AI Bloke Onboard collects some of the most sensitive personal information an employee can provide — Tax File Numbers, bank account details, and superannuation information. We take that responsibility seriously. Here is exactly how we protect it.
All data exchanged between your browser and our servers is encrypted using TLS 1.2+ (HTTPS). Employee records — including Tax File Numbers, bank account details, and superannuation information — are stored in an encrypted database. No sensitive data is ever transmitted or stored in plain text.
Every employer account operates in a fully isolated data environment. It is architecturally impossible for one employer to access another employer's employee records. Every database query is scoped to the authenticated employer's account identifier, enforced at the server level — not just the UI.
Invitation links sent to employees are cryptographically unique, single-use tokens. Each link expires automatically after 7 days and is permanently invalidated once the employee completes their onboarding. Expired or reused links are rejected by the server.
The platform enforces strict role separation. Employers can only access their own employees' data. The AI Bloke administrators have access to aggregate platform statistics only — they cannot view any employee personal information, Tax File Numbers, bank details, or superannuation data.
The platform is hosted on enterprise-grade cloud infrastructure with automated security patching, isolated network environments, and regular vulnerability assessments. Database backups are encrypted and stored in geographically redundant locations.
We operate in full compliance with the Privacy Act 1988 (Cth), the Australian Privacy Principles, and the Privacy (Tax File Number) Rule 2015. TFNs are handled under strict legal obligations and are never used for any purpose beyond payroll tax administration.
Superannuation fund details entered by employees are validated in real time against the Australian Taxation Office's Super Fund Lookup register. This ensures only compliant, APRA-regulated funds are accepted — protecting both the employee and the employer from incorrect super contributions.
In the event of a suspected data breach, we follow the Notifiable Data Breaches scheme under the Privacy Act. Affected individuals and the Office of the Australian Information Commissioner (OAIC) will be notified promptly in accordance with our legal obligations.
Privacy Act 1988 (Cth)
Australian Privacy Principles compliance
Privacy (TFN) Rule 2015
Tax File Number handling obligations
Notifiable Data Breaches
NDB scheme — mandatory breach notification
Fair Work Act 2009
Employee record-keeping requirements
Super Guarantee Act 1992
Superannuation compliance obligations
ATO Super Fund Lookup
Real-time fund validation at point of entry
If you have a security concern, a vulnerability to report, or questions about how we handle data, please contact us directly.
Contact our Privacy OfficerFor our full Privacy Policy, see