Data Retention Policy
Last updated: June 18, 2025
1. Introduction
This Data Retention Policy explains how Vexsoftlex Hub retains, stores, and deletes personal data and other information collected through our online platform for narrative crafting workshops and educational services. This policy works in conjunction with our Privacy Policy and Terms of Service.
We are committed to retaining your data only for as long as necessary to fulfill the purposes outlined in our Privacy Policy and to comply with our legal obligations.
2. Retention Principles
Our data retention practices are guided by the following principles:
- Data is retained only for legitimate business purposes or legal requirements
- Retention periods are based on the nature and sensitivity of the data
- Data is securely deleted or anonymized when no longer needed
- Users may request deletion of their data subject to certain exceptions
- Regular reviews ensure compliance with this policy
3. Categories of Data and Retention Periods
3.1 Account and Profile Information
Data includes name, email address, password, profile settings, and biographical information.
Retention period: Retained for the duration of your active account plus three years following account closure or last activity, unless you request earlier deletion.
Reason: To maintain your account, provide services, and address disputes or issues that may arise after account closure.
3.2 Workshop and Course Enrollment Data
Data includes enrollment records, workshop participation, assignment submissions, progress tracking, and completion certificates.
Retention period: Retained for seven years following course completion or last enrollment activity.
Reason: To maintain educational records, verify certifications, provide transcripts, and meet record-keeping obligations.
3.3 Payment and Transaction Information
Data includes payment method details, transaction history, billing addresses, and invoice records.
Retention period: Retained for seven years following the transaction date.
Reason: To process refunds, resolve billing disputes, maintain financial records, and comply with accounting and tax requirements.
3.4 Communications and Support Records
Data includes email correspondence, support tickets, chat logs, and feedback submissions.
Retention period: Retained for three years following the resolution of the inquiry or last communication.
Reason: To provide customer support, improve our services, and maintain records of communications for quality assurance.
3.5 User-Generated Content
Data includes writing samples, creative assignments, forum posts, comments, and collaborative materials submitted during workshops.
Retention period: Retained for the duration of your active account plus one year, unless you delete specific content earlier or request removal.
Reason: To provide access to your work, facilitate collaboration, and maintain the integrity of workshop materials.
3.6 Technical and Usage Data
Data includes IP addresses, device information, browser type, access logs, cookies, and analytics data.
Retention period: Retained for 24 months following collection.
Reason: To analyze platform performance, improve user experience, troubleshoot issues, and ensure security.
3.7 Marketing and Communication Preferences
Data includes email subscription status, communication preferences, and marketing consent records.
Retention period: Retained until you unsubscribe or withdraw consent, plus three years to maintain suppression lists.
Reason: To respect your communication preferences and ensure we do not contact you after you opt out.
3.8 Authentication and Security Logs
Data includes login attempts, authentication tokens, security events, and access control records.
Retention period: Retained for 12 months following the logged event.
Reason: To detect and prevent unauthorized access, investigate security incidents, and protect platform integrity.
4. Extended Retention Circumstances
We may retain data beyond the standard periods described above when:
- Required by law, regulation, or legal process
- Necessary to comply with government or regulatory requests
- Needed to establish, exercise, or defend legal claims
- Required to prevent fraud, abuse, or security incidents
- Necessary to protect the rights, property, or safety of Vexsoftlex Hub, our users, or the public
- You have provided explicit consent for extended retention
5. Data Deletion and Anonymization
5.1 Secure Deletion Process
When data reaches the end of its retention period, we employ secure deletion methods including:
- Permanent removal from active databases and systems
- Deletion from backup systems within 90 days of active deletion
- Overwriting or destruction of physical media when applicable
- Cryptographic erasure of encrypted data by destroying encryption keys
5.2 Data Anonymization
In certain cases, instead of deletion, we may anonymize personal data by removing or altering identifiable information so that it can no longer be associated with you. Anonymized data may be retained indefinitely for research, analytics, and service improvement purposes.
5.3 Archival Storage
Some data may be moved to secure archival storage for extended retention periods where legally required or for legitimate business purposes. Archived data has restricted access and is reviewed periodically for continued necessity.
6. User Rights Regarding Data Retention
You have the following rights concerning the retention of your personal data:
- Right to Access: Request information about what data we retain and for how long
- Right to Deletion: Request deletion of your personal data subject to legal and legitimate business exceptions
- Right to Rectification: Request correction of inaccurate or incomplete retained data
- Right to Restriction: Request limitation of processing for certain retained data
- Right to Object: Object to retention or processing of certain categories of data
- Right to Data Portability: Receive retained data in a structured, machine-readable format
To exercise these rights, please contact us at support@vexsoftlexhub.com. We will respond to your request within 30 days.
7. Exceptions to Deletion Requests
We may decline or limit deletion requests when retention is necessary to:
- Complete transactions or provide services you have requested
- Comply with legal obligations or regulatory requirements
- Detect and prevent fraudulent, illegal, or abusive activity
- Protect the security and integrity of our platform
- Exercise or defend legal claims
- Maintain suppression or do-not-contact lists
- Fulfill contractual obligations or enforce our terms
8. Third-Party Data Retention
When we share data with third-party service providers, they may have their own retention policies. We require our service providers to:
- Retain data only as long as necessary to provide contracted services
- Implement appropriate data retention and deletion procedures
- Delete or return data upon termination of the service relationship
- Comply with applicable data protection requirements
We are not responsible for the retention practices of third parties with whom you interact directly or who operate independently of our instructions.
9. Backup and Disaster Recovery
We maintain backup copies of data for disaster recovery and business continuity purposes. Backup systems may retain data for up to 90 days beyond active deletion. Data in backups is subject to the same security protections as active data and will be permanently deleted during routine backup cycles.
10. Policy Review and Updates
We review this Data Retention Policy at least annually to ensure it remains current with our business practices, technology changes, and legal requirements. We may update this policy periodically, and material changes will be communicated through:
- Notice on our website
- Email notification to registered users
- In-platform notifications
Continued use of our services after policy updates constitutes acceptance of the revised retention practices.
11. Data Retention Audits
We conduct regular internal audits to:
- Verify compliance with retention periods specified in this policy
- Identify data that has exceeded its retention period for deletion
- Ensure secure deletion processes are functioning properly
- Review and update retention classifications as needed
- Document retention decisions and deletion activities
12. International Data Transfers and Retention
As a transnational learning platform, we may store and process data in multiple jurisdictions. Data retention periods apply regardless of where data is stored, though local laws may require longer retention in certain jurisdictions. When transferring data internationally, we ensure adequate safeguards are in place consistent with our retention commitments.
13. Children's Data Retention
If we become aware that we have collected personal data from individuals under the applicable age of consent without proper parental consent, we will delete such data promptly. Parents or guardians may request deletion of their child's data by contacting us at support@vexsoftlexhub.com.
14. Contact Information
For questions, concerns, or requests regarding this Data Retention Policy or our retention practices, please contact us:
Vexsoftlex Hub
40-richchya Peremohy St, 10
Kamianske, Dnipropetrovsk Oblast
Ukraine, 51900
Email: support@vexsoftlexhub.com
Phone: +380 562 271 818
15. Recordkeeping
We maintain internal records documenting:
- Data categories and associated retention periods
- Legal and business justifications for retention periods
- Deletion schedules and completed deletion activities
- User requests for deletion or modification of retention
- Exceptions to standard retention periods and their justifications
These records support our accountability for responsible data retention practices.
This Data Retention Policy is effective as of the last updated date shown above and applies to all data collected by Vexsoftlex Hub through our online platform and services.