Tillbaka till startsidan

Behandlingsregister och gallring

Senast uppdaterad: juni 2026


Rättslig grund enligt GDPR artikel 6 och standardperioder för gallring.

Personuppgiftsansvarig

Coursfy är ansvarig för konsumentkonton. Akademiägare är ansvariga för medlemsdata; Coursfy är personuppgiftsbiträde enligt DPA.

Dina rättigheter

Tillgång, rättelse, radering, begränsning, portabilitet och invändning — via Inställningar → Integritet eller privacy@coursfy.com.

Register över rättslig grund

AktivitetUppgiftskategorierRättslig grundGallring
Account registration & authenticationName, email, password hash, IP, user agentContract (Art. 6(1)(b)) — necessary to provide the serviceUntil account deletion + 30 days operational backup
Academy membership & course enrolmentProfile, progress, payment referencesContract (Art. 6(1)(b))Duration of membership + statutory accounting periods
Payment processingBilling metadata via Stripe; no full PAN on CoursfyContract + legal obligation (tax/accounting)Per Stripe and local accounting law (typically 7 years for invoices)
Marketing newsletterEmail, consent timestampConsent (Art. 6(1)(a)) — withdraw anytimeUntil unsubscribe or 24 months inactivity
Analytics / error monitoring (Sentry)Pseudonymous events, scrubbed stack tracesConsent (Art. 6(1)(a))90 days default Sentry retention
AI assistant (academy/course)Questions, answers, optional conversation IDsConsent for personalization; contract for core Q&A when enabled by academyPer academy settings; default 12 months conversation logs
Security & audit logsUser ID, action type, timestamp, IP (hashed where possible)Legitimate interest (Art. 6(1)(f)) — security of processing12 months rolling (see retention policy)

Gallringsschema

KategoriPeriodÅtgärd
Active user accountWhile account is activeFull profile and content access
Deleted user account30 days after erasure requestHard delete or anonymize PII; backups expire per cycle
Consent preferences3 years after last updateProof of consent for regulatory requests
Security / access audit logs12 monthsAppend-only store; then aggregate or delete
Payment & invoice records7 years (or local statutory minimum)Anonymize where possible after legal hold ends
Marketing contactsUntil unsubscribe + 30 daysRemove from mailing lists
AI conversation logs12 months defaultAcademy owners may request shorter window
Server/application logs90 daysPII redacted at ingestion