1. Overview#
At New Horizon Code PTY LTD ("New Horizon Code", "we", "us", or "our"), security is embedded into every layer of our organisation — from the way we build our software to the way we operate internally.
This Security Policy outlines the principles, technical measures, and operational safeguards that protect our platforms and customers, including Diversity Sync'd, Syrup, and Profile Dock.
We view security as a shared responsibility. Our goal is to ensure every customer, partner, and employee plays an active role in maintaining a safe, compliant, and trusted environment.
2. Core Security Principles#
Our security framework is built on fundamental pillars that ensure comprehensive protection across all our services and operations.
Zero-Trust Architecture
We apply a Zero-Trust security model across all systems. Every request—whether from inside or outside our network—requires verification before access is granted. No user, device, or system is inherently trusted.
Data Encryption
All data is protected using industry-standard encryption methods:
- At rest: AES-256 encryption
- In transit: TLS 1.2+ (HTTPS) and secure key exchange
- Enforced use of HSTS and secure cookies across all applications
Regular Audits
We conduct regular security audits, penetration testing, and internal code reviews to identify and remediate vulnerabilities proactively. Results are reviewed by our engineering leadership and incorporated into our secure development lifecycle.
Compliance Standards
Our practices align with leading privacy and security frameworks, including:
- Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs)
- ISO 27001-aligned internal controls
- OWASP Top 10 secure coding standards
- GDPR and UK Data Protection Act 2018, where applicable
3. Security Implementation#
We implement comprehensive safeguards across all layers of our technology stack to protect customer data, intellectual property, and system availability.
Technical Safeguards
Our technical infrastructure is protected by:
- End-to-end encryption for all data transmission and storage
- Multi-factor authentication (MFA) for internal and administrative access
- Principle of least privilege (PoLP) access control
- Continuous network and endpoint monitoring
- Intrusion detection and anomaly alerting
- Secure cloud hosting with enterprise-grade redundancy
Operational Security
Our operational practices minimise risk from human and process factors:
- Role-based access and strict need-to-know permissions
- Mandatory employee training in data protection and cybersecurity awareness
- Enforced use of password managers and MFA for all staff
- Documented incident-response plan and breach-notification procedures
- Regular reviews of policies and vendor security compliance
4. Tailored Security Controls#
Each New Horizon Code product has unique requirements. While all adhere to company-wide security standards, additional safeguards are applied where required by sensitivity, regulatory environment, or customer expectations.
Our Approach
| Stage | Focus Area | Purpose |
|---|---|---|
| 01 – Risk Assessment | Individual risk analysis for each application | Identify data sensitivity, compliance scope, and threat profile |
| 02 – Specialised Controls | Context-specific measures | Apply additional encryption, data segregation, or logging as needed |
| 03 – Continuous Monitoring | Real-time alerting and anomaly detection | Detect and respond to emerging threats |
| 04 – Regular Updates | Security patching and dependency management | Maintain resilience against evolving risks |
5. Our Security Commitment#
Security is not a feature—it's a fundamental part of how we design, build, and operate every product.
From initial design through deployment and ongoing maintenance, we embed security principles at every stage of our development process.
Our commitment includes:
- Proactive risk mitigation: anticipating and addressing vulnerabilities before exploitation
- Privacy-by-design: embedding compliance and confidentiality controls early in product lifecycles
- Continuous improvement: evolving our defences in line with emerging technologies and industry standards
We believe security is a shared responsibility. We work collaboratively with our clients to ensure that our controls complement their own policies, compliance requirements, and organisational risk frameworks.
6. Security Resources#
For more detail on how we protect user data and manage information lifecycle:
Support Policy
See how we manage technical incidents, including security-related tickets.
View Policy →7. Contact Our Security Team#
For all security-related enquiries, vulnerability reports, or concerns, please contact our dedicated security team:
Security Team
New Horizon Code PTY LTD
Suite 121, Level 14, 167 Eagle Street
Brisbane QLD 4000, Australia
Email: security@newhorizoncode.io
Phone: 1300 980 034
Vulnerability Disclosure
We greatly value responsible disclosure and have a dedicated program for security researchers.
If you identify a potential vulnerability:
- Use our vulnerability disclosure form or email security@newhorizoncode.io
- Do not share or publish information until we confirm remediation
- We'll acknowledge receipt within two business days and work collaboratively to address the issue
Your cooperation helps us maintain the safety and integrity of our systems, and we deeply appreciate your contribution to platform security.