Encryption
All data is encrypted in transit using TLS 1.2+ and at rest using AES-256. Database backups are also encrypted and stored in geographically separate locations.
Security & Compliance
Your workforce data deserves the same protection as your financial data. Here's how we deliver it.
Last reviewed: . See also our Privacy Policy.
Access Controls
Role-based access control (RBAC) lets administrators define exactly what each team member can see and do, with multi-factor authentication available for every account.
Audit Logging
Every significant action — roster changes, clock events, permission updates — is recorded in a tamper-resistant audit log available to workspace administrators.
Uptime & Reliability
TaskForceOne runs on managed cloud infrastructure with automated failover and continuous monitoring. We aim to keep the service available around the clock, with maintenance windows announced in advance.
Compliance
Australian Privacy Act 1988
TaskForceOne complies with the Australian Privacy Principles (APPs) under the Privacy Act 1988. We collect only the data necessary to deliver our services, store it securely within approved infrastructure, and give you full control over access and deletion.
Notifiable Data Breaches Scheme
If a data breach is likely to result in serious harm, we notify affected customers and the Office of the Australian Information Commissioner (OAIC) as soon as practicable, in accordance with Part IIIC of the Privacy Act 1988.
Fair Work Compliance
Our rostering and payroll modules are designed to help you meet Fair Work obligations including record-keeping requirements, maximum working hour limits, and award interpretation.
Our Security Practices
- Dependency Monitoring: Automated scanning alerts us to vulnerabilities in third-party libraries so we can patch quickly.
- Employee Access: Staff access to production systems follows the principle of least privilege and requires multi-factor authentication.
- Incident Response: We maintain a documented incident response plan and will notify affected customers promptly in the event of a data breach.
- Data Residency: Customer data is processed and stored within Australian infrastructure unless otherwise agreed.
- Backups: Automated daily backups with point-in-time recovery capabilities. Backups are encrypted and stored in a separate geographic region.
Have security questions?
Our team is happy to discuss security requirements, provide compliance documentation, or arrange a security review for enterprise evaluations.