Platform StatusPublic Beta Disclosure
OneAddress is currently operating as a public beta. This page explains what that means for you, how your data is protected, and what protections are, and are not, in place during this phase.
Last updated: 29 April 2026
What “Public Beta” means
The OneAddress platform is fully built and operational. Address updates, identity verification, encrypted dispatch, and partner confirmations are all functioning end-to-end. However, OneAddress is not yet a publicly released commercial service.
During this phase:
- The platform is open for sign-up while we onboard our first cohort of partners.
- Features, pricing, and partner integrations may change before general availability.
- Service availability is provided on a best-effort basis and is not covered by a formal SLA.
- A third-party security penetration test is planned prior to public launch.
How your data is protected right now
The protections below are in place during the beta and are not contingent on launch:
- Zero-knowledge encryption. Your home address is encrypted in your browser before it leaves your device. OneAddress never holds your address in plaintext. Our servers store only encrypted ciphertext, we cannot read it.
- Identity verification data deleted immediately. During the verification process, your document photograph, selfie video, and OCR-extracted details are permanently deleted as soon as verification reaches a final state. We retain only a verification certificate (result, document type, timestamp, and an internal reference number).
- Australian data residency. Your encrypted vault and identity verification data are processed and stored in Australia (AWS Sydney / Neon PostgreSQL ap-southeast-2 / Vercel syd1). Authentication is handled by our first-party system hosted entirely within Australia. Supporting services (Stripe payments, Resend email) may process limited account metadata in other jurisdictions per their own privacy policies.
- Account deletion. You can delete your account at any time from the Settings tab in your dashboard. Account deletion is scheduled with a 48-hour grace period, after which all personal data, your encrypted vault, identity verification sessions, and all associated records, is permanently and irreversibly removed.
What is not yet in place
We are transparent about what is still being completed before public launch:
- A formal third-party penetration test (scoping in progress).
- ISO 27001 or SOC 2 certification (planned post-launch once the user base is established).
- A formal service-level agreement or uptime commitment.
By using OneAddress during the public beta you acknowledge that these certifications and commitments are not yet in place and accept the service on that basis.
Your rights
- Request access to your data at any time, contact privacy@oneaddress.io.
- Delete your account and all associated data immediately from the Settings tab.
- Withdraw identity verification consent at any time (before a verification is started).
- Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
Contact
For questions about this disclosure, the platform's security posture, or data handling:
OneAddress is operated by OneAddress Pty Ltd (ABN 43 696 078 869), Australia.