1. Introduction#
New Horizon Code PTY LTD ("New Horizon Code", "we", "us", or "our") is committed to the secure and responsible management of all data under our care.
This Data Retention Policy outlines how we collect, retain, archive, and securely delete personal, business, and technical data across all of our platforms and services — including Diversity Sync'd, Syrup, and Profile Dock.
This policy works in conjunction with our Privacy Policy, Security Policy, and Terms of Service to ensure transparency, compliance, and protection of user privacy.
2. Scope and Application#
This policy applies to all data collected, processed, and stored by New Horizon Code across all systems, including:
- User account information and authentication data
- Business and application data generated across all platforms
- Communication records such as emails, chats, and call logs
- Technical and diagnostic data including logs, analytics, and performance metrics
- Financial and billing information, including invoices and payment records
It applies to all customers, users, employees, and third-party service providers who process or have access to data under New Horizon Code's control.
3. Legal and Regulatory Framework#
Our data retention and deletion practices comply with the following laws, standards, and frameworks:
Australian Requirements
- Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs)
- Corporations Act 2001 (Cth)
- Australian Accounting Standards
International Frameworks
- EU General Data Protection Regulation (GDPR), where applicable
- UK Data Protection Act 2018
- California Consumer Privacy Act (CCPA), where applicable
- ISO 27001-aligned internal data governance standards
We also comply with any additional industry-specific regulations or contractual obligations relevant to our clients' sectors.
4. Data Classification#
To determine appropriate retention and deletion practices, we classify data into four main categories:
Personal Data
Information that identifies or could reasonably identify an individual:
- Names, emails, and contact details
- Account information and user profiles
- Authentication credentials and access logs
Business Data
Operational data created through the use of our platforms:
- Files, documents, and reports
- Collaboration and project records
- Workflow configurations and integrations
Technical Data
System-generated data required for reliability and performance:
- Server and API logs
- System diagnostics and performance metrics
- Security and audit trails
Financial Data
Data required for financial and legal compliance:
- Invoices, payment records, and receipts
- Tokenised payment method data
- Tax documentation and accounting records
5. Data Retention Periods#
Retention periods are determined by legal obligations, operational necessity, and data sensitivity.
| Data Type | Active Period | Archive Period | Total Retention |
|---|---|---|---|
| User Account Data | Duration of service | 30 days post-termination | 30 days after closure |
| Application Data | Duration of service | 90 days post-termination | 90 days after closure |
| Communication Records | 3 years | 4 years | 7 years total |
| Voice Recordings | 90 days | — | 90 days |
| Financial Records | 7 years | — | 7 years (legal requirement) |
| System Logs | 12 months | — | 12 months |
| Security Logs | 2 years | 3 years | 5 years total |
| Analytics Data | 2 years | — | 2 years |
Retention periods may be extended in cases involving legal proceedings, regulatory investigations, or contractual obligations.
Data may also be deleted earlier upon verified user request where permitted by law.
6. Data Storage and Security#
All retained data is stored in secure, access-controlled environments that comply with industry-leading security standards.
Active Storage
- Primary databases with role-based access
- AES-256 encryption at rest
- TLS 1.3 encryption in transit
- Automated daily backups with redundancy
Archive Storage
- Cold storage systems with restricted administrative access
- Enhanced encryption and integrity verification
- Immutable storage for legally protected data
- Full audit trail of all data access and retrieval events
7. Automated Deletion Processes#
To ensure consistency and compliance, we use automated and auditable systems for data deletion.
Scheduled Deletion
- Daily automated scans identify data exceeding its retention period
- Expired data is archived or securely purged from active systems
- Deletion uses multi-pass overwrite methods where required
Verification and Logging
- All deletion activities are logged for audit purposes
- Verification checks ensure complete removal from all live and backup systems
- Periodic internal audits validate the accuracy and completeness of deletions
8. User Rights and Data Requests#
Users have the right to access, export, and request deletion of their data in accordance with privacy law and contractual obligations.
| Request Type | Processing Time | Method |
|---|---|---|
| Account Deletion | Immediate | In-app self-service or verified email request |
| Specific Data Deletion | Within 30 days | Verified email request |
| Data Export | Within 30 days | Delivered in standard formats (CSV, JSON, PDF) |
| Legal Holds | Case-by-case | Handled by legal and compliance teams |
All deletion and export requests require identity verification to prevent unauthorised access or removal of data.
9. Exceptions and Legal Holds#
Certain data may need to be retained beyond standard retention periods in specific circumstances, including:
- Legal Proceedings: Information relevant to ongoing or anticipated litigation
- Regulatory Investigations: Requests from government or compliance authorities
- Security Incidents: Data related to internal or external investigations
- Contractual Obligations: Retention requirements defined by client agreements
- Backups: Data stored in encrypted backups retained for resilience purposes
Legal Hold Process
When a legal hold is implemented:
- The affected data is excluded from automated deletion
- Access is restricted and the data is archived separately
- Users are notified where legally permissible
- Standard deletion resumes once the hold is lifted
10. Monitoring and Compliance#
We conduct ongoing monitoring and reviews to ensure compliance with this policy.
Internal Oversight
- Quarterly reviews of retention and deletion activities
- Annual data mapping and classification reviews
- Periodic validation of automation scripts and audit logs
External Compliance
- Independent security and privacy audits
- Third-party penetration testing
- Compliance verification with applicable data protection authorities
11. Policy Updates#
This policy may be updated periodically to reflect:
- Changes in legal or regulatory requirements
- Evolving security practices
- Operational or infrastructure improvements
We will:
- Notify users of any material changes via email or in-app notification
- Provide 30 days' notice prior to new retention periods taking effect
- Maintain an archive of previous versions for reference
Continued use of our services after updates constitutes acceptance of the latest version.
12. Contact Information#
For questions, deletion requests, or compliance enquiries, contact:
Data Protection Officer
New Horizon Code PTY LTD
Suite 121, Level 14, 167 Eagle Street
Brisbane QLD 4000, Australia
Email: privacy@newhorizoncode.io
Phone: 1300 980 034