Trust & Security

Security built for the Fortune 500.

Your data stays yours. OneStaff.ai runs with bank-grade encryption, granular permissions and a complete audit trail — certified to the standards your security team already trusts.

Last updated: 23 June 2026

Certifications & compliance

We hold and maintain the certifications enterprise buyers expect, and we map our controls to recognised frameworks.

  • SOC 2 Type II — independently audited controls for security, availability and confidentiality.
  • GDPR & CCPA — privacy by design, with a Data Processing Addendum available on request.
  • ISO 27001-aligned information security management practices.

Encryption

All data is encrypted in transit with TLS 1.2+ and at rest with AES-256. Secrets and keys are managed in a dedicated key-management service with strict rotation and access policies.

Access control & identity

  • SSO & SCIM — connect your identity provider for single sign-on and automated user provisioning.
  • Role-based access control — least-privilege permissions for every user and agent.
  • Guardrails & approvals — set limits and policies; anything outside them is escalated to a human.

Infrastructure & data residency

OneStaff.ai runs on hardened cloud infrastructure with network isolation, continuous patching and least-privilege service accounts. Customers can choose the region where their data is stored, and teams with stricter requirements can use private or self-hosted model options.

AI governance & auditability

Every decision the AI makes is logged and explainable, with a complete audit trail ready for any review. We do not use customer workspace content to train foundation models for other customers, and human oversight is built into sensitive workflows.

Monitoring & incident response

We monitor our systems around the clock, log security-relevant events, and maintain a documented incident-response plan. In the event of an incident affecting your data, we will notify affected customers as required by law and our agreements.

Vulnerability management

We perform regular vulnerability scanning and periodic third-party penetration testing, and we remediate findings on a risk-prioritised basis as part of a secure development lifecycle.

Business continuity

Automated backups, redundancy and tested recovery procedures keep the Service resilient and your data durable.

Responsible disclosure

Found a security issue? We appreciate responsible disclosure. Email info@onestaff.ai with details and we will respond promptly. Please do not access or modify data that isn't yours while testing.

Questions?

For security documentation, our DPA, subprocessor list or a questionnaire, contact info@onestaff.ai. See also our Privacy Policy.