Data Retention Policy

1. Purpose
This Data Retention Policy explains how long the Learning Management System (“LMS”, “we”, “our”) retains personal and educational data, and how such data is securely deleted or anonymized when no longer required.

We retain data only for as long as necessary to:

• - Provide educational services
• - Meet contractual and legal obligations
• - Ensure system security and integrity
• - Support academic record-keeping and dispute resolution

2. Scope
This policy applies to all users of the LMS, including:

• - Learners
• - Instructors
• - Administrators
• - Institutional partners

It covers all data collected through the LMS, whether stored electronically or in backups.

3. Data Categories and Retention Periods
3.1 User Account Information
Includes:

• - Name
• - Email address
• - Username
• - Role (learner, instructor, administrator)
• - Account metadata (creation date, last login)

Retention Period:
• - Retained for the duration of the active account
• - Deleted or anonymized within 90 days after account closure or termination

3.2 Course Enrollment and Progress Data
Includes:

• - Course enrollments
• - Completion status
• - Timestamps of activity
• - Progress tracking

Retention Period:
Retained for 5 years after course completion, unless otherwise required by an educational institution or legal obligation

3.3 Assessment and Academic Records
Includes:

• - Quiz results
• - Assignment submissions
• - Grades
• - Certificates of completion

Retention Period:
Retained for 7 years to support academic verification, transcripts, and compliance requirements

3.4 Communication Data
Includes:

• - Messages between users
• - Discussion forum posts
• - Instructor feedback

Retention Period:
• - Retained for 2 years after course completion
• - May be anonymized earlier if a user account is deleted

3.5 Activity Logs and System Logs
Includes:

• - Login records
• - IP addresses
• - Device and browser metadata
• - Security and audit logs

Retention Period:
Retained for 12 months for security, fraud prevention, and system monitoring purposes

4. Data Deletion and Anonymization
At the end of the applicable retention period:

• - Data is securely deleted, or
• - Anonymized so it can no longer be linked to an identifiable individual

Anonymized data may be retained for:
• - Statistical analysis
• - Platform improvement
• - Reporting and research purposes

5. User-Initiated Data Deletion
Users may request deletion of their personal data by:

• - Using in-platform account deletion tools, or
• - Contacting the LMS administrator or support team

Certain data (e.g., academic records) may be retained despite deletion requests where legally or contractually required.

6. Backup and Disaster Recovery Data

• - Backups are retained for up to 90 days
• - Deleted data may persist in backups until they are automatically overwritten
• - Backup data is securely stored and access-restricted

7. Security Measures
We apply appropriate technical and organizational safeguards, including:

• - Access controls
• - Encryption
• - Regular audits
• - Secure deletion procedures