Data Retention Policy
Our comprehensive approach to data retention, storage periods, and secure deletion procedures in compliance with NDIS Practice Standards and Australian privacy legislation.
This Data Retention Policy ("Policy") is issued by New Horizon Code Pty Ltd (ABN 61 634 659 804), the owner and operator of the Diversity Sync'd platform (the "Platform"). The Policy outlines the storage, archiving, and deletion of Content submitted to or generated through the Platform. It is designed to ensure compliance with applicable laws, protect the rights of Users and Participants, and support your operational continuity.
1. Definitions
"APP" means the Australian Privacy Principles, Schedule 1 of the Privacy Amendment (Enhanced Privacy Protection) Act 2012.
"Content" means any information uploaded, stored, processed, or generated through the Platform, including personal and sensitive data.
"DS AI" means the Platform's use of proprietary artificial intelligence systems developed and operated internally to assist with the Platform's functionality, including summarisation, data validation, and workflow optimisation. DS AI may analyse or generate outputs based on user-submitted content such as shift notes, incident reports, platform activity, and support tickets.
"Our/We" means New Horizon Code Pty Ltd as the owner of the Platform.
"Participant" means a current or prospective NDIS participant.
"Personal information" is defined in the Privacy Act to mean any information or opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.
"Privacy Act" means the Privacy Act 1988 (Cth), and for the purposes of this Privacy Policy includes guidance issued by the Office of the Australian Information Commissioner under the Privacy Act.
"Services" means the features and functionality made available through the Platform.
"User" means any individual accessing the Platform under your account, including support workers, coordinators, and administrators.
"You"/"Your" refers to you as the Client, an organisation with a valid subscription to the Platform.
3. Scope
This policy applies to all Content held within the Platform, including but not limited to:
- • Participant records (e.g. shift notes, support logs, incident reports)
- • User account data
- • System logs and audit trails
- • AI-generated content or metadata (e.g. DS AI flags and summaries)
- • Uploaded files, documentation, and communications
4. Retention Approach
In compliance with APP 11, we do not keep any personal information for any longer than necessary. Once the information is no longer required in respect of the original purpose, we will take such steps as are reasonable to destroy the information or ensure it is de-identified.
For information that is not personal or sensitive as defined in the Privacy Act, unless otherwise specified below or requested by you, we retain all data indefinitely to support long-term record-keeping and compliance needs.
We will also delete Content when:
- • You, or a User, requests deletion in writing;
- • The Content is manually deleted via the Platform interface;
- • The associated account is terminated or closed.
We reserve the right to archive or purge data in accordance with our internal data lifecycle practices or legal requirements.
5. Retention Periods by Data Type
Participant data
Retention Period
In compliance with APP 11
Details
Deletion available upon request, manual action by Users, or by us in compliance with APP 11
User account information
Retention Period
Retained indefinitely unless deactivated
Details
Can be deleted upon request or after account closure
System audit logs
Retention Period
12–24 months
Details
Rotated regularly to manage storage and for compliance
AI-generated summaries or alerts
Retention Period
Up to 12 months
Details
Not used for external training; purged or anonymised thereafter. Subject to APP 11
Backups
Retention Period
30–90 day rolling retention
Details
Encrypted and securely stored
| Data Category | Retention Period | Details |
|---|---|---|
| Participant data | In compliance with APP 11 | Deletion available upon request, manual action by Users, or by us in compliance with APP 11 |
| User account information | Retained indefinitely unless deactivated | Can be deleted upon request or after account closure |
| System audit logs | 12–24 months | Rotated regularly to manage storage and for compliance |
| AI-generated summaries or alerts | Up to 12 months | Not used for external training; purged or anonymised thereafter. Subject to APP 11 |
| Backups | 30–90 day rolling retention | Encrypted and securely stored |
6. Client-Controlled Deletion
As the data controller, you may request:
- • Partial or full data deletion
- • Export of data in portable format prior to deletion (subject to your legal obligations)
- • Custom retention terms (subject to platform support and legal obligations)
All requests must be made in writing to legal@newhorizoncode.io by an authorised representative.
7. Legal & Regulatory Exceptions
In some cases, we may be required to retain data beyond the default retention period to:
- • Comply with applicable laws or court orders;
- • Respond to government investigations or audits; and
- • Defend against legal claims
Such extended retention is limited to the minimum period necessary for compliance.
8. Data Deletion Process
When deletion is requested or triggered by account termination, we follow secure procedures to remove Content from active systems, backups (within the rolling retention window), and storage services. Deletion is permanent and irreversible once confirmed.
9. Contact
If you have questions about this policy or wish to request deletion, please contact:
Privacy & Legal Team
New Horizon Code PTY LTD
Suite 121, Level 14
167 Eagle Street, Brisbane QLD 4000
Email: legal@newhorizoncode.io