TaskForceOne logo TaskForceOne

Privacy Policy

Effective date: April 29, 2026

About This Policy

TaskForceOne is operated in Australia and is currently offered to Australian businesses only. We comply with the Australian Privacy Act 1988 and the 13 Australian Privacy Principles (APPs). The service is not marketed or made available to customers outside Australia at this time.

This policy applies to everyone who uses the TaskForceOne website, mobile apps, and platform. For details on cookies and similar technologies, see our Cookie Policy. For information on how we secure your data, see our Security page.

Our Role: Controller and Processor

For account-level information you give us directly (your name, email, billing details, login credentials), TaskForceOne is the data controller — we decide why and how the data is processed.

For workforce data your organisation enters into TaskForceOne (your employees' shifts, timesheets, leave records, messages, and similar records), we act as a data processor on behalf of your organisation. Your organisation is the controller, and any access, correction, or deletion request from one of its employees should generally be directed to that organisation's administrator.

Information We Collect

Account and billing data

  • Name, email address, phone number (optional), and password hash
  • Organisation name, business address, ABN (if provided), industry, timezone
  • Role and access permissions within your organisation
  • Billing contact, payment method tokens (held by Stripe — we do not store card numbers)
  • Subscription plan, invoice history, and tax records

Workforce data uploaded by your organisation

  • Employee profiles: name, email, phone, position, location, hourly rate, employment type
  • Rosters, shifts, shift swaps, leave requests, and availability
  • Time and attendance: clock-in and clock-out events, breaks, timesheets
  • Approximate location at clock-in (where GPS clock-in is enabled per location or position)
  • Messages, group chats, attachments, reactions, and read receipts created in the messenger
  • Notes, comments, and audit-trail records of changes

Technical and device data

  • Device type, operating system, app version, browser, IP address
  • Usage logs and event analytics needed to operate and secure the service
  • Push notification tokens (for iOS, Android, and web push)
  • Crash and error diagnostics

How and Why We Use Information

We use your data only for the purposes listed below:

  • Deliver the service — process rosters, timesheets, leave, and messages
  • Manage your account and bill you — billing, tax compliance, customer support
  • Keep the service secure — abuse prevention, fraud detection, fix bugs and outages
  • Communicate with you — service notifications, product updates
  • Improve the product — aggregate analytics on feature usage
  • Meet legal obligations — record-keeping, lawful requests, regulatory reporting

We do not sell personal information, and we do not use your data to train machine-learning models for unrelated products.

Subprocessors

To run TaskForceOne we use a small number of trusted service providers ("subprocessors"). They process data only on our instructions and under contract. Our current subprocessors are:

  • Amazon Web Services (Sydney region, ap-southeast-2) — hosting, storage, and transactional email via SES
  • Stripe — payment processing and billing
  • Google Firebase Cloud Messaging — push notifications to mobile and web devices
  • Sentry — error monitoring and crash diagnostics
  • Xero — payroll integration, where you have connected your Xero account

We update this list when subprocessors change. If you would like advance notice of changes, contact us at [email protected].

Where Your Data Is Stored

Customer data is stored and processed within Australian infrastructure (AWS Sydney, ap-southeast-2). Some subprocessors — such as Stripe, Firebase, and Sentry — process limited data internationally to deliver their services. Where any data is transferred outside Australia, we rely on contractual safeguards with those providers to ensure equivalent protection consistent with APP 8.

How Long We Keep Data

  • Account data — for as long as your organisation uses TaskForceOne, then deleted within 90 days of account closure (subject to legal obligations).
  • Time, attendance, and roster records — retained for at least 7 years to meet Australian Fair Work record-keeping obligations. After account closure these records are anonymised; identifying data is removed.
  • Billing and tax records — retained for at least 5 years as required by Australian tax law.
  • Audit logs and security events — retained for up to 12 months.
  • Backups — encrypted backups follow a rolling retention window and may briefly contain deleted records until they age out.

Your Rights

You can request to access, correct, export, or delete personal data we hold about you. Where you are an employee using TaskForceOne, please first contact your organisation's administrator, since they control the data. For account holders, see our Account Deletion page or email [email protected].

If you believe your personal information has been mishandled, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

Data Breach Notification

If we become aware of a data breach that is likely to result in serious harm, we will notify affected customers and the OAIC as soon as practicable, in accordance with the Notifiable Data Breaches scheme (Privacy Act 1988, Part IIIC).

Children

TaskForceOne is not intended for use by children under 16. We do not knowingly collect personal information from anyone under 16. If you believe a minor has provided us with personal information, contact us and we will delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date above and notify customers by email or in-app message at least 14 days before changes take effect.

Contact

If you have questions about this policy, our data practices, or want to exercise your rights, email us at [email protected]. We aim to respond within two business days.