Data Retention Policy
Last Updated: October 10, 2025
This Data Retention Policy outlines how Praskulo ("we," "our," or "us") retains, manages, and deletes personal data and other information collected through our platform and services.
1. Purpose and Scope
This policy applies to all data collected, processed, and stored by Praskulo, including:
- Personal information of users and participants
- Educational content and quiz responses
- Account and authentication data
- Usage analytics and interaction logs
- Communication records
- Technical and system logs
We retain data only as long as necessary to fulfill the purposes outlined in our Privacy Policy and to comply with legal obligations.
2. Data Categories and Retention Periods
2.1 Active User Account Data
Retention Period: Duration of active account plus 90 days after account closure
This includes:
- Profile information and credentials
- Learning progress and achievements
- Quiz results and performance metrics
- Gamification points and badges
- Preferences and settings
2.2 Educational Content and Submissions
Retention Period: Duration of active account plus 180 days
This includes:
- Quiz responses and test submissions
- Assignment completions
- User-generated content
- Feedback and comments
2.3 Communication Records
Retention Period: 3 years from last communication
This includes:
- Email correspondence
- Support ticket conversations
- Platform notifications sent
- In-platform messaging
2.4 Payment and Transaction Data
Retention Period: 7 years from transaction date
This includes:
- Purchase records and invoices
- Payment method information (tokenized)
- Subscription history
- Refund and billing records
2.5 Technical and System Logs
Retention Period: 90 days from creation
This includes:
- Server access logs
- Error and diagnostic logs
- Security event logs
- Performance monitoring data
2.6 Analytics and Usage Data
Retention Period: 24 months from collection
This includes:
- Aggregated usage statistics
- Feature interaction metrics
- Session recordings (anonymized)
- A/B testing results
2.7 Marketing and Consent Records
Retention Period: 3 years from withdrawal of consent or last interaction
This includes:
- Marketing preferences
- Consent timestamps
- Newsletter subscription records
- Campaign engagement data
2.8 Deleted Account Data
Retention Period: 30 days in recoverable state, then permanently deleted
When a user deletes their account:
- Account enters a grace period allowing recovery
- After 30 days, all personal data is permanently deleted
- Anonymized statistical data may be retained indefinitely
- Legal or compliance data retained as required
3. Extended Retention Circumstances
Data may be retained beyond standard periods when:
- Legal Obligation: Required by law, regulation, or court order
- Dispute Resolution: Involved in active legal proceedings or disputes
- Fraud Prevention: Necessary to prevent or investigate fraud or security incidents
- Archival Purpose: Required for historical or statistical purposes (anonymized)
- User Consent: User has explicitly consented to longer retention
4. Data Minimization Practices
We implement the following practices to minimize data retention:
- Regular automated review and deletion of expired data
- Collection of only essential information for service delivery
- Anonymization of data when personal identification is no longer needed
- Aggregation of historical data for analytics purposes
- Quarterly audits of retention practices and storage systems
5. Secure Deletion Procedures
5.1 Deletion Methods
When data reaches the end of its retention period, we employ:
- Digital Data: Secure deletion using industry-standard erasure methods
- Database Records: Permanent removal from production and backup systems
- Backup Systems: Deletion from backup cycles within 90 days
- Physical Media: Secure destruction or degaussing when applicable
5.2 Verification Process
We verify successful deletion through:
- Automated deletion confirmation logs
- Quarterly retention compliance audits
- Random sampling verification of deleted data
- Documentation of deletion activities
6. Backup and Archive Systems
Our backup systems follow these retention principles:
| Backup Type | Retention Period | Purpose |
|---|---|---|
| Daily Backups | 7 days | Operational recovery |
| Weekly Backups | 30 days | Short-term recovery |
| Monthly Backups | 12 months | Long-term recovery |
| Annual Archives | As per legal requirements | Compliance and historical records |
Data deleted from production systems remains in backups until the backup cycle expires naturally.
7. User Rights and Control
Users have the following rights regarding data retention:
- Access: Request information about what data we retain and for how long
- Deletion: Request early deletion of personal data (subject to legal obligations)
- Portability: Obtain a copy of retained data in portable format
- Objection: Object to retention of certain data categories
- Correction: Update or correct retained information
To exercise these rights, contact us at: help@praskulo.com
8. Third-Party Data Processing
When third-party services process data on our behalf:
- We ensure contractual agreements include retention requirements
- Third parties must comply with retention periods equivalent to or shorter than ours
- We verify deletion of data from third-party systems
- Subprocessors are audited for retention compliance
9. Special Categories of Data
9.1 Children's Data
If we knowingly collect data from users under legal age of consent:
- Retention limited to minimum necessary period
- Enhanced deletion procedures upon parental request
- Stricter minimization practices applied
9.2 Sensitive Personal Information
Any sensitive data collected (if applicable) is:
- Retained for the shortest period possible
- Subject to enhanced security measures
- Deleted immediately when purpose is fulfilled
- Never retained in backup systems beyond active use
10. Retention Schedule Review
We review and update this retention policy:
- Annually as part of privacy compliance review
- When legal or regulatory requirements change
- Following significant business model changes
- In response to user feedback or concerns
- After security incidents or data breaches
11. Anonymized and Aggregated Data
Data that has been fully anonymized or aggregated:
- May be retained indefinitely for analytical purposes
- Cannot be re-identified to individual users
- Used for service improvement and research
- Not subject to personal data retention limits
We ensure anonymization is irreversible and meets recognized standards.
12. Compliance and Legal Obligations
This retention policy complies with:
- Applicable data protection and privacy laws
- Industry-specific regulations and standards
- Financial record-keeping requirements
- Tax and accounting obligations
- Contractual commitments to users
13. Data Breach and Incident Response
In case of data breach or security incident:
- Affected data may be retained longer for investigation
- Forensic copies may be created and securely stored
- Retention extended only as necessary for resolution
- Users notified of any changes to retention periods
14. Organizational Accountability
Responsibility for data retention:
- Data Protection Officer: Oversees retention compliance
- IT Department: Implements technical deletion procedures
- Legal Team: Reviews retention requirements
- Department Managers: Ensure team compliance with policy
15. Changes to This Policy
We may update this Data Retention Policy to reflect:
- Changes in legal or regulatory requirements
- New features or services offered
- Improvements in data management practices
- User feedback and requests
Material changes will be communicated through:
- Email notification to registered users
- Prominent notice on our platform
- Update to the "Last Updated" date above
16. Contact Information
For questions about this Data Retention Policy or our data practices:
Email: help@praskulo.com
Mail:
Praskulo
Kafedralna St, 5А, 110
Zhytomyr, Zhytomyr Oblast
Ukraine, 10002
Phone: +380967392052
We will respond to inquiries within 30 days of receipt.