top of page

Data Retention Policy

1. Purpose

Alpha Immersion Pty Ltd (“Alpha Immersion”, “we”, “us” or “our”) is committed to the responsible management of data collected through the delivery of the I-VADE platform and associated business operations. This Data Retention and De-identification Policy outlines how Alpha Immersion retains, de-identifies, and disposes of data in a manner that is consistent with:

  • Australian privacy law, including the and Australian Privacy Principles (APPs);

  • expectations of enterprise, public sector and institutional customers operating in regulated environments; and

  • good practice for secure, ethical, and proportionate data governance.

 

This Policy is intended to complement Alpha Immersion’s Privacy Policy and applies specifically to data retention and lifecycle management. For the purposes of this Policy, Alpha Immersion acts as a service provider to customer organisations and processes personal information to deliver, secure, and support the I-VADE platform, except where Alpha Immersion acts in its own capacity for corporate, legal, or operational purposes.

 

2. Scope

This Policy applies to data collected, stored, or processed by Alpha Immersion in connection with:

  • delivery and operation of the I-VADE platform;

  • customer and organisational account management;

  • individual end-user accounts (e.g. clinicians and university students);

  • platform usage, completion, and performance analytics; and

  • business operations, reporting, and service improvement.

 

Customer organisations are responsible for determining their own recordkeeping and retention requirements under applicable laws and policies. Alpha Immersion acts as a service provider and manages data collected through I-VADE in accordance with this Policy and the applicable customer agreement, including any lawful instructions provided by the customer organisation.

 

This Policy does not apply to:

  • patient data (identifiable or non-identifiable);

  • patient health records;

  • human research data;

  • audio or voice recordings;

  • VR interaction telemetry (e.g. gaze tracking, movement data); or

  • biometric data.

 

Alpha Immersion does not collect or store the above categories of data. I-VADE training simulations do not record or store live user behaviour beyond completion events and derived performance indicators.

 

3. Data Categories Covered by this Policy

The data covered by this Policy may include:

  • individual user identifiers (e.g. name, work or institutional email address);

  • organisational information (e.g. organisation, department, professional role);

  • demographic or professional attributes provided for training purposes (e.g. profession, years of experience, age or gender where supplied);

  • platform usage data (e.g. scenario completion, timestamps);

  • aggregated or derived performance indicators within training scenarios; and

  • system and audit logs necessary for platform operation, security, and incident investigation.

 

4. Retention Principles

Alpha Immersion applies the following principles to data retention:

  • data is retained only for legitimate business, contractual, operational, or legal purposes;

  • retention is linked to active access to, or use of, the I-VADE platform;

  • identifiable data is retained only for as long as reasonably required;

  • de-identification may be applied where deletion is not required by law, contract, or customer instruction; and

  • data handling practices are proportionate to risk and aligned with enterprise and institutional governance expectations.

 

Retention decisions take into account the customer relationship lifecycle, contractual obligations, and the nature of the data.

 

5. Retention During Active Engagement

While a customer organisation has an active agreement with Alpha Immersion and users have access to the I-VADE platform:

  • identifiable user data is retained to support training delivery, reporting, customer support, and platform operation;

  • organisational administrators may access user data only for users within their organisation; and

  • Alpha Immersion retains restricted administrative access solely for operational, maintenance, security, and support purposes, subject to Alpha Immersion’s internal access controls and role-based permissions.

 

6. Retention Following Cessation of Access or Contract Termination

When a customer organisation’s access to I-VADE ceases (including contract termination or expiry):

  • Immediate actions

    • User access to the platform is deactivated.

  • Short-term retention period

    • Identifiable data may be retained for a limited period (typically up to six (6) months, as a maximum, unless otherwise agreed with the customer organisation or required by law) to support:

      • customer reporting requests;

      • reconciliation or correction of records;

      • audit or compliance requirements applicable to the customer organisation or Alpha Immersion; or

      • re-activation of services where agreed.

  • De-identification

    • After this period, personal information is de-identified so that individuals can no longer be reasonably identified.

    • De-identified and aggregated data may be retained for as long as it remains de-identified and reasonably required for platform improvement, benchmarking, service evaluation, and business analytics.

 

Alpha Immersion does not retain identifiable personal information indefinitely once access to the platform has ceased, unless required by law or expressly agreed with the customer organisation.

 

7. De-identification and Aggregation

De-identification involves removing or altering personal identifiers so that individuals cannot be reasonably identified. Aggregation involves combining data across users or organisations to produce high-level insights. Alpha Immersion applies reasonable technical and organisational measures to reduce the risk of re-identification.

 

Alpha Immersion may retain and use de-identified or aggregated data for purposes including:

  • improving platform performance and functionality;

  • evaluating training usage trends;

  • benchmarking and reporting at a population level; and

  • preparing non-identifiable marketing or informational materials.

 

De-identified or aggregated data is designed so that individual users or customer organisations are not reasonably identifiable. Alpha Immersion does not attempt to re-identify de-identified data.

 

8. Deletion and Disposal

Where deletion is required (e.g. by law or contractual obligation), Alpha Immersion takes reasonable steps to securely delete personal information from active systems using controls appropriate to the sensitivity of the information. Deletion does not necessarily occur immediately where:

  • retention is required for legal or regulatory compliance;

  • a legal, regulatory, audit or dispute hold applies; or

  • data is held temporarily within secure system backups.

 

9. System Backups

Personal information may persist for a limited period within secure system backups maintained for business continuity and disaster recovery purposes.

  • Backup data is encrypted and access-restricted;

  • backup data is not used for analytics, reporting, or marketing; and

  • backup data is automatically overwritten in accordance with documented backup retention cycles and is not retained indefinitely.

 

10. Third-Party Service Providers

Where Alpha Immersion uses third-party service providers to support platform delivery (e.g. cloud hosting, security, monitoring services), those providers are required to:

  • process data only on Alpha Immersion’s instructions;

  • apply security and retention controls consistent with this Policy; and

  • not retain, use, or disclose data for their own purposes.

 

Alpha Immersion remains responsible for data processed on its behalf by third-party service providers in accordance with applicable agreements.

 

11. Individual Requests

Requests by individual users for access to, correction, or removal of their data are managed through the relevant customer organisation. Alpha Immersion’s support to customer organisations may include data export capabilities, administrative controls, and reasonable cooperation consistent with contractual arrangements. Alpha Immersion does not action individual deletion requests directly without confirmation and instruction from the customer organisation, except where required by law.

 

12. Governance and Responsibility

This Policy is approved by the Board of Alpha Immersion Pty Ltd. Responsibility for implementation and compliance is delegated to management. Alpha Immersion will reasonably support customer organisations to meet applicable recordkeeping, retention, and disposal obligations through appropriate administrative and system controls. This Policy is reviewed periodically and updated as required to reflect changes in law, technology, or business operations.

 

13. Contact

For questions about this Policy or Alpha Immersion’s data retention practices, please contact:

 

Alpha Immersion Pty Ltd
Email: info@alphaimmersion.org
 

Last updated: 04 February 2026

Contact us

©Alpha Immersion Pty Ltd 2026

Solutions for global challenges

Privacy Policy              Data Retention Policy

bottom of page