Data Retention Policy

Last updated: Sep 17, 2025

Table of Content
Toc Link

This Data Retention Policy (“Policy”) is issued by New Horizon Code Pty Ltd (ABN 61 634 659 804),

the owner and operator of the Diversity Sync’d platform (the “Platform”). The Policy outlines the

storage, archiving, and deletion of Content submitted to or generated through the Platform. It is

designed to ensure compliance with applicable laws, protect the rights of Users and Participants, and

support your operational continuity.

[fs-toc-h2]1. Definitions

“APP” means the Australian Privacy Principles, Schedule 1 of the Privacy Amendment (Enhanced

Privacy Protection) Act 2012.

"Content" means any information uploaded, stored, processed, or generated through the Platform,

including personal and sensitive data.

“DS AI” means the Platforms’ use of proprietary artificial intelligence systems developed and

operated internally to assist with the Platform’s functionality, including summarisation, data validation,

and workflow optimisation. DS AI may analyse or generate outputs based on user-submitted content

such as shift notes, incident reports, platform activity, and support tickets.

“Our/We” means New Horizon Code Pty Ltd as the owner of the Platform.

“Participant” means a current or prospective NDIS participant.

“Personal information” is defined in the Privacy Act to mean any information or opinion about an

identified individual, or an individual who is reasonably identifiable, whether the information or opinion

is true of not and whether the information or opinion is recorded in a material form or not.

“Privacy Act” means the Privacy Act 1988 (Cth), and for the purposes of this Privacy Policy includes

guidance issued by the Office of the Australian Information Commissioner under the Privacy Act.

"Services" means the features and functionality made available through the Platform.

"User" means any individual accessing the Platform under your account, including support workers,

coordinators, and administrators.

"You"/"Your" refers to you as the Client, an organisation with a valid subscription to the Platform.

[fs-toc-h2]3.Scope

This policy applies to all Content held within the Platform, including but not limited to:

Participant records (e.g. shift notes, support logs, incident reports)

User account data

System logs and audit trails

AI-generated content or metadata (e.g. DS AI flags and summaries)

Uploaded files, documentation, and communications

[fs-toc-h2]4. Retention Periods by Data Type

In compliance with APP 11, we do not keep any personal information for any longer than necessary,

once the information is no longer required in respect of the original purpose, we will take such steps

are as reasonable to destroy the information or ensure it is de-identified.

For information that is not personal or sensitive as defined in the Privacy Act, unless otherwise

specified below or requested by you, we retain all data indefinitely to support long-term recordkeeping

and compliance needs.

We will also delete Content when:

You, or a User,  requests deletion in writing;

The Content is manually deleted via the Platform interface;

The associated account is terminated or closed.

We reserve the right to archive or purge data in accordance with our internal data lifecycle practices or legal requirements.
[fs-toc-h2]5. Retention Periods by Data Type
Data Category Retention Period Details
Participant data In compliance with APP 11 Deletion available upon request, manual action by Users, or by us in compliance with APP 11
User account information Retained indefinitely unless deactivated Can be deleted upon request or after account closure
System audit logs 12–24 months Rotated regularly to manage storage and for compliance
AI-generated summaries or alerts Up to 12 months Not used for external training; purged or anonymised thereafter. Subject to APP 11
Backups 30–90 day rolling retention Encrypted and securely stored

[fs-toc-h2]5. Client-Controlled Deletion

As the data controller, you may request:

Partial or full data deletion

Export of data in portable format prior to deletion (subject to your legal obligations).

Custom retention terms (subject to platform support and legal obligations).

All requests must be made in writing to legal@newhorizoncode.io by an authorised representative.

[fs-toc-h2]6. Legal & Regulatory Exceptions

In some cases, we may be required to retain data beyond the default retention period to:

Comply with applicable laws or court orders;

Respond to government investigations or audits; and

Defend against legal claims

Such extended retention is limited to the minimum period necessary for compliance.

[fs-toc-h2]7. Data Deletion Process

When deletion is requested or triggered by account termination, we follow secure procedures to

remove Content from active systems, backups (within the rolling retention window), and storage

services. Deletion is permanent and irreversible once confirmed.

[fs-toc-h2]8. Contact

If you have questions about this policy or wish to request deletion, please contact:

Privacy & Legal Team
New Horizon Code PTY LTD
Suite 121, Level 14, 167 Eagle Street, Brisbane QLD 4000
Email: legal@newhorizoncode.io

You’re in the right place,
sign up and get started.

Sign UpGet a Demo