1. Retention Mission Statement

Nexly.biz (the “Company”) is committed to the principle of "Data Minimization." Our mission is to retain information only for as long as it provides legitimate business value or is mandated by judicial requirements. By maintaining a lean data footprint, we minimize institutional risk and maximize user privacy.

2. Structural Scope

This policy governs the entire lifecycle of data within the Nexly network, from initial ingestion and active processing to archival and permanent forensic disposal. It covers all data tiers, including user PII, financial ledgers, and technical system logs.

3. Core Retention Principles

• Compliance: Adhering to federal and international (GDPR) mandates for data durability.
• Minimization: Actively purging nodes that no longer serve a primary or secondary business function.
• Accountability: Ensuring every retention period is backed by a specific internal or external requirement.

4. Master Retention Schedule

Standard retention windows for primary information categories at Nexly:

5. Archival vs. Deletion

Data that is no longer in active use but must be retained is moved to "Cold Storage." These archival nodes are cryptographically locked and disconnected from primary compute APIs, significantly reducing their threat surface while maintaining availability for legal discovery.

6. User Data Rights & "Right to be Forgotten"

Nexly respects user autonomy. Upon a valid "Right to Erasure" request, we will purge all personal identifiers within 30 days, unless a superseding legal obligation (e.g., a criminal investigation or active tax audit) requires their retention.

7. Judicial Legal Holds

In the event of litigation or a government investigation, the Nexly Legal Unit will issue a "Legal Hold." This protocol overrides all automated purge logic, ensuring that potentially relevant information is preserved indefinitely until the hold is formally released.

8. Forensic Data Disposal Protocol

At the end of a retention window, nodes must be forensically destroyed. For digital assets, we utilize cryptographic erasure (deleting the master encryption key) or triple-pass overwriting to ensure $0.00% reconstructability.

9. Multi-Cloud Backup Retention

Retention policies apply to backups as well as primary storage. Our automated backup agents are programmed to follow the same minimization rules, ensuring that deleted data does not persist indefinitely in mirrored legacy clusters.

10. Governance Roles & Accountability

• Compliance Officer: Final authority on retention schedule definitions and legal hold issuance.
• DevOps Leads: Responsible for configuring the automated purge scripts and cold storage migrations.
• Audit Unit: Quarterly verification that purge cycles are functioning according to protocol.

11. Automatic Purge Logic Verification

We employ "Watchdog Seeds"—dummy data nodes with set expiry dates—to verify that our automated deletion scripts are executing correctly across the global ecosystem.

12. Global Mandates (GDPR/DORA/DPA)

This policy is harmonized with the most stringent global data durability standards, ensuring that Nexly remains a compliant and trusted destination for international students and partners.

13. Archival & Retention Desk

For inquiries regarding specific retention windows, to submit a "Right to Erasure" request, or to notify us of a potential legal hold requirement, please connect with the Archival Bureau.