Data Retention & Deletion Policy

Launch offer: Certificates are currently free when you create a free account and log in. Log in for free access

Data Retention & Deletion Policy

1. Purpose

This policy explains how Mecourse Lifelong Learning ("Mecourse", "we", "our", or "us") keeps, deletes, or de-identifies personal data connected with the Mecourse Lifelong Learning website ("Website").

We aim to keep personal data only for as long as we need it for the purposes described in our Privacy Policy, while also preserving limited records where needed for CPD certificate verification, regulatory evidence, accounting, fraud prevention, disputes, security, or legal obligations.

2. Scope

This policy applies to personal data held in Mecourse systems, including:

  • learner accounts and login records;
  • course progress, assessment attempts, page views, reflections, and PDP entries;
  • CPD certificates, certificate codes, QR verification links, expiry dates, and certificate snapshots;
  • feedback, enquiries, error reports, and support messages;
  • technical, session, security, and audit records;
  • payment, refund, dispute, and certificate-access records where paid access is introduced;
  • certificate PDF download events where certificate download tracking is enabled.

3. Retention principles

We use the following principles when deciding how long to keep data:

  • we keep personal data only where there is a continuing reason to keep it;
  • we keep enough certificate information to support CPD verification and evidence requirements;
  • we delete, de-identify, or anonymise personal data where it is no longer needed;
  • we keep some records for longer where needed for legal, accounting, dispute, security, fraud prevention, audit, or service-integrity purposes;
  • we avoid promising fixed deletion mechanics where the practical process depends on the system, backup cycle, third-party provider, or legal context.

4. Learner accounts and ordinary learning data

Learner account data and ordinary learning data may be kept while the account remains open.

Where an account becomes inactive and there is no active certificate, support, payment, dispute, legal, or security reason to keep the data for longer, ordinary learning data is normally retained for up to seven years from the user's last recorded site activity.

Ordinary learning data may include course progress, course page views, assessment attempts, answers, scores, and completion records.

5. CPD certificate records

CPD certificate records may be retained for the lifetime of the Website where reasonably needed to support certificate verification, regulatory evidence, audit, fraud prevention, dispute handling, or legal obligations.

Certificate records may include the learner name shown on the certificate, course title, award date, expiry date, certificate code, QR code or verification link, certificate status, and certificate snapshot.

Expired certificates may remain verifiable, but they should be treated as expired from the expiry date shown on the certificate.

Where certificate access has been unlocked, we may retain unlock records so that previously unlocked certificates remain available to the account holder.

6. Account deletion requests

Users may ask us to delete or close their account by contacting [email protected].

When we process an account deletion request, we will delete, de-identify, or disable ordinary account data where practical and where we no longer need it. This may include replacing direct identifiers, such as the account email address, so the account is no longer an ordinary active user account.

Account deletion does not always mean that every record connected with the account can be immediately erased. We may retain limited records where needed for certificate verification, regulatory evidence, accounting, fraud prevention, disputes, security, legal obligations, or the establishment, exercise, or defence of legal claims.

If we retain limited certificate records after account deletion, those records are kept for verification and evidence purposes, not to operate the deleted account as an active learner account.

7. Reflections and PDP entries

Reflections and personal development plan entries are user-authored learning notes.

On account deletion, we will normally delete or de-identify reflections and PDP entries unless we need to retain specific records for a live support issue, dispute, legal obligation, security issue, or legal claim.

8. Feedback, enquiries, and support messages

Feedback, error reports, enquiries, and support messages may be retained for as long as needed to respond to the matter, improve the Website, investigate issues, maintain records of important decisions, prevent misuse, or protect our rights.

When these records are no longer needed in identifiable form, we may delete them or retain anonymised or aggregated information for service improvement and reporting.

9. Payment, refund, and dispute records

Where paid certificate access is introduced, payment and purchase records may be retained for as long as needed for accounting, tax, access management, receipts, refunds, disputes, fraud prevention, support, audit, and legal purposes.

These records may include Stripe reference IDs, payment amount, currency, payment status, paid date, price or offer identifiers, access entitlement records, refund records, dispute records, and related support messages.

Mecourse does not receive or store full card numbers or card security codes/CVC. Payment card handling is carried out by Stripe.

10. Certificate PDF download events

Where certificate PDF download tracking is enabled, download events may be retained where needed for access control, technical troubleshooting, service-use assessment, refund decisions, fraud prevention, dispute handling, and audit.

A download event may record the certificate, user account, course, language, download source, and download time.

When identifiable download records are no longer needed, we may delete them or retain anonymised or aggregated counts.

11. Technical, security, and audit records

Technical, session, security, and audit records may be retained for as long as needed to operate the Website, diagnose faults, protect accounts, investigate misuse, preserve system integrity, comply with legal obligations, and support audit or security review.

Retention periods for logs may vary depending on the system, hosting provider, database, email provider, payment provider, backup process, and the nature of the security risk.

12. Backups and third-party systems

When data is deleted or de-identified in live systems, copies may remain temporarily in backups, logs, caches, or third-party systems until they are overwritten, expire, or are deleted through the relevant provider's process.

If a backup is restored, we will take reasonable steps to reapply deletion or de-identification requests where still required and practicable.

13. If the service closes

If Mecourse closes or materially reduces the Website, we may retain limited records after closure where needed for certificate verification, regulatory evidence, accounting, tax, refunds, disputes, fraud prevention, security, legal obligations, or legal claims.

Where reasonably practicable, we will give users reasonable notice of significant service closure arrangements that affect access to accounts or certificates.

14. Review and updates

We may update this policy from time to time to reflect changes in the Website, the law, our systems, or our retention practices. Updated versions will be published on the Website.

15. Contact

To ask a question about retention or deletion, or to request account deletion, please contact [email protected].

Site Policies

Media Credits