Encryption
All data is encrypted in transit using TLS 1.2+ and at rest using AES-256. Database backups are also encrypted and stored in geographically separate locations.
Security & Compliance
Your workforce data deserves the same protection as your financial data. Here's how we deliver it.
Last reviewed:
Access Controls
Role-based access control (RBAC) lets administrators define exactly what each team member can see and do. SSO and SCIM provisioning are available on higher-tier plans.
Audit Logging
Every significant action — roster changes, clock events, permission updates — is recorded in a tamper-resistant audit log available to workspace administrators.
Uptime & Reliability
TaskForceOne is engineered for high availability with redundant infrastructure, automated failover, and continuous monitoring. Check our status page for real-time uptime data.
Compliance
Australian Privacy Act 1988
TaskForceOne complies with the Australian Privacy Principles (APPs) under the Privacy Act 1988. We collect only the data necessary to deliver our services, store it securely within approved infrastructure, and give you full control over access and deletion.
GDPR
For customers with employees in the European Union, TaskForceOne supports GDPR requirements including data access requests, the right to erasure, data portability, and lawful processing documentation.
Fair Work Compliance
Our rostering and payroll modules are designed to help you meet Fair Work obligations including record-keeping requirements, maximum working hour limits, and award interpretation.
Our Security Practices
- Penetration Testing: We conduct regular third-party penetration tests and address findings promptly.
- Dependency Monitoring: Automated scanning alerts us to vulnerabilities in third-party libraries so we can patch quickly.
- Employee Access: Staff access to production systems follows the principle of least privilege and requires multi-factor authentication.
- Incident Response: We maintain a documented incident response plan and will notify affected customers promptly in the event of a data breach.
- Data Residency: Customer data is processed and stored within Australian infrastructure unless otherwise agreed.
- Backups: Automated daily backups with point-in-time recovery capabilities. Backups are encrypted and stored in a separate geographic region.
Have security questions?
Our team is happy to discuss security requirements, provide compliance documentation, or arrange a security review for enterprise evaluations.