Home / Legal & Policies / Data Security & Retention

Data Security & Retention

📅 Last Updated: November 14, 2025 🔒 Effective Immediately 🌍 Applicable Worldwide

🛡️ Overview

At Aevum Encyclopedia, safeguarding your personal information and ensuring transparent data practices are foundational to our mission. This document outlines our comprehensive security protocols, data retention schedules, and the legal frameworks we adhere to in protecting contributor, reader, and enterprise data.

Commitment: We never sell user data. Our business model is built on open-access knowledge, premium institutional subscriptions, and ethical AI development. Your data stays yours.

🔐 Data Security Practices

We implement industry-leading technical and organizational measures to protect data against unauthorized access, alteration, disclosure, or destruction.

  • Encryption: All data in transit is secured via TLS 1.3. Data at rest is encrypted using AES-256 standards across all primary and backup storage systems.
  • Access Control: Role-based access control (RBAC) and multi-factor authentication (MFA) are enforced for all administrative and developer systems. Access logs are audited continuously.
  • Infrastructure: Hosted on SOC 2 Type II certified cloud providers with geographically distributed data centers. Regular penetration testing and vulnerability assessments are conducted quarterly.
  • AI & Processing Security: AI model training and inference pipelines operate in isolated environments. User prompts and search queries are anonymized before any analytical processing.

📅 Data Retention Policy

We retain data only as long as necessary to fulfill its intended purpose, comply with legal obligations, or resolve disputes. Retention periods are strictly enforced by automated lifecycle management systems.

Data Category Purpose Retention Period Disposition
Account & Profile Data Service delivery, personalization Active + 24 months post-deactivation Secure deletion or anonymization
Editorial & Contribution Logs Version control, peer review, attribution Indefinite (anonymized after 5 years) Preserved for academic integrity
Search & Usage Analytics Platform improvement, trend analysis 18 months Aggregated & anonymized
Payment & Billing Records Invoice generation, tax compliance 7 years Secure archival, then deletion
Support & Communication Logs Ticket resolution, user assistance 36 months Secure deletion

👤 Your Rights & Control

Depending on your jurisdiction, you may be entitled to the following data rights. Aevum Encyclopedia supports all legally recognized requests:

  • Right to Access: Request a copy of all personal data we hold about you.
  • Right to Rectification: Update or correct inaccurate or incomplete information.
  • Right to Erasure: Request deletion of your account and associated data, subject to legal retention requirements.
  • Right to Portability: Export your data in a machine-readable, standard format (JSON/CSV).
  • Right to Opt-Out: Disable personalized analytics, marketing communications, and AI-enhanced features at any time.

To exercise these rights, use your account dashboard or contact our Data Protection Officer directly. All requests are processed within 30 days.

🌍 Compliance & Certifications

Aevum Encyclopedia operates in full compliance with global data protection standards:

  • General Data Protection Regulation (GDPR) – EU/EEA
  • California Consumer Privacy Act (CCPA/CPRA) – California, USA
  • Personal Information Protection Law (PIPL) – China
  • ISO/IEC 27001 & 27701 Information Security Management
  • SOC 2 Type II Certified (Security & Privacy Trust Services Criteria)

Questions About Data Security?

Our privacy and security team is available to assist with compliance requests, vendor assessments, or general inquiries.

📧 Contact DPO Team