Purpose

Aviaur retains records to meet legal obligations, support safety compliance, enable audits and dispute resolution, and provide a durable history of work performed at the properties we serve. We only retain data for as long as we have a clear basis for doing so. This page explains what we keep, for how long, and why. It is the operational counterpart to our Privacy Policy.

Standard retention schedule

The following minimum periods apply to most account and operational data. Where the retention basis is a legal obligation, the period reflects the longer of (a) the statutory minimum and (b) operational need.

• Financial and transaction records — 7 years. Required by NZ Inland Revenue and the Australian Tax Office for business records and audit.
• Safety incidents and notifiable events — minimum 5 years; longer where an incident is the subject of an ongoing investigation, claim, or regulator action.
• Job records, completion evidence, and operational messaging — 7 years. Includes job notes, signed-off paperwork, time entries, and chat history tied to a job.
• Audit logs (access, approvals, role changes, configuration) — 7 years. Required for security investigations and compliance audits.
• Licensing, qualifications, and competency evidence — held for the active period plus 5 years after expiry. Workers and businesses can demonstrate competency at any point during that window.
• Background check and dispute records — 7 years from resolution.

Indefinite-retention data

Some categories of data are retained indefinitely because their value is the long history they capture. These are limited to records anchored to a property, and to immutable evidence artifacts.

• Property-linked records. Where a job, photo, JHA, or document relates to a specific property (a residential address, a commercial site, an industrial facility), Aviaur retains that record indefinitely against the property identifier. The intent is a building history ledger — pipe runs photographed pre-wall-lining, structural modifications, asset service histories, isolation locations — that travels with the address rather than the owner. A future owner, contractor, or building inspector returning to the property can access prior context.
• Evidence packs. Once an evidence pack has been generated for a job, it is retained as an immutable, hash-sealed record. Each artifact within a pack is SHA-256 hashed and the hashes form a chain of custody from upstream safety documentation (HAZOP studies, JHA revisions, competency status at clock-in) through to incident records. These packs are designed to remain admissible for the full limitation period of any claim — typically 6+ years under NZ law and 6 years under the Australian Limitation Acts. Aviaur does not delete or alter evidence packs after generation.

Personal information within indefinite-retention records is de-identified at the point where the operational reason for keeping it expires. What remains is structural and maintenance history tied to a property identifier (e.g. a Land Information New Zealand parcel reference), not to a named individual.

Anonymised aggregation

Aviaur generates industry-wide safety bulletins from anonymised aggregations of incident data, where users have opted in to share their incident records for industry learning. These aggregations follow strict privacy protections:

• K-anonymity threshold. No incident contributes to a bulletin unless at least 5 similar incidents have been reported across distinct workspaces.
• Time delay. Minimum 7 days between an incident report and any aggregation pass that includes it.
• Geographic rollup. Bulletins surface at the regional level (Auckland, Bay of Plenty, NSW, etc.) — never at street, suburb, or facility level.
• Worker anonymity. No worker names, no demographic detail beyond job role, no employer identification.
• Opt-in consent. Sharing incident data with the industry bulletin pool is off by default. Users actively opt in at the point of finalising a JHA or incident record.

Anonymised aggregations are retained indefinitely. Once an aggregation row is generated, it cannot be traced back to individual incidents — the de-identification is irreversible by design.

Cookies, analytics, and advertising

Aviaur sets a small number of cookies for essential service operation (session, security, preferences). These are retained for the duration set by the cookie itself — typically 30 days for session preferences, longer for persistent settings.

Where you have opted in, Aviaur uses third-party analytics and advertising services (Google AdSense, Facebook Pixel) to measure how the public marketing surface is used and to attribute advertising spend. Cookies set by these services are governed by the provider's own retention policy and are typically retained for 30 to 540 days. You can decline these cookies through your browser settings; declining them does not affect your ability to use Aviaur. We will introduce a cookie consent banner as part of our public-marketing surface rollout — when it ships, you will be able to manage these preferences directly from any Aviaur page.

Deletion, anonymisation, and account closure

When a retention period expires and there is no continuing legal or operational basis for retention, Aviaur deletes or anonymises the affected records. Anonymisation removes identifying detail while preserving the record for legitimate downstream uses (statistics, historical reference, indefinite-retention property records).

When a user closes their account, identifying personal information is removed from active systems within 30 days. Records that fall within the retention schedule above are retained until their period expires, but are not associated with the closed account for active processing. Records anchored to a property remain indefinitely as described above, with personal identifiers removed.

Your rights

Under the New Zealand Privacy Act 2020 and the Australian Privacy Act 1988 you have the right to access personal information Aviaur holds about you, request correction of inaccurate information, and (where legally permitted) request deletion of information that is no longer required.

Some records are retained even where you request deletion — for example, financial records that we are required to keep by tax law, or evidence packs already generated for a job you participated in. In these cases we explain the basis for retention and confirm when the record will become eligible for deletion.

You may also request that we provide a copy of your personal information in a portable format (data portability), and you may withdraw consent for non-essential processing (such as analytics or advertising cookies) at any time.

How to make a request

Submit any request relating to your data — access, correction, deletion, portability, consent withdrawal, or a complaint — via the Aviaur Help Centre. Your request will be acknowledged within 5 business days and resolved within the period set by applicable privacy law (typically 20 working days under NZ Privacy Act, 30 calendar days under AU Privacy Act).

If you are not satisfied with how Aviaur handles your request, you may contact:

• New Zealand: the Office of the Privacy Commissioner (privacy.org.nz).
• Australia: the Office of the Australian Information Commissioner (oaic.gov.au).