Skip to content
OneForce Care
Legal & trust

Security

The safeguards that protect sensitive care data on the platform.

Last updated · 24 June 2026

OneForce Care holds sensitive information about participants and workers, so security is built into how the platform is designed and operated. This page summarises our key practices. It works alongside our Privacy Policy and Data residency page.

Australian hosting

The platform and its data are hosted with reputable, enterprise-grade cloud infrastructure located in Australia. Customer and participant data is stored in Australia. See Data residency for more.

Encryption

Data is encrypted in transit using TLS, and encrypted at rest. Connections to the platform are served over HTTPS.

Data separation and access control

Each provider organisation’s data is kept separate and protected at the database level, so an organisation can only access its own records. Within an organisation, access follows role-based permissions, and signing in requires authentication. We apply the principle of least privilege for internal access to systems.

Audit logging

The platform records audit logs of significant actions and sign-in events, supporting accountability and investigation if something looks wrong.

Backups and resilience

We take regular, automated backups, stored in Australia, so data can be recovered if something goes wrong.

Keeping software current

We keep platform software and dependencies maintained and patched, and monitor for issues that could affect security or availability.

Our people

Access to production data is limited to authorised personnel and governed by confidentiality obligations. As our team grows, we will expand our internal access and security controls to match.

Reporting a vulnerability

If you believe you have found a security vulnerability, please email hello@oneforce.com.au with the details. Please give us a reasonable opportunity to investigate and remediate before any public disclosure, and do not access or modify data that is not yours.

If a data breach occurs

We maintain processes to detect, assess and respond to data incidents. Where an eligible data breach is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner in line with the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth).

Contact

Security questions? Email hello@oneforce.com.au.

Questions about this page? Contact our Privacy Officer at privacy@oneforce.com.au .