Data Retention Policy

Last updated: October 6, 2024

This Data Retention Policy describes how Vedmorascu ("we," "us," or "our") collects, retains, and disposes of personal and operational data gathered through the use of our platform and services available at vedmorascu.biz. By using our services, you acknowledge the practices described in this policy.


1. Purpose

We retain data only for as long as necessary to fulfill the purposes for which it was collected, to provide our services, to comply with applicable legal and regulatory obligations, to resolve disputes, and to enforce our agreements. Once data is no longer required for these purposes, it is securely deleted or anonymized in accordance with this policy.


2. Scope

This policy applies to all personal data and non-personal operational data processed by Vedmorascu, including data provided by users, data generated through use of the platform, and data obtained from third-party integrations. It applies to all employees, contractors, and service providers who handle data on our behalf.


3. Categories of Data and Retention Periods

Different categories of data are retained for different periods based on their purpose and sensitivity. The following table outlines our standard retention schedules.

Data Category Examples Retention Period
Account Information Name, email address, password hash, registration date Duration of account, plus 2 years after closure
Course and Learning Data Enrolled courses, progress, completion records, certificates Duration of account, plus 3 years after closure
Payment and Billing Records Transaction history, invoices, billing address 7 years from transaction date
Communication Records Support tickets, email correspondence 3 years from last interaction
Usage and Log Data IP addresses, session logs, access timestamps 12 months
Marketing Preferences Subscription status, consent records Until withdrawn, plus 2 years
Cookies and Tracking Data Session cookies, analytics identifiers Up to 13 months
Aggregated Analytics Anonymized usage statistics Indefinite (no personal identifiers retained)

Retention periods may be extended where required by law, ongoing legal proceedings, or legitimate business necessity. In such cases, access to retained data is restricted to authorized personnel only.


4. Data Collection Basis

4.1 User-Provided Data

Data that you actively provide when creating an account, enrolling in courses, making purchases, or contacting our support team is retained for the periods described above. This data is used to deliver our services, process transactions, and respond to inquiries.

4.2 Automatically Collected Data

Technical data collected automatically when you interact with our platform, such as log files, device identifiers, and session activity, is retained for shorter durations. This data supports security monitoring, platform performance, and service improvement.

4.3 Third-Party Data

Where data is received through third-party integrations, such as authentication providers or payment processors, retention is governed both by this policy and the terms agreed with those providers. We do not retain third-party payment card data on our own systems.


5. Data Deletion and Anonymization

5.1 Scheduled Deletion

Data that has reached the end of its applicable retention period is permanently deleted or irreversibly anonymized on a scheduled basis. Deletion processes are automated where technically feasible and audited periodically to verify compliance.

5.2 Account Closure

When an account is closed, personal data associated with that account enters a retention hold for the applicable post-closure period before being deleted. During this hold, data remains inaccessible to the user but may be used to fulfill outstanding legal or contractual obligations.

5.3 User-Requested Deletion

Users may request deletion of their personal data by contacting us at [email protected]. We will process verified deletion requests within a reasonable timeframe. Certain data may be retained beyond the requested deletion date where legal obligations require it, and we will communicate any such exceptions at the time of processing your request.

5.4 Anonymization

In some cases, rather than deleting data, we may anonymize it so that it can no longer be associated with any individual. Anonymized data may be retained indefinitely for analytical and research purposes and is not subject to this policy once anonymization is complete.


6. Data Storage and Security During Retention

All retained data is stored using industry-standard security measures, including encryption at rest and in transit, access controls, and regular security assessments. Access to retained personal data is limited to personnel with a documented need to process it. We review and update our security practices on an ongoing basis.

Backup copies of data may be retained for a short additional period beyond the primary retention schedule solely for disaster recovery purposes. These backups are subject to the same access controls and security standards as primary data stores.


7. Third-Party Service Providers

We may engage third-party processors to assist in delivering our services. These processors are contractually required to retain data only for as long as necessary to perform their designated functions and to comply with data protection standards consistent with this policy. We conduct periodic reviews of processor compliance.


8. Legal Holds

In the event of actual or anticipated litigation, regulatory investigation, or other legal proceedings, normal retention and deletion schedules may be suspended for affected data. A legal hold will be applied to relevant data categories until the matter is resolved, at which point standard retention schedules resume.


9. Your Rights Regarding Retained Data

Subject to applicable law, you may have rights with respect to your personal data that we hold, including the right to access, correct, port, restrict processing of, or request deletion of your data. To exercise any of these rights, please contact us using the details below. We will respond to verified requests within a reasonable timeframe and explain any limitations that apply.


10. Policy Reviews and Updates

This policy is reviewed at least annually and updated as necessary to reflect changes in our data practices, applicable law, or business operations. The date at the top of this document indicates when the policy was last revised. Continued use of our services following any update constitutes acceptance of the revised policy. For material changes, we will provide notice through the platform or by email prior to the changes taking effect.


11. Contact Information

If you have questions about this Data Retention Policy or wish to exercise your data rights, please contact us: