retention periods when:
- Required by law, regulation, or court order
- Necessary for litigation, investigations, or legal proceedings
- Needed to protect our legal rights or defend against claims
- Required to comply with tax, accounting, or audit requirements
- Necessary to prevent fraud, abuse, or security incidents
- User has specifically requested extended retention
6. Backup and Archive Data
Data stored in backup and archive systems follows these guidelines:
- Standard backups: Retained for 90 days, then permanently deleted
- Disaster recovery archives: Retained for 1 year, updated quarterly
- Compliance archives: Retained according to specific regulatory requirements
- Deleted data: Removed from active backups within next backup cycle (maximum 30 days)
While data may remain in backup systems temporarily after deletion from production systems, it becomes inaccessible and is permanently removed according to our backup rotation schedule.
7. Third-Party Data Processors
When we share data with third-party service providers, we ensure they:
- Comply with retention periods consistent with this policy
- Delete or return data when no longer needed for specified purposes
- Maintain appropriate security during retention period
- Provide confirmation of data deletion upon request
Our agreements with processors specify retention requirements and deletion obligations.
8. User Rights Regarding Retention
Users have the following rights concerning data retention:
- Request information about how long specific data will be retained
- Request early deletion of personal data (subject to legal and operational requirements)
- Object to extended retention periods where applicable
- Receive confirmation when data has been deleted
- Request copies of data before scheduled deletion
To exercise these rights, contact us at [email protected].
9. Minimum Retention Requirements
Certain data must be retained for minimum periods regardless of deletion requests:
| Data Type | Minimum Retention | Reason |
|---|---|---|
| Financial transactions | 7 years | Tax and accounting compliance |
| Certification records | 7 years | Educational accreditation requirements |
| Consent records | 3 years after withdrawal | Regulatory compliance and proof of consent |
| Security incidents | 3 years | Security monitoring and pattern detection |
| Legal communications | Duration of matter plus 3 years | Legal defense and compliance |
10. Data Retention Reviews
We conduct regular reviews of our data retention practices:
- Annual comprehensive review of all retention schedules
- Quarterly audits of automated deletion processes
- Monthly verification of backup deletion procedures
- Ongoing assessment of legal and regulatory requirements
- Regular training for staff on retention policies and procedures
Reviews ensure our retention periods remain appropriate, lawful, and aligned with business purposes.
11. Changes to This Policy
We may update this Data Retention Policy to reflect changes in our practices, legal requirements, or operational needs. When we make material changes:
- We will update the "Last Updated" date at the top of this policy
- We will notify active users via email or platform notification
- Changes will be posted on our website at least 30 days before taking effect
- Continued use of our services after changes constitutes acceptance
We encourage you to review this policy periodically to stay informed about how we retain and protect your data.
12. Contact Information
For questions, concerns, or requests regarding this Data Retention Policy or our data retention practices, please contact us:
flonexstackqz
ul. SENATORSKA 2
WARSZAWA, 00-075
Poland
Email: [email protected]
Phone: +48730829460
We will respond to all inquiries within 30 days of receipt.