Data Retention Policy
Last Updated: April 21, 2024
This Data Retention Policy explains how Zenbyte ("we," "us," or "our") retains, stores, and deletes personal and non-personal data collected through our services at zenbyte.sbs.
Purpose and Scope
This policy establishes the retention periods for different categories of data we collect and process. We retain data only as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.
Data Categories and Retention Periods
Account and Profile Information
We retain account data, including name, email address, and profile details, for the duration of your active account plus 90 days following account closure or deletion request. After this period, all personally identifiable information is permanently deleted from our active systems.
Course Progress and Learning Data
Course enrollment records, progress tracking, completion certificates, and assessment results are retained for 5 years after your last activity or account closure. This extended retention supports transcript requests, credential verification, and educational record-keeping.
Payment and Transaction Records
Financial transaction data, including payment method details, purchase history, and billing information, is retained for 7 years from the transaction date to comply with accounting requirements, tax obligations, and financial auditing standards.
Communication Records
Support tickets, email correspondence, and chat transcripts are retained for 3 years from the date of the last communication. This retention period enables us to provide consistent support, track issue resolution, and improve service quality.
Technical and Usage Data
Server logs, IP addresses, device information, and analytics data are retained for 18 months. This data helps us maintain system security, diagnose technical issues, and analyze platform performance.
Marketing and Consent Records
Records of marketing consents, preferences, and opt-out requests are retained for 5 years after the last interaction or until you request deletion. This ensures we honor your communication preferences and maintain compliance with applicable regulations.
Retention Schedule Overview
| Data Type | Retention Period | Deletion Method |
|---|---|---|
| Account Information | Active account + 90 days | Permanent deletion |
| Learning Records | 5 years after last activity | Anonymization or deletion |
| Financial Records | 7 years from transaction | Secure archival then deletion |
| Support Communications | 3 years from last contact | Permanent deletion |
| Technical Logs | 18 months | Automated purging |
| Marketing Consents | 5 years after last interaction | Permanent deletion |
Legal and Regulatory Retention
Certain data may be retained beyond standard periods when required by law, regulation, or legal process. This includes data subject to litigation holds, government requests, investigations, or other legal obligations.
When legal retention requirements conflict with user deletion requests, we will retain only the minimum data necessary to satisfy legal obligations and will delete such data once the legal requirement expires.
Data Deletion and Anonymization
Deletion Methods
Upon expiration of the applicable retention period, data is deleted through secure methods that render it unrecoverable. Personal data in backups is either overwritten during normal backup rotation cycles or excluded from restoration processes.
Anonymization
In some cases, we may anonymize data instead of deleting it. Anonymized data cannot be linked back to individual users and may be retained indefinitely for research, analytics, and service improvement purposes.
User-Requested Deletion
You may request deletion of your personal data at any time by contacting us at support@zenbyte.sbs. We will process deletion requests within 30 days, subject to legal retention requirements and legitimate business needs.
Backup and Archive Systems
Data stored in backup systems follows the same retention principles as production data. Backups are maintained for disaster recovery purposes and are cycled according to the following schedule:
Daily backups are retained for 30 days. Weekly backups are retained for 90 days. Monthly backups are retained for 1 year. After these periods, backups are securely destroyed.
Data marked for deletion in production systems will not be restored from backups except in cases of system failure or data corruption affecting multiple users.
Third-Party Service Providers
We require third-party service providers who process data on our behalf to adhere to retention periods consistent with this policy. When our relationship with a service provider ends, we ensure that data is returned to us or securely deleted according to contractual obligations.
Inactive Accounts
Accounts with no login activity for 3 consecutive years are considered inactive. We will send notice to the email address on file 60 days before scheduled deletion. If no response is received, the account and associated data will be deleted according to the retention periods outlined in this policy.
Changes to Retention Periods
We may modify retention periods to reflect changes in legal requirements, business practices, or service offerings. Material changes will be communicated through email notification and posting of an updated policy on our website.
When retention periods are shortened, existing data will be reviewed and deleted according to the new schedule. When periods are extended, data scheduled for deletion may be retained for the new period unless you object.
Data Subject Rights
Regardless of retention periods, you maintain rights to access, correct, port, or request deletion of your personal data, subject to legal and contractual limitations. Exercising these rights does not affect data we are required to retain by law.
Contact Information
For questions about this Data Retention Policy or to exercise your data rights, contact us:
Email: support@zenbyte.sbs
Phone: +19059458022
Address: 10504 100 Ave #208, Fort St John, BC V1J 1Z2, Canada
Policy Governance
This policy is reviewed annually and updated as needed to ensure accuracy and compliance. The policy is approved by our data protection officer and senior management team.