This Privacy Policy explains how Structures Beneath Software Development ("SBSD," "we," "us," "our") (ABN: 78 685
041 427) collects, uses, stores, and protects your personal information in accordance with the Australian Privacy
Principles under the Privacy Act 1988 (Cth) and other applicable privacy laws.
By using our services, you agree to the collection and use of your information as described in this policy.
Contact Information:
Privacy Officer: Jack Edmondson
Address: Shop 6/43 Macrossan Street, Port Douglas, 4877, QLD, Australia.
Email: support@terra-manifests.com
Phone: 0436 440 979
Document Information:
Last Updated: 20th August 2025
Version: 2.0
We collect personal information necessary to provide our booking and travel services:
- Names of all passengers included in the booking
- Email address of the person making the booking
- Phone number of the person making the booking
- Additional information as requested by specific tour operators to provide optimal service, which may include:
- Dietary requirements
- Mobility needs
- Emergency contact details
- Ages of passengers (when required by operators)
- Swimming ability
We collect personal information:
- Directly from you through our website booking forms
- Through operator receptionists when you visit or phone tour operator offices who enter data on your behalf
- From tour operators when necessary for service provision
We collect names and ages (when required) of children under 18 if the adult making the booking includes their
details. We do not obtain separate parental consent for children's information as it is collected from the
parent/guardian making the booking.
We do not collect or store payment information. All payment processing is handled by our payment processors:
- Stripe (stores credit card and email details in the US with appropriate safeguards)
- Eway (via Commonwealth Bank)
For information about payment data handling, please refer to:
- Stripe Privacy Policy
- Eway Privacy Policy
We collect usage data including:
- Frequency of endpoint queries
- Geographic location of requests (aggregated, non-identifiable)
- General usage analytics to optimize our services
We collect and use your personal information for the following primary purposes:
- Booking creation and management - to process your travel bookings
- Service facilitation - to enable you to participate in booked activities
- Communication - to provide booking updates and customer support
- Emergency contact - phone numbers for urgent communication needs
- Service optimization - to help operators improve their services through aggregated demographic insights
- Legal compliance - to meet our legal and regulatory obligations
We share your personal information only with the specific tour operator you are booking with. This includes all information you have provided that is necessary for the operator to deliver their service optimally.
We use the following third-party service providers:
- Stripe and Eway for payment processing (we do not store payment data)
- Tour operators' systems for booking management
We do not sell your personal information to third parties.
If a tour operator terminates their relationship with us and requests customer data, we may charge an egress fee to cover the costs of staff time and equipment needed to facilitate data transfer, including reasonable formatting of data into the operator's preferred format.
We implement reasonable technical and organizational measures to protect your personal information:
- Data encryption in transit using HTTPS protocols
- Access controls ensuring operators can only access data relevant to their bookings
- Administrative controls restricting data modification to operator approved authorized individuals
We retain personal information for the following periods:
| Data Type | Retention Period | Reason |
|---|---|---|
| Booking records | 1 year after trip completion | Payment dispute resolution |
| Customer communications | 7 years | Customer service continuity |
| Transaction records | 7 years | Legal compliance requirements |
| Marketing data | 3 years | Service improvement |
| Blacklisted customer records | 7 years | Safety and fraud prevention |
| Payment information | Not stored | Handled by payment processors |
After retention periods expire, we either delete personal information or anonymize it so you cannot be identified.
Please refer to Stripe & Eway's websites for the most up to date information on their transfer procedures &
security.
At the time of writing Stripe stores credit card and email details in the United States with appropriate safeguards
including:
- PCI DSS Level 1 certification (highest security standard)
- SOC 1 and SOC 2 compliance
- Encryption and secure data handling practices
You have the right to:
- Access the personal information we hold about you
- Request correction of inaccurate or incomplete information
- Receive information about how we use your personal information
For Personal Information:
- You may request deletion of your personal information at any time
- We will process deletion requests within 30 days of receipt
- Exception: We may refuse deletion requests if:
- You have paid for services but have not yet travelled and have not cancelled or received a
refund
- Deletion would be unlawful under Australian law
- Deletion would interfere with a tour operator's legal responsibilities
For Non-Personal Information:
- Non-personal usage data becomes our exclusive property for business optimization purposes
- You may request deletion, but we reserve the right to refuse if we cannot associate the data with your request or we
have reason to suspect you are not the customer that the data relates to.
To exercise your privacy rights, contact us:
- Email: support@manifare.com with "Request of Deletion" in the subject line
- Phone: 0436 440 979
We do not currently use personal information for marketing purposes.
We do not use automated decision-making systems. Our payment processors (Stripe and Eway) may use automated fraud detection systems - please refer to their privacy policies for more information.
In the unlikely event of a data breach, our Director will:
1. Contain the breach by identifying the source and preventing further unauthorized access
2. Assess the impact by engaging third-party experts to examine the extent and cause
3. Notify affected individuals and relevant government authorities as required by law
4. Improve security by reviewing and enhancing our technical and organizational measures
If you have concerns about how we handle your personal information, you may:
- Contact our Privacy Officer, Jack Edmondson, at support@manifare.com or 0436 440 979
- Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au
Structures Beneath Software Development
ABN: 78 685 041 427
Address: Shop 6/43 Macrossan Street, Port Douglas, 4877, QLD, Australia
Email: info@manifare.com
Phone: 0436 440 979
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting the updated policy on our website and updating the "Last Updated" date.