Data Retention Policy
Last Updated: May 18, 2025
This Data Retention Policy explains how Hexnova Systems ("we," "us," or "our") retains, stores, and disposes of personal and non-personal data collected through our educational platform and services. This policy applies to all users of hexnovasystems.com and related services.
Purpose and Scope
We retain data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. This policy applies to all data types collected through our platform, including user accounts, learning progress, communications, and technical logs.
Data Categories and Retention Periods
Account and Profile Information
User account data, including name, email address, and profile settings, is retained for the duration of your active account plus three years following account closure or last activity. This allows us to restore accounts upon user request and maintain educational records.
Learning and Progress Data
Course enrollment records, completion certificates, quiz results, assignments, and learning progress are retained for seven years from the date of course completion. This extended retention supports educational credential verification and allows learners to access their historical achievements.
Payment and Transaction Records
Financial transaction data, billing information, and payment history are retained for seven years from the transaction date to comply with accounting requirements and support dispute resolution. Credit card information is not stored on our servers but is processed through third-party payment processors.
Communications and Support
Email correspondence, support tickets, and platform messages are retained for three years from the date of the last communication. This enables us to provide consistent support and reference historical interactions when resolving issues.
Technical and Usage Data
Server logs, IP addresses, device information, and analytics data are retained for 18 months from collection. This data helps us maintain platform security, diagnose technical issues, and improve user experience.
Marketing and Consent Records
Records of marketing consents, preferences, and opt-out requests are retained for five years from the date of consent or withdrawal to demonstrate compliance with marketing regulations.
Extended Retention Circumstances
We may retain data beyond standard retention periods when required by law, necessary for litigation or investigations, essential for enforcing our terms of service, or needed to protect rights and safety. In such cases, data is retained only for the minimum period required.
Data Deletion and Disposal
Automated Deletion
We employ automated systems to identify and delete data that has exceeded its retention period. Deletion processes run monthly to ensure timely removal of outdated information.
Secure Disposal Methods
Data is securely deleted using industry-standard methods. Electronic data is overwritten or cryptographically erased, making recovery impossible. Backup systems are purged within 90 days of primary data deletion.
Anonymization Alternative
In some cases, rather than deletion, we may anonymize data by removing all personally identifiable information. Anonymized data may be retained indefinitely for research, analytics, and platform improvement purposes.
User Rights and Requests
Access to Retention Information
Users may request information about what data we hold about them and applicable retention periods. We respond to such requests within 30 days of verification.
Early Deletion Requests
Users may request deletion of their data before the standard retention period expires. We will honor such requests unless legal obligations or legitimate interests require continued retention. Specific retention requirements will be communicated if deletion cannot be completed.
Data Portability
Before data deletion, users may request export of their personal data in a structured, commonly used format. This allows users to retain records of their educational achievements and account information.
Retention Period Exceptions
| Data Type | Standard Period | Exception Circumstances |
|---|---|---|
| Legal dispute data | Until resolution | Active litigation or claims |
| Fraud investigation records | Up to 10 years | Suspected fraudulent activity |
| Regulatory inquiry data | Until inquiry closure | Government or regulatory investigations |
| Safety incident records | Seven years | Platform security incidents |
Backup and Archival Systems
Data included in backup systems follows the same retention policies as primary data. Backups are maintained for disaster recovery purposes and are cycled according to the retention periods specified in this policy. Archived data is securely stored and accessible only to authorized personnel.
Third-Party Data Processors
Third-party service providers who process data on our behalf are contractually required to follow retention periods consistent with this policy. We regularly audit processor compliance and ensure data is deleted from third-party systems when retention periods expire.
Changes to Educational Records
Completed course certifications and official educational records are considered permanent credentials. While personal identifiers may be removed upon request, anonymized records of course completion may be retained indefinitely to maintain the integrity of our certification programs.
Inactive Account Management
Accounts with no activity for three consecutive years are considered inactive. We send notification emails before transitioning accounts to inactive status. Inactive accounts are retained for an additional three years before final deletion, allowing users opportunity to reactivate and recover their data.
Policy Updates and Notification
We may update this Data Retention Policy to reflect changes in our practices, legal requirements, or operational needs. Material changes will be communicated via email to active users and prominently posted on our platform. Continued use of our services after policy updates constitutes acceptance of revised retention practices.
Regulatory Compliance
Our retention practices are designed to comply with applicable data protection regulations. Where regulations require specific retention periods or practices, those requirements take precedence over the standard periods outlined in this policy.
Contact Information
For questions about our data retention practices, to request information about your data, or to exercise your deletion rights, please contact us:
Hexnova Systems
Komsomol's'ka St, 29
Horlivka, Donetsk Oblast
Ukraine, 84619
Email: support@hexnovasystems.com
Phone: +380674888575
We are committed to transparent data management practices and protecting user privacy throughout the data lifecycle.