1. [1.1]

   Identity

   Terrabit Pty Ltd (ABN: 56 689 756 830). Trading name: Terrabit.
2. [1.2]

   Privacy contact

   [email protected] · 1800 183 772

This Policy applies to personal information we handle as an Australian APP entity under the Privacy Act 1988 (Cth). It also describes additional information for individuals in the EEA/UK under the GDPR/UK GDPR.

3.1Categories of data

1. [3.1]

   Account & identity

   Name, email, company, role, authentication details (e.g., password hash or SSO tokens).
2. [3.2]

   Order & billing

   Purchase records, invoices, payment status, tax/billing details (card data handled by our payment processor).
3. [3.3]

   Portal content & files

   Content you upload (e.g., tasking instructions, AOIs/GeoJSON, notes, imagery). Unless a DPA states otherwise, we act as controller for portal data provided to us.
4. [3.4]

   Usage, device & logs

   IP address, device/user-agent, pages viewed, session timestamps, referrers, error logs.
5. [3.5]

   Cookies/analytics

   Identifiers and events from Google Analytics 4 where consented. See the Cookie Policy.
6. [3.6]

   Support & communications

   Messages sent to us and metadata necessary to route/answer them.
7. [3.7]

   Sensitive information

   We generally do not seek to collect sensitive information. If you choose to provide it, we will handle it as required by law and this Policy.

We collect personal information directly from you (e.g., forms, console, API), automatically through your use of our Services, and from third parties such as identity providers, payment processors, and service partners where lawful.

1. [5.1]

   Provide and operate the Services

   Account creation, authentication, portal operation, fulfilling orders, delivering imagery. Legal basis: contract performance; legitimate interests for continuity.
2. [5.2]

   Customer care & operations

   Responding to requests, troubleshooting, incident notifications. Legal basis: contract; legitimate interests.
3. [5.3]

   Security & abuse prevention

   Access controls, audit logs, incident detection and response, rate limiting. Legal basis: legitimate interests; legal obligation where applicable.
4. [5.4]

   Billing & compliance

   Invoicing, tax records, fraud checks. Legal basis: contract; legal obligation.
5. [5.5]

   Analytics & product improvement

   GA4 event metrics where consented; measurement of features. Legal basis: consent where required; legitimate interests for strictly necessary, non-identifying telemetry.
6. [5.6]

   Marketing communications (optional)

   News and updates if you opt in. Legal basis: consent; you may withdraw at any time.
7. [5.7]

   Recruitment

   Handling applications. Legal basis: steps prior to a contract; legitimate interests.

Where we rely on legitimate interests, we assess necessity and balance against your rights and expectations.

6.1Recipients / processors

1. [6.1]

   Hosting & infrastructure

   DigitalOcean (application hosting, storage, networking).
2. [6.2]

   Email & transactional

   SendGrid (operational email dispatch and delivery status).
3. [6.3]

   Analytics

   Google Analytics 4 (usage analytics, consent-based).
4. [6.4]

   Monitoring & errors

   Sentry (error/performance monitoring).
5. [6.5]

   Advisors & authorities

   Professional advisers and regulators where required by law or to protect our rights, users or Services.

6.2International transfers

Some providers may process data outside Australia (including the US or EU/UK). Where required, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) and apply supplementary measures such as encryption in transit and access controls.

We use TLS encryption in transit, database backups, role-based access controls, least-privilege administration, logging, and vendor due diligence. We regularly review and improve these measures as our Services evolve.

1. [8.1]

   Contract-specific retention

   Where an MSA or Order specifies retention for project data, that prevails.
2. [8.2]

   Portal uploads/content

   Retained as needed to provide the Service or as specified in contract; deleted or anonymised within 90 days after termination unless a longer legal retention applies.
3. [8.3]

   Account data

   For the life of the account and up to 24 months after closure.
4. [8.4]

   Order & billing records

   Retained for 7 years for tax/audit purposes.
5. [8.5]

   Web logs

   Retained for 30–90 days for security/operations.
6. [8.6]

   Analytics events (GA4)

   Retention set to a maximum of 14 months where enabled/consented.
7. [8.7]

   Support tickets

   Retained for 24 months.

Under the Australian Privacy Principles you may request access to and correction of your personal information. We will verify your identity and respond within applicable timelines (typically 30 days). If you are in the EEA/UK, you may also have rights to portability, restriction and objection, and to lodge a complaint with your data protection authority.

You may request anonymity or use a pseudonym for certain interactions where lawful and practical; however, some Services require identification to function.

We send electronic marketing messages only with consent or as otherwise permitted by the Spam Act 2003 (Cth). Messages include clear sender information and an unsubscribe facility. You can opt out at any time.

We use strictly necessary cookies to operate the site and, where you consent, Google Analytics 4 for usage analytics. You can change your choice anytime at /cookies.

Our Services are intended for business users. We do not knowingly collect personal information from children.

We may update this Policy to reflect operational or legal changes. We will post the updated version with a new “Last updated” date and, where appropriate, provide notice by email or in-app.

For privacy matters contact [email protected] or call 1800 183 772. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.