Data Retention Policy

ETHICCRED DATA RETENTION POLICY

1. Purpose

This Policy describes how EthicCred collects, stores, retains, archives, restricts, deletes, and manages information maintained through the Platform. It forms part of the Terms of Service, Privacy Policy, Consent & Verification Policy, and related policies.

2. Objectives

Retention supports maintaining professional passports, preserving verification integrity, preventing fraud, supporting dispute resolution, maintaining audit trails, protecting users and organisations, meeting legal obligations, ensuring platform security, and preserving professional history.

3. Retention Principles

EthicCred may retain information only for legitimate business, operational, security, legal, verification, fraud-prevention, compliance, historical, and platform-integrity purposes. Retention periods vary by data type, legal requirements, user requests, platform needs, security considerations, and dispute status.

4. Account Information

Active accounts: retained while account remains active. Closed accounts: may be retained for up to 10 years following account closure for fraud prevention, security, audit, compliance, legal, and verification purposes.

5. Professional Passport Records

Employment, internship, volunteer, educational, training, achievement, recommendation, conduct, and experience records may be retained indefinitely unless removal is legally required, records are proven fraudulent, or applicable laws require deletion. Long-term retention preserves professional history and verification integrity.

6. Certificates

Certificates may be retained indefinitely to support long-term verification, fraud prevention, and historical authenticity. Revoked certificates may continue to be retained with revocation status.

7. Audit Logs

Profile access, verification activity, certificate issuance, updates, administrative actions, and security events — minimum 10 years, longer where required for security, fraud prevention, legal obligations, investigations, or platform integrity.

8. Verification Logs

Verification requests, results, viewer information, timestamps, and consent records — minimum 10 years. EthicCred may retain longer where necessary to protect platform integrity or comply with law.

9. Consent Records

Verification consent, sharing permissions, certificate acceptance, and data processing consent — minimum 10 years after consent withdrawal or account closure.

10. Security Logs

Login history, device information, IP addresses, security alerts, and authentication events — minimum 5 years. Longer retention may apply for fraud prevention, investigations, security incidents, or legal compliance.

11. Dispute Records

Complaints, evidence, investigations, decisions, and communications — minimum 10 years after dispute closure.

12. Fraud and Enforcement Records

Fraud investigations, account abuse, certificate fraud, impersonation incidents, and enforcement actions may be retained indefinitely where necessary to protect platform integrity, prevent repeat abuse, and maintain security.

13. Backups

EthicCred may maintain encrypted backup copies. Deleted information may remain within backup systems until backup rotation cycles complete.

14. Account Deletion Requests

Subject to legal obligations, audit requirements, verification integrity, active disputes, fraud investigations, and compliance. EthicCred may anonymise, restrict, archive, or retain certain records.

15. Record Archiving

EthicCred may archive inactive records for operational efficiency. Archived records remain available for verification, security, compliance, fraud prevention, and historical reference.

16. Legal Holds

EthicCred may suspend deletion where records are subject to litigation, government requests, regulatory inquiries, court orders, or internal/security investigations.

17. International Data Storage

Information may be stored, backed up, processed, or archived in multiple jurisdictions where EthicCred or its service providers operate.

18. Deletion Methods

Where deletion is appropriate, EthicCred may delete, anonymise, de-identify, restrict access, archive, or remove public visibility.

19. No Guarantee of Immediate Deletion

Deletion may not be immediate due to technical processes, backup systems, security, legal obligations, or fraud-prevention requirements.

20. Platform Integrity Exception

Where necessary to maintain verification integrity, auditability, fraud prevention, certificate authenticity, platform trust, and historical record validation, EthicCred may retain limited historical records even after account closure, subject to applicable law.

21. Policy Changes

EthicCred may update this Policy periodically. Continued use constitutes acceptance.

22. Contact

Questions regarding data retention, deletion, archiving, privacy, compliance, or record management may be directed to EthicCred through official legal, privacy, or support contact channels.