Data Retention Policy
Last Updated: July 26, 2025
This Data Retention Policy describes how Nexapulse ("we", "us", or "our") collects, retains, and disposes of personal data and other information in connection with the operation of nexapulse.sbs and related services. This policy applies to all users, participants, and visitors of our platform.
1. Purpose
We retain data only for as long as necessary to fulfill the purposes for which it was collected, to comply with legal and regulatory obligations, to resolve disputes, and to enforce our agreements. This policy establishes clear standards for how long different categories of data are kept and how they are securely removed when no longer needed.
2. Scope
This policy applies to all personal data and operational data processed by Nexapulse, including data collected through our website, learning platform, registration forms, communication channels, and third-party integrations. It covers data stored in any format — electronic, cloud-based, or archived.
3. Categories of Data and Retention Periods
We classify data into the following categories, each with defined retention periods:
| Data Category | Examples | Retention Period | Basis |
|---|---|---|---|
| Account and Registration Data | Name, email address, username, password hash | Duration of account plus 3 years after closure | Contractual obligation, legitimate interest |
| Participation and Learning Records | Seminar attendance, progress, submissions, certificates | 5 years from last activity | Legitimate interest, user benefit |
| Payment and Transaction Data | Invoice records, payment confirmation, billing details | 7 years from transaction date | Legal and financial compliance |
| Communication Records | Support emails, chat logs, feedback submissions | 3 years from last communication | Legitimate interest, dispute resolution |
| Technical and Log Data | IP addresses, session logs, error reports, access logs | 12 months | Security, service integrity |
| Marketing and Consent Data | Newsletter subscriptions, opt-in records | Until consent is withdrawn plus 2 years | Consent, compliance record-keeping |
| Cookie and Tracking Data | Analytics identifiers, session cookies | Up to 13 months | Consent, legitimate interest |
| User-Generated Content | Discussion posts, uploaded files, project submissions | Duration of account plus 2 years after closure | Legitimate interest, contractual |
4. Criteria Used to Determine Retention Periods
Where specific retention periods are not defined by law or contract, we determine appropriate periods based on the following criteria:
Purpose fulfillment: Data is kept only as long as necessary to fulfill the original purpose of collection, such as delivering a service or responding to a request.
Legal obligations: Certain data must be retained for minimum periods to satisfy financial, tax, or regulatory requirements.
Legitimate interests: We may retain data longer where we have a genuine operational interest, such as improving service quality, defending legal claims, or maintaining security records.
User consent: Where processing is based on consent, data is retained until that consent is withdrawn, subject to any legal minimum periods.
Volume and sensitivity: More sensitive categories of data are subject to shorter retention windows and stricter access controls.
5. Data Deletion and Anonymization
5.1 Deletion Process
When a retention period expires, data is either securely deleted or anonymized so that it can no longer be linked to an identifiable individual. Deletion is carried out through secure erasure methods appropriate to the storage medium.
5.2 Anonymization
In cases where aggregate or statistical data remains useful for service improvement or research, we may anonymize data rather than delete it. Anonymized data is stripped of all identifiers and cannot be used to re-identify any individual. Such data falls outside the scope of this policy once anonymization is complete.
5.3 Backups
Data included in system backups is subject to the same retention standards. Backup archives are cycled and purged according to our infrastructure schedule, which is aligned with the retention periods described in this policy. Residual copies in backup systems may persist for up to 90 days beyond the primary deletion date.
6. Account Closure and User-Initiated Deletion
When a user closes their account or requests deletion of their data, we initiate removal of personal data within 30 days, subject to the following exceptions:
Legal holds: Data subject to an active legal obligation, dispute, or regulatory inquiry will be retained until the matter is resolved.
Financial records: Transaction and billing data must be retained for the full legally required period regardless of account status.
Anonymized records: Data that has been fully anonymized prior to a deletion request is not within scope of that request.
Users may submit a deletion request by contacting us at help@nexapulse.sbs or by writing to us at 709 Avenue du Parc, Sherbrooke, QC J1N 3N3, Canada.
7. Third-Party Data Processors
We work with third-party service providers who process data on our behalf, including hosting providers, payment processors, and analytics services. All third-party processors are required to adhere to data retention standards consistent with this policy and to delete or return data upon termination of their engagement with us. We conduct periodic reviews of processor compliance.
8. Data Security During Retention
Throughout the retention period, all data is protected by appropriate technical and organizational security measures. These include access controls, encryption at rest and in transit, audit logging, and regular security assessments. Access to retained data is restricted to personnel who require it for defined operational purposes.
9. Special Categories of Data
If we process any data that is considered sensitive — such as data relating to health, identity documents, or financial account details beyond standard billing — such data is subject to stricter retention limits and is deleted as soon as the purpose for processing has been fulfilled, unless a longer period is strictly required by law.
10. Retention Review
We conduct an internal review of this policy and our data inventory at least once per year. Retention schedules are updated as needed to reflect changes in legal requirements, business operations, and industry best practices. Any material changes to this policy will be communicated to users through our platform or by direct notification.
11. Contact
For questions about this Data Retention Policy, to request information about data held about you, or to submit a deletion request, please contact us:
Email: help@nexapulse.sbs
Phone: +1 450 374 9088
Address: 709 Avenue du Parc, Sherbrooke, QC J1N 3N3, Canada
We will respond to all legitimate inquiries within 30 days of receipt.