Data Retention Policy
Last Updated: October 13, 2025
This Data Retention Policy describes how Novabelu ("we," "us," or "our") collects, stores, and deletes personal data and other information obtained through the use of our platform and services available at novabelu.com. By using our services, you acknowledge the practices described in this policy.
1. Purpose and Scope
This policy applies to all personal data and user-generated content processed by Novabelu in connection with the delivery of our online seminar platform and related services. It covers data collected from registered users, visitors, instructors, and any other individuals who interact with our services.
The purpose of this policy is to ensure that data is:
- Retained only for as long as necessary to fulfil the purposes for which it was collected
- Stored securely and protected from unauthorised access or disclosure
- Deleted or anonymised in a consistent and documented manner once retention periods expire
- Managed in accordance with applicable data protection principles
2. Categories of Data We Retain
2.1 Account and Registration Data
This includes information provided when creating an account, such as name, email address, and authentication credentials. This data is retained for the duration of the active account and for a defined period following account closure.
2.2 Usage and Activity Data
This includes records of platform interactions, session attendance, course progress, assessment results, and feature usage logs. This data supports service delivery, personalisation, and platform improvement.
2.3 Communications Data
This includes messages sent through platform communication tools, support requests, and correspondence with our team. Retention supports dispute resolution, quality assurance, and service continuity.
2.4 Payment and Billing Data
Transaction records, invoices, and billing history are retained to satisfy financial recordkeeping obligations and to support refund or dispute processes.
2.5 Technical and Log Data
Server logs, IP addresses, device identifiers, and error reports are collected automatically. This data is used for security monitoring, fraud prevention, and platform diagnostics.
2.6 User-Generated Content
This includes discussion posts, submitted assignments, uploaded files, and seminar contributions made by users on the platform.
3. Retention Periods
We apply retention periods based on the nature and purpose of the data. The following table outlines our standard retention schedule:
| Data Category | Retention Period | Basis for Retention |
|---|---|---|
| Account and registration data | Duration of account + 2 years after closure | Service delivery, legal claims |
| Usage and activity data | 2 years from date of activity | Service improvement, analytics |
| Communications data | 3 years from date of communication | Dispute resolution, quality assurance |
| Payment and billing data | 7 years from transaction date | Financial and tax obligations |
| Technical and log data | 12 months from collection | Security monitoring, diagnostics |
| User-generated content | Duration of account + 1 year after closure | Platform functionality, user access |
| Support and helpdesk records | 3 years from case closure | Service quality, legal claims |
Retention periods may be extended where required by applicable law, ongoing legal proceedings, regulatory obligations, or legitimate business necessity. In such cases, data will be retained only to the extent and for the duration required.
4. Data Deletion and Anonymisation
4.1 Deletion Process
Upon expiry of a retention period, data is either permanently deleted from our systems and backups or irreversibly anonymised so that it can no longer be associated with an identifiable individual. Deletion is carried out in a secure manner that prevents recovery or reconstruction.
4.2 Backup Systems
Data held in backup systems may persist for a limited additional period beyond the primary retention period due to the nature of backup cycles. Such data is not actively accessed and is subject to deletion on the next applicable backup rotation.
4.3 Anonymised Data
Where data is anonymised rather than deleted, the resulting data set contains no information that could reasonably be used to identify any individual. Anonymised data may be retained indefinitely for statistical, research, or service improvement purposes.
5. Account Closure and Data Removal Requests
5.1 Account Closure
When a user closes their account, we initiate the process of removing personal data in accordance with the retention periods set out in this policy. Some data may be retained beyond account closure where required for legal, financial, or security purposes as described above.
5.2 Right to Erasure
Users may submit a request for deletion of their personal data by contacting us at [email protected]. We will assess each request and respond within a reasonable timeframe. Requests may be subject to limitations where retention is required by law or where the data is necessary for the establishment, exercise, or defence of legal claims.
5.3 Verification
To protect user privacy, we may require identity verification before processing a deletion request. We will not action requests from parties who cannot be verified as the data subject or an authorised representative.
6. Data Storage and Security
All retained data is stored using industry-standard security measures, including encryption at rest and in transit, access controls, and regular security assessments. Access to personal data is restricted to personnel who require it to perform their duties.
We engage third-party service providers to assist in delivering our platform. These providers are contractually required to handle data in accordance with our instructions and applicable data protection standards, and to apply equivalent retention and deletion practices.
7. Third-Party Data Processors
Where personal data is shared with or processed by third-party vendors, those vendors are required to retain data only for the period necessary to fulfil the contracted service and to delete or return data upon termination of the service agreement. We conduct due diligence on third-party processors to confirm appropriate data handling practices.
8. Legal Holds and Regulatory Obligations
In circumstances where data becomes subject to a legal hold — such as pending litigation, regulatory inquiry, or audit — the standard retention periods described in this policy are suspended for the affected data. Such data will be preserved until the legal hold is lifted, after which normal retention and deletion procedures will resume.
9. Policy Review and Updates
We review this Data Retention Policy periodically and update it as necessary to reflect changes in our data practices, applicable legal requirements, or the nature of our services. The date of the most recent revision is noted at the top of this document. Continued use of our services following any update constitutes acceptance of the revised policy.
Material changes will be communicated to registered users through the platform or by email prior to taking effect.
10. Contact Information
If you have questions about this policy, wish to exercise your data rights, or need to report a concern regarding data retention practices, please contact us:
- Email: [email protected]
- Phone: +1 800 567 3855
- Postal address: 20 Saigon St, Guelph, ON N1K 0B4, Canada
- Website: novabelu.com
We aim to respond to all data-related enquiries within 30 days of receipt.