Data Retention Policy

Last Updated: April 4, 2025

This Data Retention Policy explains how Beamflux ("we," "us," or "our") retains, stores, and manages data collected through our platform and services. This policy applies to all users and visitors of beamflux.sbs.

---

1. Purpose and Scope

We retain data to provide our services effectively, comply with legal obligations, resolve disputes, enforce our agreements, and support business operations. This policy covers all data types collected through our platform, including personal data, usage data, and technical information.

2. Data Categories and Retention Periods

2.1 Account and Profile Data

We retain account information, including name, email address, and profile details, for the duration of your active account plus an additional period as specified below:

• Active Accounts: Retained for the duration of account activity
• Inactive Accounts: Retained for 3 years after last login or activity
• Deleted Accounts: Permanently deleted within 90 days of deletion request, except where retention is required by law

2.2 Course and Learning Data

Information related to course enrollment, progress, completions, and certifications is retained as follows:

• Enrollment Records: Retained for 7 years after course completion or account closure
• Progress Data: Retained during active enrollment and for 5 years after completion
• Certificates and Credentials: Retained indefinitely to verify authenticity and provide reissue capabilities
• Assessment Results: Retained for 5 years after completion

2.3 Payment and Transaction Data

Financial and transaction information is retained according to these periods:

• Payment Records: Retained for 7 years after transaction date
• Invoices and Receipts: Retained for 7 years for accounting and tax purposes
• Billing Information: Retained during active subscription plus 3 years after cancellation
• Refund Records: Retained for 7 years after refund processing

2.4 Communication Data

Communications between users and our platform are retained as follows:

• Support Tickets: Retained for 5 years after ticket closure
• Email Correspondence: Retained for 3 years after last communication
• Chat Transcripts: Retained for 2 years after conversation end
• Feedback and Surveys: Retained for 5 years in aggregated form

2.5 Usage and Analytics Data

Technical and behavioral data is retained according to these schedules:

• Log Files: Retained for 12 months
• Analytics Data: Retained for 26 months in identifiable form, indefinitely in aggregated form
• Session Data: Retained for 90 days
• Device Information: Retained for 18 months after last use

2.6 Marketing and Preferences Data

Marketing-related information is retained as follows:

• Email Subscriptions: Retained until unsubscribe request
• Marketing Preferences: Retained for 3 years after account closure
• Campaign Data: Retained for 5 years in aggregated form

3. Legal and Compliance Requirements

Notwithstanding the retention periods specified above, we may retain certain data for longer periods when:

• Required by applicable law, regulation, or legal process
• Necessary to comply with tax, accounting, or auditing obligations
• Required to establish, exercise, or defend legal claims
• Needed to prevent fraud, abuse, or security incidents
• Essential for ongoing business operations or contractual obligations

Where legal obligations require retention beyond standard periods, we will retain only the minimum data necessary to satisfy such requirements.

4. Data Deletion and Disposal

4.1 Automated Deletion

We employ automated systems to delete data when retention periods expire. Deletion processes run on regular schedules to ensure timely removal of outdated information.

4.2 Secure Disposal Methods

When data reaches the end of its retention period, we dispose of it using secure methods:

• Permanent deletion from production databases
• Removal from backup systems within 90 days of production deletion
• Cryptographic erasure of encryption keys for encrypted data
• Overwriting of storage media for sensitive information
• Physical destruction of hardware when decommissioned

4.3 Backup Retention

Data contained in backup systems may persist beyond standard retention periods for technical reasons. Backup data is:

• Retained for disaster recovery purposes for up to 90 days
• Stored securely with encryption and access controls
• Not used for operational purposes
• Automatically overwritten according to backup rotation schedules

5. User Rights and Data Control

5.1 Access and Portability

Users may request access to their retained data and receive copies in portable formats. We will respond to such requests within 30 days of verification.

5.2 Deletion Requests

Users may request deletion of their data before standard retention periods expire. We will honor such requests except where:

• Retention is required by law
• Data is necessary for legitimate business purposes
• Deletion would impair our ability to defend legal claims
• Information is required for ongoing contractual obligations

5.3 Correction and Updates

Users may update or correct their personal information at any time through account settings or by contacting our support team.

6. Special Categories of Data

6.1 Sensitive Personal Data

We minimize collection of sensitive personal data. When collected, such data is:

• Retained only for the minimum period necessary
• Subject to enhanced security controls
• Deleted promptly when no longer needed
• Processed only with explicit consent or legal authorization

6.2 Children's Data

We do not knowingly collect data from individuals under 18 years of age. If we become aware of such collection, we will delete the data immediately.

7. Third-Party Data Processors

Third-party service providers processing data on our behalf must adhere to retention periods consistent with this policy. We require contractual commitments from processors regarding:

• Secure data storage and handling
• Timely data deletion upon contract termination
• Compliance with applicable data protection laws
• Return or destruction of data upon request

8. Data Retention Reviews

We conduct regular reviews of our data retention practices to ensure:

• Compliance with this policy and applicable laws
• Accuracy of retention period implementations
• Effectiveness of deletion processes
• Appropriateness of retention periods for business needs

Reviews are conducted annually and whenever significant changes occur to our services, legal obligations, or data processing activities.

9. International Data Transfers

When data is transferred internationally, retention periods remain consistent with this policy regardless of storage location. We ensure that international transfers comply with applicable data protection laws and that receiving jurisdictions provide adequate protection.

10. Business Transitions

In the event of merger, acquisition, bankruptcy, or sale of assets, retained data may be transferred to successor entities. Such transfers will be subject to:

• Continuation of this retention policy or equivalent protections
• User notification where required by law
• Compliance with applicable data protection requirements
• Contractual obligations to maintain data security and privacy

11. Exceptions and Extensions

Retention periods may be extended beyond standard schedules when:

• Data is subject to legal hold or preservation order
• Information is relevant to pending or threatened litigation
• Investigation of policy violations or security incidents is ongoing
• User has specifically requested extended retention
• Business continuity requires temporary extension with documented justification

Extensions are documented, reviewed regularly, and terminated when justification no longer exists.

12. Policy Updates and Changes

We may update this Data Retention Policy to reflect changes in our practices, services, or legal requirements. Material changes will be communicated through:

• Notice on our website
• Email notification to registered users
• In-platform announcements

Updated retention periods apply to data collected after the effective date of changes. Existing data remains subject to retention periods in effect at the time of collection unless otherwise required by law.

13. Contact Information

For questions, concerns, or requests related to data retention, please contact us:

Beamflux
715 Rue Saint-Vallier E
Québec, QC G1K 3P9
Canada

Email: info@beamflux.sbs
Phone: +15145722330

We will respond to inquiries within 30 days of receipt and verification of your identity.

---

This Data Retention Policy is effective as of the last updated date stated above and governs the retention of all data collected through our platform and services.