Skip to content
OneCore
OC

My Company

Powered by OneCore

HomePeopleScheduleMessagesPropertyFinanceVendorsAnnouncementsNotificationsApplications
Settings
U

User

← Settings

Your Data, Your Control

Plain-English summary of how OneCore protects your data.

Where your data lives

Your hotel data (staff records, schedules, payroll, invoices) is stored in a secure database on Supabase — a SOC 2 Type II certified platform. We use US East servers.

How your files are stored depends on the workflow:

  • Staff documents: stored in your connected Google Drive, Dropbox, or Box — never in OneCore
  • Applicant resumes: temporarily stored during the hiring review process, deleted on request
  • Handbooks: stored in OneCore for staff access

How we protect it

  • All data encrypted at rest (AES-256) and in transit (TLS 1.2+)
  • Access tokens for Google Drive or Dropbox are encrypted with an additional symmetric encryption layer before being stored
  • Key administrative actions are recorded in your audit log — you can review it any time in Settings → Audit Log
  • Database-level row security (RLS) means every query is automatically scoped to your account — not something that can be accidentally misconfigured in app code

Who can see your data

Only you and team members you explicitly invite can access your hotel's data.

OneCore platform administrators may access your workspace for technical support. All such access is logged in the audit trail.

Your data is never shared with or sold to third parties.

What we store vs. what we don't

We store:

  • Staff names, roles, departments, schedules
  • Payroll records and hours (extracted from your uploaded files)
  • Invoices and vendor records
  • Work orders, guest issues, tasks

We never store:

  • Employee SSNs, bank account numbers, or passport numbers
  • Sensitive government identity documents
  • Staff document files — those stay in your storage (Drive / Dropbox / Box)

Your rights

  • Export: Contact privacy@onecoreapp.ai to request a full data export (CSV format)
  • Delete: Request full account deletion at privacy@onecoreapp.ai — we remove all data within 30 days
  • Portability: All exports are standard CSV — no proprietary formats
  • Correction: Contact us to correct any inaccurate data we hold

Questions?

Email privacy@onecoreapp.ai for any questions about how we handle your data.

For security vulnerability reports, email security@onecoreapp.ai

We aim to respond to all privacy inquiries within 2 business days.

Last updated March 2026

HomeScheduleMessagesMe
OneCore Assistantscaffold
Hi, I'm the OneCore Assistant. I can help you navigate the platform, summarise operational data, and surface insights. How can I help?