​​Data Retention Policy

Breakout Learning Inc.

Purpose

This policy outlines the requirements and controls/procedures Breakout Learning Inc. has implemented to manage the retention and deletion of customer and employee data.

Policy

For Customers

• “Student Data”: Data related to students.
• “Instructor Data”: Data related to professors and instructors.
• Retention of Student Data:
  Student data is retained based on the business needs of institutions and their instructors, as well as Breakout Learning’s need to preserve valuable data used for training the AI models in its product offerings. Student data is part of the respective Instructor Data.
• Account Closure:
  Instructors may request to close their account. Instructors must download their data before making such a request, as Breakout Learning reserves the right to delete all data within 30 days of the request, though this may occur immediately.
• Involuntary Suspension:
  If a customer account is involuntarily suspended, there is a 15-day grace period during which the account is inaccessible but can be reopened if the customer resolves any terms of service violations.

For Employees

• Retention of Employee Data:
  Employee data is retained in accordance with legal, regulatory, and contractual obligations. The retention period is determined by Breakout Learning’s Data Retention Policy, and all employee data will be securely stored and accessed by authorized personnel only.

Backups and Logs

• Backups:
  Breakout Learning Inc. takes regular backups of production data, including customer and employee data. Backups are encrypted and stored securely on cloud platforms, following strict access controls to ensure data integrity.
• Logs:
  Logs related to customer and employee data processing are retained and reviewed regularly to ensure compliance with applicable regulations. These logs include access logs, modification logs, and data deletion logs.

Disposal Process

Hardcopy Disposal

• Disposal of Hardcopies:
  If any data exists in hardcopy form, it will be securely destroyed using cross-cut shredding or certified destruction services to prevent unauthorized access or recovery of sensitive information.

Sensitive Data on Hardware

• Disposal of Hardware:
  Sensitive data stored on hardware will be permanently erased using data-wiping tools before the hardware is decommissioned or disposed of. In cases where hardware cannot be wiped, it will be physically destroyed to prevent data recovery.

Deletion Protection for Cloud Resources

Breakout Learning Inc. implements deletion protection mechanisms for all cloud resources to prevent accidental or malicious deletions. This includes role-based access controls (RBAC), deletion confirmation workflows, regular backups, and logging of deletion activities. In the event of unauthorized deletion, Breakout Learning retains the ability to restore data from backup systems.

Revision History