Platform Status

Public Beta Disclosure

OneAddress is currently operating as a public beta. This page explains what that means for you, how your data is protected, and what protections are — and are not — in place during this phase.

Last updated: 29 April 2026

What “Public Beta” means

The OneAddress platform is fully built and operational. Address updates, identity verification, encrypted dispatch, and partner confirmations are all functioning end-to-end. However, OneAddress is not yet a publicly released commercial service.

During this phase:

The platform is open for sign-up while we onboard our first cohort of partners.
Features, pricing, and partner integrations may change before general availability.
Service availability is provided on a best-effort basis and is not covered by a formal SLA.
A third-party security penetration test is planned prior to public launch.

How your data is protected right now

The protections below are in place during the beta and are not contingent on launch:

Zero-knowledge encryption. Your home address is encrypted in your browser before it leaves your device. OneAddress never holds your address in plaintext. Our servers store only encrypted ciphertext — we cannot read it.
Identity verification data deleted immediately. During the verification process, your document photograph, selfie video, and OCR-extracted details are permanently deleted as soon as verification reaches a final state. We retain only a verification certificate (result, document type, timestamp, and an internal reference number).
Australian data residency. Your encrypted vault and identity verification data are processed and stored in Australia (AWS Sydney / Neon PostgreSQL ap-southeast-2 / Vercel syd1). Supporting services (Clerk authentication, Stripe payments, Resend email) may process limited account metadata in other jurisdictions per their own privacy policies.
Account deletion. You can delete your account at any time from the Settings tab in your dashboard. Deletion immediately and permanently removes your encrypted vault, identity verification sessions, and all associated records. There is no retention period — deletion is irreversible.

What is not yet in place

We are transparent about what is still being completed before public launch:

A formal third-party penetration test (scoping in progress).
Cyber-liability insurance (being assessed alongside the pen-test scope).
ISO 27001 or SOC 2 certification (planned post-launch once the user base is established).
A formal service-level agreement or uptime commitment.

By using OneAddress during the public beta you acknowledge that these certifications and commitments are not yet in place and accept the service on that basis.

Your rights

Request access to your data at any time — contact privacy@oneaddress.io.
Delete your account and all associated data immediately from the Settings tab.
Withdraw identity verification consent at any time (before a verification is started).
Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

Contact

For questions about this disclosure, the platform's security posture, or data handling:

OneAddress is operated by OneAddress Pty Ltd (ABN 43 696 078 869), Australia.

← Back to OneAddress

What “Public Beta” means

During this phase:

The platform is open for sign-up while we onboard our first cohort of partners.

Features, pricing, and partner integrations may change before general availability.

Service availability is provided on a best-effort basis and is not covered by a formal SLA.

A third-party security penetration test is planned prior to public launch.

How your data is protected right now

The protections below are in place during the beta and are not contingent on launch:

Zero-knowledge encryption. Your home address is encrypted in your browser before it leaves your device. OneAddress never holds your address in plaintext. Our servers store only encrypted ciphertext — we cannot read it.

Identity verification data deleted immediately. During the verification process, your document photograph, selfie video, and OCR-extracted details are permanently deleted as soon as verification reaches a final state. We retain only a verification certificate (result, document type, timestamp, and an internal reference number).

Australian data residency. Your encrypted vault and identity verification data are processed and stored in Australia (AWS Sydney / Neon PostgreSQL ap-southeast-2 / Vercel syd1). Supporting services (Clerk authentication, Stripe payments, Resend email) may process limited account metadata in other jurisdictions per their own privacy policies.

Account deletion. You can delete your account at any time from the Settings tab in your dashboard. Deletion immediately and permanently removes your encrypted vault, identity verification sessions, and all associated records. There is no retention period — deletion is irreversible.

What is not yet in place

We are transparent about what is still being completed before public launch:

A formal third-party penetration test (scoping in progress).

Cyber-liability insurance (being assessed alongside the pen-test scope).

ISO 27001 or SOC 2 certification (planned post-launch once the user base is established).

A formal service-level agreement or uptime commitment.

By using OneAddress during the public beta you acknowledge that these certifications and commitments are not yet in place and accept the service on that basis.

Your rights

Request access to your data at any time — contact privacy@oneaddress.io.

Delete your account and all associated data immediately from the Settings tab.

Withdraw identity verification consent at any time (before a verification is started).

Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.