Data Retention Policy
Last Updated: April 15, 2025
This Data Retention Policy explains how Helmari ("we," "us," or "our") retains, stores, and deletes personal data and other information collected through our services. This policy applies to all users of our platform and services.
Overview
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. This policy outlines our retention practices and the criteria we use to determine retention periods.
Data Categories and Retention Periods
Account Information
We retain account information, including name, email address, and profile details, for the duration of your active account plus an additional period following account closure or inactivity.
| Data Type | Retention Period | Reason |
|---|---|---|
| Active account data | Duration of account activity | Service provision |
| Closed account data | 90 days after closure | Account recovery, dispute resolution |
| Authentication logs | 12 months | Security and fraud prevention |
Course and Learning Data
Information related to course enrollment, progress, assessments, and completion is retained to maintain educational records and provide ongoing access to purchased content.
| Data Type | Retention Period | Reason |
|---|---|---|
| Course enrollment records | 7 years after completion | Educational records, certificate verification |
| Progress and completion data | 7 years after completion | Learning history, certificate issuance |
| Assignments and submissions | 3 years after course completion | Academic integrity, dispute resolution |
| Quiz and assessment results | 7 years after completion | Educational records, performance tracking |
Payment and Transaction Data
Financial information and transaction records are retained in accordance with accounting and tax requirements.
| Data Type | Retention Period | Reason |
|---|---|---|
| Payment transaction records | 7 years from transaction date | Accounting, tax compliance, refunds |
| Invoice and receipt data | 7 years from issuance | Financial records, tax requirements |
| Refund requests and records | 7 years from resolution | Financial reconciliation, disputes |
| Payment method details | Until removed by user or account closure | Recurring payments, user convenience |
Communication Records
We retain records of communications between users and our platform, including support requests and notifications.
| Data Type | Retention Period | Reason |
|---|---|---|
| Customer support tickets | 3 years after resolution | Quality assurance, dispute resolution |
| Email communications | 2 years from last message | Service delivery, communication history |
| System notifications | 90 days from delivery | Delivery confirmation, troubleshooting |
| Marketing communications | Until unsubscribe or 3 years of inactivity | Marketing preferences, compliance |
Technical and Usage Data
Technical data, including logs, analytics, and usage patterns, is retained for platform improvement and security purposes.
| Data Type | Retention Period | Reason |
|---|---|---|
| Server and access logs | 12 months | Security, troubleshooting, performance |
| Analytics and usage data | 24 months | Service improvement, trend analysis |
| Device and browser information | Duration of active session plus 90 days | Security, fraud prevention |
| Cookie data | As specified in cookie settings | Functionality, preferences, analytics |
User-Generated Content
Content created by users, including forum posts, reviews, and comments, follows specific retention practices.
| Data Type | Retention Period | Reason |
|---|---|---|
| Forum posts and comments | Duration of account plus 1 year | Community continuity, moderation |
| Course reviews and ratings | Indefinitely unless removed | Transparency, quality feedback |
| Uploaded files and documents | Duration of course enrollment plus 1 year | Course completion, reference materials |
| Profile information and bio | Duration of active account | User identity, networking |
Retention Criteria
We determine retention periods based on the following criteria:
Legal and Regulatory Requirements
We retain data to comply with applicable laws, regulations, and legal obligations, including accounting standards, tax requirements, and record-keeping mandates.
Business and Operational Needs
Data is retained to support ongoing business operations, service delivery, customer support, and platform functionality.
Contractual Obligations
We maintain data necessary to fulfill contractual commitments, enforce terms of service, and provide purchased services.
Security and Fraud Prevention
Certain data is retained to protect against fraud, investigate security incidents, and maintain platform integrity.
User Rights and Preferences
We consider user expectations for data availability, including access to course materials, learning history, and certificates.
Data Deletion Practices
Automatic Deletion
When retention periods expire, data is automatically scheduled for deletion through our secure deletion processes. Automated systems regularly review and remove expired data according to this policy.
