Data Retention Policy
Last updated: May 18, 2025
This Data Retention Policy describes how Brelovik ("we," "us," or "our") collects, retains, and disposes of data generated through the use of our platform and services available at brelovik.com. By using our services, you acknowledge and agree to the practices described in this policy.
1. Purpose and Scope
This policy applies to all data processed by Brelovik in connection with the delivery of our chatbot analytics and performance monitoring services. It covers data belonging to registered users, account administrators, and end users whose interactions are captured through our platform.
The purpose of this policy is to ensure that data is retained only for as long as necessary to fulfil the purposes for which it was collected, to comply with applicable legal obligations, and to support legitimate business operations.
2. Categories of Data We Retain
2.1 Account and Profile Data
Data associated with user accounts, including names, email addresses, organizational details, and authentication credentials. This data is retained for the duration of the active account relationship and for a defined period following account closure.
2.2 Usage and Interaction Data
Data generated through platform interactions, including session logs, feature usage records, chatbot conversation analytics, and performance metrics. This data supports service delivery, system diagnostics, and product improvement.
2.3 Technical and System Data
Automatically collected data such as IP addresses, device identifiers, browser types, access timestamps, and error logs. This data is used for security monitoring, fraud prevention, and infrastructure management.
2.4 Communication Data
Records of communications between users and our support team, including emails and in-platform messages. This data is retained to maintain service continuity and quality assurance.
2.5 Billing and Transaction Data
Financial records associated with subscription payments, invoices, and billing history. This data is retained to satisfy accounting obligations and to resolve potential billing disputes.
3. Retention Periods
We apply the following standard retention periods to each category of data. These periods reflect the minimum time necessary to fulfil the stated purpose while balancing legal and operational requirements.
| Data Category | Retention Period | Basis for Retention |
|---|---|---|
| Account and Profile Data | Duration of account plus 24 months | Service delivery, legal obligation |
| Usage and Interaction Data | 13 months from date of capture | Analytics, performance monitoring |
| Technical and System Data | 12 months from date of capture | Security, fraud prevention |
| Communication Data | 36 months from last interaction | Support continuity, quality assurance |
| Billing and Transaction Data | 7 years from transaction date | Financial recordkeeping obligations |
| Aggregated and Anonymised Data | Indefinite | Statistical analysis, no personal data |
Retention periods may be extended where data is subject to an ongoing legal proceeding, regulatory inquiry, or dispute resolution process. In such cases, data will be preserved until the matter is fully resolved.
4. Data Minimisation
We collect only the data that is necessary for the specific purposes described in our Privacy Policy. We do not retain data beyond the periods outlined in this policy unless a legitimate legal or operational basis requires extended retention. Periodic reviews are conducted to identify and remove data that has exceeded its applicable retention period.
5. Deletion and Disposal
5.1 Automated Deletion
Where technically feasible, data deletion is automated upon expiry of the applicable retention period. Automated processes are scheduled to run on a regular basis to ensure timely removal of expired data from active systems.
5.2 Manual Review
Certain categories of data, particularly those subject to legal holds or complex processing relationships, are subject to manual review prior to deletion. Our data management team conducts these reviews according to a defined schedule.
5.3 Secure Disposal
All data disposal is carried out using methods designed to prevent recovery or reconstruction of deleted information. This includes secure overwriting of digital records and, where applicable, certified destruction of physical media.
5.4 Backup Systems
Data retained in backup systems may persist beyond the primary retention period due to the nature of backup architecture. Backup data is subject to its own deletion cycle and is not used for active processing purposes. Backups are purged according to a rolling schedule that does not exceed the primary retention period by more than 90 days under normal circumstances.
6. Account Closure and Data Removal
When an account is closed, whether by user request or due to non-payment or policy violation, the following process applies:
- Active account data is flagged for deactivation upon closure confirmation.
- A grace period of 30 days is applied during which account restoration remains possible.
- Following the grace period, personal data is scheduled for deletion in accordance with the retention periods specified in Section 3.
- Aggregated or anonymised data derived from the account may be retained indefinitely as it no longer constitutes personal data.
- Billing and transaction records are retained for the period required under applicable financial recordkeeping standards regardless of account status.
Users wishing to request early deletion of their data prior to the expiry of standard retention periods may submit a request as described in Section 9 of this policy. Such requests are evaluated on a case-by-case basis and may be subject to limitations where legal or contractual obligations require continued retention.
7. Third-Party Data Processors
We engage third-party service providers to assist in delivering our platform. These providers may process data on our behalf and are bound by contractual obligations that require them to retain and dispose of data in a manner consistent with this policy. We conduct due diligence on third-party processors to confirm that their data handling practices meet our standards.
Where a third-party processor retains data independently for their own purposes, that retention is governed by their own applicable policies. We encourage users to review the privacy and data retention policies of any third-party services they interact with through our platform.
8. Data Held for Legal and Compliance Purposes
Certain data may be retained beyond standard periods where required to:
- Comply with a legal obligation imposed by applicable law or regulation
- Respond to a lawful request from a governmental or regulatory authority
- Establish, exercise, or defend legal claims
- Prevent fraud or protect the security and integrity of our platform
- Fulfil contractual obligations to enterprise clients or partners
In all such cases, retention is limited to the data strictly necessary for the stated purpose and is subject to review upon resolution of the underlying matter.
9. Your Rights Regarding Retained Data
Depending on your location and applicable law, you may have rights in relation to data we hold about you. These may include the right to access, correct, or request deletion of your personal data, the right to object to or restrict certain processing activities, and the right to receive a copy of your data in a portable format.
To exercise any of these rights, please contact us using the details provided below. We will respond to all verified requests within a reasonable timeframe and in accordance with our obligations under applicable law.
Please note that certain rights may be limited where retention is required by law or where deletion would conflict with a legitimate legal or contractual obligation.
10. Policy Review and Updates
This policy is reviewed at least annually and updated as necessary to reflect changes in our data practices, applicable legal requirements, or the nature of our services. When material changes are made, we will notify active users through the platform or by email prior to the changes taking effect.
Continued use of our services following notification of updates constitutes acceptance of the revised policy. We encourage users to review this policy periodically to remain informed of how we manage retained data.
11. Contact Information
If you have questions about this Data Retention Policy or wish to submit a data rights request, please contact us:
Brelovik
4921 Beardsley Ave, Lacombe, AB T4L 1Y9, Canada
Email: [email protected]
Phone: +1 514 395 9101
Website: brelovik.com