Data Retention Policy

Last Updated: December 21, 2025

This Data Retention Policy explains how Braveli ("we," "us," or "our") retains, stores, and deletes personal data and other information collected through our platform and services.

---

1. Purpose and Scope

This policy applies to all data collected, processed, and stored by Braveli, including personal data of users, participants, instructors, and visitors. We retain data only as long as necessary to fulfill the purposes outlined in our Privacy Policy and to comply with legal obligations.

2. Types of Data We Retain

We retain the following categories of data:

• Account Information: Name, email address, password (encrypted), profile details, and account preferences
• Educational Data: Seminar enrollments, participation records, discussion contributions, and learning progress
• Communication Data: Messages, support inquiries, feedback submissions, and correspondence
• Technical Data: IP addresses, browser types, device information, and access logs
• Payment Information: Transaction records, billing addresses, and payment method details (processed through third-party providers)
• Usage Data: Platform interaction patterns, feature usage, and session information

3. Retention Periods

3.1 Active User Accounts

Data associated with active user accounts is retained for the duration of the account's active status and for the periods specified below after account closure or inactivity.

3.2 Specific Retention Timeframes

• Account Data: Retained for 3 years after account closure or last activity
• Educational Records: Retained for 7 years after seminar completion to maintain academic integrity and provide transcripts
• Payment Records: Retained for 7 years to comply with accounting and tax requirements
• Communication Logs: Retained for 2 years after the last interaction
• Technical and Access Logs: Retained for 12 months for security and troubleshooting purposes
• Marketing Data: Retained until consent is withdrawn or for 2 years of inactivity
• Legal Hold Data: Retained indefinitely when subject to legal obligations, disputes, or investigations

3.3 Inactive Accounts

Accounts with no activity for 24 consecutive months are considered inactive. We may send notification emails before deleting inactive accounts. Users may reactivate accounts by logging in during the notice period.

4. Legal and Regulatory Compliance

We retain certain data to comply with legal obligations, including:

• Tax and accounting regulations requiring financial record retention
• Educational record-keeping requirements
• Consumer protection laws
• Data protection regulations
• Contractual obligations with users and partners

When legal requirements mandate longer retention periods than specified in this policy, we retain data for the legally required duration.

5. Data Deletion Process

5.1 Automated Deletion

Our systems automatically identify and delete data that has exceeded its retention period. Automated deletion processes run regularly to ensure compliance with this policy.

5.2 Manual Deletion Requests

Users may request deletion of their personal data by contacting us at [email protected]. We will process deletion requests within 30 days, subject to:

• Verification of identity
• Legal obligations requiring data retention
• Legitimate business interests (such as fraud prevention)
• Ongoing disputes or legal proceedings

5.3 Deletion Methods

When data is deleted, we employ secure deletion methods including:

• Permanent removal from active databases
• Overwriting data to prevent recovery
• Deletion from backup systems within 90 days
• Destruction of physical media when applicable

6. Data Archival

Certain data may be moved to secure archival storage before final deletion. Archived data:

• Is stored in restricted-access systems
• Cannot be accessed for operational purposes
• Is retained only for legal compliance or dispute resolution
• Is subject to the same security standards as active data

7. Exceptions to Deletion

We may retain certain data beyond standard retention periods when:

• Required by law or regulatory authority
• Necessary for legal claims, disputes, or litigation
• Needed to protect our rights, property, or safety
• Essential for fraud prevention and security
• Anonymized for statistical or research purposes

8. Third-Party Data Processors

Third-party service providers processing data on our behalf maintain their own retention policies. We require contractual commitments from processors to:

• Retain data only as long as necessary for service provision
• Delete data upon our instruction
• Comply with applicable data protection laws
• Implement secure deletion practices

9. Anonymized and Aggregated Data

We may retain anonymized and aggregated data indefinitely for:

• Statistical analysis and research
• Service improvement and development
• Business intelligence and reporting
• Industry benchmarking

Anonymized data cannot be used to identify individual users and is not subject to deletion requests.

10. Backup and Disaster Recovery

Data in backup systems may persist beyond active system deletion for up to 90 days. Backup data:

• Is stored securely with restricted access
• Is used only for disaster recovery purposes
• Is not accessible for operational use
• Is automatically overwritten according to backup rotation schedules

11. User Rights Regarding Data Retention

Users have the right to:

• Request information about data retention periods
• Request deletion of personal data (subject to legal exceptions)
• Withdraw consent for data processing
• Object to data retention for specific purposes
• Receive confirmation when data has been deleted

To exercise these rights, contact us at [email protected].

12. Changes to Retention Periods

We may update retention periods to reflect:

• Changes in legal requirements
• Evolving business practices
• Technological developments
• User feedback and requests

Material changes to retention periods will be communicated through our platform and by email to active users.

13. Data Minimization

We practice data minimization by:

• Collecting only necessary data for stated purposes
• Regularly reviewing data collection practices
• Deleting unnecessary data promptly
• Limiting access to retained data

14. Contact Information

For questions about our data retention practices or to exercise your rights:

Email: [email protected]
Phone: +27 72 942 5012
Address: 550 Itumeleng St, Powerville, Vereeniging, 1939, South Africa

15. Review and Updates

This Data Retention Policy is reviewed annually and updated as necessary. The "Last Updated" date at the top of this policy reflects the most recent revision.

---

Acknowledgment: By using Braveli's services, you acknowledge that you have read and understood this Data Retention Policy and agree to the retention and deletion practices described herein.