Secure Deletion Methods
We employ secure deletion methods to ensure data is permanently and irretrievably removed from our systems, including:
Overwriting data multiple times to prevent recovery
Removing data from all backup systems and archives
Destroying physical media when hardware is decommissioned
Documenting deletion activities for compliance verification
Anonymization
In some cases, rather than deletion, we may anonymize data by removing all personally identifiable information. Anonymized data may be retained indefinitely for analytics, research, and service improvement purposes.
Backup Systems
Data in backup systems is retained according to our backup retention schedules, typically 90 days for recent backups and up to 1 year for archival backups. Once backup retention periods expire, backups containing deleted data are permanently removed.
Extended Retention Circumstances
We may retain data beyond standard retention periods in the following circumstances:
Legal Holds and Investigations
When data is subject to legal holds, litigation, investigations, or regulatory inquiries, we preserve relevant information until the matter is resolved and legal counsel confirms retention is no longer required.
Dispute Resolution
Data related to disputes, complaints, or unresolved claims is retained until the matter is fully resolved and any applicable appeal or review periods have expired.
Fraud and Security Incidents
Information related to suspected or confirmed fraud, security breaches, or policy violations may be retained for extended periods to support ongoing investigations and prevent future incidents.
User Requests
If users specifically request extended retention of certain data, we may accommodate such requests where technically feasible and legally permissible.
Inactive Account Management
Inactivity Definition
An account is considered inactive when there has been no login activity or service usage for a continuous period of 24 months.
Inactivity Notifications
Before taking action on inactive accounts, we make reasonable efforts to notify users through email at the address associated with the account. Notifications are sent at 20 months and 23 months of inactivity.
Inactive Account Data Handling
After 24 months of continuous inactivity and notification attempts, we may:
Archive account data with reduced access
Delete non-essential data while retaining core educational records
Close the account and begin the standard account closure retention period
Reactivation
Users may reactivate inactive accounts by logging in before the account closure process is completed. Once data is deleted following the full retention period, reactivation and data recovery are not possible.
Data Portability and Export
Before data is deleted, users have the right to request and receive a copy of their personal data in a structured, commonly used format. To facilitate this:
Users may request data export at any time through account settings or by contacting us
We provide data in standard formats such as CSV, JSON, or PDF
Export requests are fulfilled within 30 days of verification
Users are notified before scheduled account closures to allow time for data export
Third-Party Service Providers
When we share data with third-party service providers, we require them to maintain data retention practices consistent with this policy. Service provider agreements include:
Specified retention periods aligned with our policies
Obligations to securely delete data when no longer needed
Restrictions on data use beyond the specified service purpose
Regular audits to verify compliance with retention requirements
Record Keeping and Compliance
Retention Documentation
We maintain internal records documenting our data retention practices, including retention schedules, deletion logs, and policy compliance reviews.
Regular Reviews
This Data Retention Policy is reviewed annually and updated as necessary to reflect changes in legal requirements, business practices, or service offerings.
Compliance Monitoring
We implement technical and organizational measures to monitor compliance with this policy, including automated systems for tracking retention periods and scheduled deletion activities.
User Rights and Requests
Users have the following rights regarding data retention:
Right to Deletion
Users may request early deletion of their personal data, subject to legal and contractual retention requirements. Requests are evaluated individually.
Right to Information
Users may inquire about the retention status of their specific data and receive information about applicable retention periods.
Right to Object
Users may object to certain data processing and retention practices. We will evaluate such objections and respond within 30 days.
How to Exercise Rights
To exercise these rights or submit retention-related inquiries, contact us at:
Email: [email protected]
Phone: +27218722604
Address: 170 Corobay Ave, Garsfontein, Pretoria, 0081, South Africa
Changes to This Policy
We may update this Data Retention Policy periodically to reflect changes in our practices, legal requirements, or service offerings. When we make material changes:
We will update the "Last Updated" date at the top of this policy
We will notify active users through email or prominent platform notices
Continued use of our services after changes become effective constitutes acceptance of the updated policy
Previous versions of this policy are available upon request
Contact Information
For questions, concerns, or requests related to this Data Retention Policy, please contact us:
Email: [email protected]
Phone: +27218722604
WhatsApp: +27218722604
Viber: +27218722604
Address: 170 Corobay Ave, Garsfontein, Pretoria, 0081, South Africa
We aim to respond to all inquiries within 5 business days.