Skip to content
OneForce Care
Legal & trust

Privacy Policy

How we collect, use, store and protect personal information, and the rights you have over it.

Last updated · 24 June 2026

OneForce Care is committed to protecting your privacy. This policy explains how we handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). It applies to our website and to the OneForce Care platform.

By using our website or platform, you agree to the handling of your information as described here.

In this policy, “OneForce Care” is a product of Wondertree Pty Ltd (ABN coming soon), and “we”, “us” and “our” refer to Wondertree Pty Ltd.

Who this policy covers

We work with three broad groups:

  • Website visitors and enquirers: people who browse our site or send us an enquiry.
  • Customers: disability and aged-care providers who subscribe to the platform, and their staff.
  • Participants and workers: the individuals whose records our customers manage in the platform.

For information that providers enter about their participants and workers, the provider is responsible for that information and the consents around it; we handle it on the provider’s behalf and on their instructions as their service provider.

Information we collect

Information you give us. When you contact us, request a demo, or open an account, we may collect your name, work email, phone number, organisation, role, and anything you include in your message.

Information our customers enter. Providers use the platform to record information about participants, workers and their operations. This can include sensitive information, such as health information, where the provider has a lawful basis and the necessary consent to collect it.

Information collected automatically. Our marketing website is intentionally lightweight and uses only essential cookies (see our Cookie Policy). We collect limited technical information (such as basic server logs) needed to operate and secure the site.

Sensitive and health information

Some records in the platform include sensitive information, including health information, which attracts additional protections under the APPs. Where we handle this information, we do so to provide the service to our customers, under their instructions, and we apply heightened safeguards described in our Security page.

How we use information

We use personal information to:

  • provide, maintain and support the platform;
  • respond to enquiries and provide demonstrations;
  • manage accounts, billing and customer relationships;
  • keep the service secure and investigate misuse;
  • meet our legal and regulatory obligations.

We do not sell personal information, and we do not use participant information for advertising.

Disclosure and service providers

We share personal information only where needed to run our business, for example with trusted service providers that help us host the platform, send email, and manage website enquiries. These providers are bound to protect your information and to use it only for the purposes we engage them for.

Some service providers that handle website enquiry data may store or process it outside Australia. Customer and participant data in the platform is hosted in Australia. See Data residency for details.

We may also disclose information where required or authorised by law.

Keeping information secure

We take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. You can read more on our Security page.

Accessing and correcting your information

Under the APPs you can ask to access the personal information we hold about you, and ask us to correct it if it is inaccurate. Contact us using the details below and we will respond within a reasonable time. If your information is managed by a provider in the platform (for example, as a participant or worker), please contact that provider directly, as they control those records.

How long we keep information

We keep personal information only for as long as it is needed for the purposes above, to meet our legal obligations, or for as long as our customer instructs us to retain data on their behalf, after which it is deleted or de-identified.

NDIS providers are generally required to keep records for at least 7 years, so where we hold records on a provider’s behalf we keep them for at least that period unless the provider directs otherwise. Some records may need to be kept longer under other laws (for example, certain health records relating to children).

Making a complaint

If you have a privacy concern, please contact our Privacy Officer first so we can try to resolve it. If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

Changes to this policy

We may update this policy from time to time. The “last updated” date above shows when it last changed, and significant changes will be made prominent.

Contact us

Our Privacy Officer can be reached at privacy@oneforce.com.au. Our registered business address is coming soon.

Questions about this page? Contact our Privacy Officer at privacy@oneforce.com.au .