Data Classification & Retention Policy — Trust Centre — Compass IoT
Resilience

Trust Centre

Data Classification & Retention Policy

How Compass IoT classifies the data it holds, the controls that apply at each level of sensitivity, how long we keep different types of data, and how we dispose of it securely when it is no longer needed.

Last updated May 2026 · Compass IoT Pty Ltd

Our commitment

We only hold data for as long as we need it, we protect it according to its sensitivity, and we dispose of it securely when that need ends.

Not all data carries the same risk. A classification framework allows us to apply proportionate controls — stronger protection where the sensitivity demands it, and a clear process for when data should be disposed of. This policy applies to all data created, collected, processed, stored, or transmitted by Compass IoT, including data held by third-party vendors on our behalf.

This policy applies to all employees, contractors, and third parties who handle Compass IoT data in any form.

Classification framework

Data classification levels

Four-tier framework

All data held or processed by Compass IoT is assigned one of four classification levels. The classification determines the controls, access restrictions, and handling requirements that apply.

Public Level 1

Information intentionally made available to the public with no restrictions on access or distribution. Disclosure causes no harm to Compass IoT or any individual.

Examples: marketing materials, public website content, published case studies, anonymised platform statistics.

Internal Level 2

Information intended for use within Compass IoT. Not sensitive in isolation, but not intended for public disclosure. Accidental disclosure carries limited risk but should be avoided.

Examples: internal processes, meeting notes, non-sensitive product documentation, general company communications.

Confidential Level 3

Sensitive business or personal information that could cause harm to Compass IoT, customers, or individuals if disclosed. Access is restricted to authorised personnel with a specific need.

Examples: customer data, contracts, financial records, employee personal information, API keys, system credentials, pre-anonymised vehicle telemetry data.

Restricted Level 4

Highly sensitive information where unauthorised disclosure could result in significant legal, regulatory, financial, or reputational harm. Access is limited to a small number of specifically authorised individuals.

Examples: raw camera-derived data prior to anonymisation, personal biometric indicators, incident investigation records, legal advice, security vulnerability disclosures, individual health data.

Special category

Camera-derived and biometric data

Restricted — anonymised at ingestion

Camera-derived data received from third-party vehicle data sources is treated as Restricted (Level 4) from the moment it enters Compass IoT's processing pipeline. This is because raw camera data may contain personally identifying information — including facial geometry, driver images, and licence plate data — that carries the highest level of sensitivity under applicable biometric and privacy law.

Compass IoT's approach is anonymisation at the point of ingestion. Raw camera data is processed to remove or obscure identifying information before it is stored or made accessible within the platform. Once anonymised, the resulting data is reclassified to the appropriate level for its content — typically Confidential (Level 3) for vehicle telemetry and Internal (Level 2) for aggregated or derived signals.

  • Raw camera data is never stored in an identifiable form beyond the minimum time required for anonymisation processing.
  • Access to raw camera data prior to anonymisation is limited to the smallest possible number of authorised personnel and automated systems.
  • All access to pre-anonymisation data is logged and subject to audit.
  • Camera data anonymisation procedures are reviewed whenever new data sources are onboarded or existing data source formats change.
  • Customers are not provided access to raw camera data under any circumstances.

Regulatory position

The classification of raw camera data as Restricted reflects our obligations under the Australian Privacy Act 1988 (biometric information as sensitive information), the UK GDPR (biometric data as special category), Illinois BIPA, Texas CUBI, and the CCPA. Full detail on our biometric data compliance position is available on the Compliance page.

Handling rules

How each classification level must be handled

The following requirements apply to all employees, contractors, and vendors handling Compass IoT data at each classification level.

  • Public — no special handling required. May be shared freely.
  • Internal — must not be shared externally without authorisation. Standard access controls apply. No encryption required for internal sharing, but must not be sent over unencrypted channels externally.
  • Confidential — access restricted to authorised personnel. Must be encrypted in transit (TLS 1.2+) and at rest (AES-256). Shared externally only under NDA or equivalent contractual protection. Must not be stored on personal devices without approval.
  • Restricted — access limited to specifically named individuals. Encrypted at all times. Must not leave the Compass IoT environment without explicit leadership approval. Sharing with third parties requires a signed DPA and specific contractual provisions. All access logged.

Retention periods

Data retention and deletion

Data is retained only for as long as it is needed for the purpose for which it was collected, or as required by applicable law. Specific contractual terms with customers may establish shorter or longer periods where agreed.

Customer deletion requests

Customers may request deletion of their data at any time. Compass IoT will action verified deletion requests within 30 days, subject to any overriding legal retention obligations. Confirmation of deletion will be provided in writing on completion.

Secure disposal

How we dispose of data securely

When data reaches the end of its retention period, or is subject to a deletion request, it is disposed of securely. The method of disposal depends on the classification level and the medium on which the data is held.

  • Digital data stored on cloud infrastructure is deleted using GCP's secure deletion mechanisms, which render data unrecoverable.
  • Backups containing data subject to deletion are purged within the next scheduled backup cycle, or sooner where required by a customer request.
  • Physical media containing Confidential or Restricted data is destroyed by a certified media destruction provider.
  • Vendors holding Compass IoT data are contractually required to confirm secure deletion in writing upon termination of the relationship.
  • Deletion of Restricted data is logged and records of deletion are retained for audit purposes.

Policy review

Policy review

This Data Classification and Retention Policy is owned by the Compass IoT leadership team and will be reviewed annually, or sooner if material changes occur to our data environment, regulatory obligations, or product capabilities. Retention periods are reviewed against applicable legislation at each review cycle.

Questions

Get in touch

Questions about data classification, retention periods, or deletion requests.