1. Introduction#
At New Horizon Code PTY LTD ("New Horizon Code", "we", "us", or "our"), compliance is more than meeting obligations — it's about setting a higher standard.
Our compliance framework underpins everything we do, ensuring security, privacy, and transparency across our entire ecosystem — including Diversity Sync'd, Syrup, and Profile Dock.
We integrate compliance into our design, development, and operational processes from day one — not as a checkbox exercise, but as a foundation for trust.
2. Our Approach to Compliance#
Proactive Compliance by Design
Compliance is built into our development lifecycle, from initial planning through to deployment and maintenance. Each project begins with a security and compliance assessment, ensuring that every product we deliver aligns with the relevant legal and regulatory standards.
This approach minimises risk, strengthens security, and ensures long-term sustainability for both our clients and our platforms.
Regulatory Alignment
While we do not currently hold formal certifications, our processes are aligned with the following frameworks and principles:
- Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth)
- General Data Protection Regulation (GDPR) (EU/UK)
- California Consumer Privacy Act (CCPA)
- ISO/IEC 27001 and SOC 2 Type II best practice controls
These frameworks guide our internal governance, data protection, and product design, ensuring our services meet or exceed compliance expectations globally.
3. Key Focus Areas#
Our compliance framework is built around four key pillars that provide full coverage of our obligations and client assurances.
1. Data Protection
We apply privacy-by-design and data minimisation principles across all products. Controls include:
- End-to-end encryption (in transit and at rest)
- Access management based on least privilege
- Secure data handling, retention, and deletion procedures
- Regular audits of data processing activities
2. Security Controls
We maintain a multi-layered security posture supported by automation and testing:
- Secure coding and review practices
- Continuous vulnerability scanning
- Routine penetration testing and infrastructure hardening
- Integration with our Security Policy and Incident Response Framework
3. Risk Management
We manage risk through continuous assessment and mitigation, including:
- Ongoing threat modelling
- Quarterly risk reviews
- Documented risk register and remediation workflows
- Annual review of third-party vendor compliance
4. Incident Response
We maintain a documented and tested Incident Response Plan outlining:
- Defined escalation paths and response roles
- Communication protocols for affected stakeholders
- 24/7 monitoring and early detection alerts
- Post-incident review and continuous improvement reporting
4. Continuous Improvement#
Compliance is not static — it evolves with technology, law, and threat landscapes. We actively monitor and adapt to maintain excellence in compliance.
| Focus Area | Description |
|---|---|
| 01. Security Assessments | Regular penetration testing and internal security audits to identify and address emerging vulnerabilities. |
| 02. Standards Monitoring | Continuous tracking of evolving regulations and standards such as GDPR, APPs, ISO 27001, and CCPA. |
| 03. Team Training | Ongoing education for all staff on data protection, compliance, and cybersecurity best practices. |
| 04. Policy Updates | Scheduled reviews and revisions of compliance policies based on regulatory or operational changes. |
Our internal Compliance Committee, led by our Data Protection Officer, oversees this cycle of improvement and ensures accountability at every level.
5. Compliance Resources#
For further information about our compliance posture, you can review our core governance policies:
Security Policy
Comprehensive security measures, encryption protocols, and infrastructure protections.
View Policy →Data Retention Policy
How we manage data throughout its lifecycle, from creation to secure deletion.
View Policy →Support Policy
Details of our support operations, escalation procedures, and monitoring commitments.
View Policy →6. Contact Our Compliance Team#
If you have questions about our compliance measures, regulatory alignment, or specific data requirements, please contact our dedicated team.
Compliance Team
New Horizon Code PTY LTD
Suite 121, Level 14, 167 Eagle Street
Brisbane QLD 4000, Australia
Email: compliance@newhorizoncode.io
Phone: 1300 980 034