Data Retention Policy

This policy outlines how New Horizon Code manages data retention, storage periods, and deletion processes to ensure compliance, security, and user privacy protection across all our platforms and services.

Last updated: 27 July 2025

1. Introduction

New Horizon Code PTY LTD ("New Horizon Code", "we", "us", or "our") is committed to responsible data management and privacy protection. This Data Retention Policy outlines our practices for retaining, storing, and deleting personal and business data across all our platforms and services.

This policy works in conjunction with our Privacy Policy and Terms of Service to ensure comprehensive data protection and compliance with applicable laws and regulations.

2. Scope and Application

This policy applies to all data collected, processed, and stored by New Horizon Code, including:

User account information and authentication data
Business and application data across all platforms (Diversity Sync'd, Carey, TobyHR, Syrup, Profile Dock)
Communication records including emails, chat logs, and call recordings
Technical data such as logs, analytics, and system performance metrics
Financial and billing information

3. Legal and Regulatory Framework

Our data retention practices comply with applicable laws and regulations, including but not limited to:

Australian Laws

Privacy Act 1988 (Cth)
Corporations Act 2001
Australian Accounting Standards

International Standards

EU General Data Protection Regulation (GDPR)
California Consumer Privacy Act (CCPA)
Industry-specific compliance requirements

4. Data Classification

We classify data into the following categories for retention purposes:

Personal Data

Information that directly or indirectly identifies an individual:

Names, email addresses, phone numbers
User profiles and account information
Authentication credentials and access logs

Business Data

Information created through business operations:

Documents, files, and application content
Project data and collaboration records
Workflow configurations and integrations

Technical Data

System-generated information for operational purposes:

Server logs and performance metrics
Security monitoring and audit trails
Analytics and usage statistics

Financial Data

Payment and billing-related information:

Transaction records and invoices
Payment method details (tokenized)
Tax and compliance documentation

5. Retention Periods

Retention periods are determined based on legal requirements, business needs, and data sensitivity. The following table outlines our standard retention periods:

Data Type	Active Period	Archive Period	Total Retention
User Account Data	Duration of service	30 days post-termination	30 days after account closure
Application Data	Duration of service	90 days post-termination	90 days after account closure
Communication Records	3 years	4 years	7 years total
Voice Recordings	90 days	N/A	90 days
Financial Records	7 years	N/A	7 years (legal requirement)
System Logs	12 months	N/A	12 months
Security Logs	2 years	3 years	5 years total
Analytics Data	2 years	N/A	2 years

Note: Retention periods may be extended if required by legal proceedings, regulatory investigations, or contractual obligations. We may also retain data for shorter periods at user request or when legally permitted.

6. Data Storage and Security

All retained data is stored using industry-standard security measures and encryption protocols:

Active Storage

Primary databases with real-time access
AES-256 encryption at rest
TLS 1.3 encryption in transit
Regular automated backups

Archive Storage

Cold storage with restricted access
Enhanced encryption and compression
Immutable storage where required
Audit trail for all access

7. Automated Deletion Processes

We employ automated systems to ensure timely and consistent data deletion:

Scheduled Deletion

Daily scans for data exceeding retention periods
Automated archival of aging data
Secure deletion with multiple overwrite passes

Verification and Logging

Detailed logs of all deletion activities
Verification checks to ensure complete removal
Regular audits of deletion processes

8. User Rights and Data Requests

Users have specific rights regarding their data retention and deletion:

Deletion Requests

Right to request immediate deletion
30-day response time for requests
Verification process for identity protection

Data Export

Request copies before deletion
Standard formats (JSON, CSV, PDF)
Secure delivery methods

Request Type	Processing Time	Method
Account Deletion	Immediate	Self-service portal
Specific Data Deletion	Within 30 days	Email request with verification
Data Export	Within 30 days	Automated or manual delivery
Legal Holds	Case-by-case	Legal department review

9. Exceptions and Legal Holds

Certain circumstances may require us to retain data beyond standard retention periods:

Legal Proceedings: Data involved in actual or anticipated litigation
Regulatory Investigations: Information requested by government authorities
Security Incidents: Data related to ongoing security investigations
Contractual Obligations: Data retention required by specific agreements
Backup Systems: Data in secure backups with longer retention cycles

Legal Hold Process: When a legal hold is implemented, affected data is immediately protected from deletion and archived separately. Users are notified when legally permissible, and normal deletion resumes once the hold is lifted.

10. Monitoring and Compliance

We maintain comprehensive monitoring and audit procedures to ensure compliance with this policy:

Internal Audits

Quarterly retention policy reviews
Annual data mapping exercises
Deletion process verification

External Compliance

Third-party security assessments
Regulatory compliance checks
Industry standard certifications

11. Policy Updates and Changes

This Data Retention Policy may be updated periodically to reflect changes in legal requirements, business needs, or operational practices. We will:

Notify affected users of material changes via email or platform notifications
Provide 30 days notice before implementing new retention periods
Update the "Last updated" date to reflect the most recent changes
Maintain archived versions of previous policy iterations

Continued use of our services following any policy updates constitutes acceptance of the revised terms.

12. Contact Information

For questions about this Data Retention Policy, data deletion requests, or compliance matters, please contact:

Data Protection Officer

New Horizon Code PTY LTD

Suite 121, Level 14, 167 Eagle Street

Brisbane QLD 4000, Australia

Email: privacy@newhorizoncode.io

Phone: 1300 980 034