Privacy Policy

ARCHER — Multi-Tenant Customer Relationship Management Platform

Version 2.1 | Effective Date: 1 June 2026

Owned & developed by Essential Services Guide Pty Ltd ABN 54 629 234 760 | Operated by Custos Group Pty Ltd ABN 66 667 179 339

Applies to all users of the Archer platform and Client Portal.

Document Version Control

Version 2.1 — Effective 1 June 2026. Prepared by Essential Services Guide Pty Ltd.

Summary of changes: Updated to reflect dual-entity structure: Essential Services Guide Pty Ltd (owner/developer) and Custos Group Pty Ltd (operator/legal entity/data controller). Contextual attribution applied throughout. Approved by Essential Services Guide Pty Ltd.

This document must be updated each time it is revised. All revisions require written approval by an authorised representative of Essential Services Guide Pty Ltd.

Plain English Summary — What This Policy Means For You

Archer is owned and developed by Essential Services Guide Pty Ltd (ABN 54 629 234 760) and operated by Custos Group Pty Ltd (ABN 66 667 179 339). Custos Group is the entity responsible for your data.
We collect your name, email, and contact details when you sign up — that's mostly it for Client Portal Users.
If you are a Client Portal User: The business that gave you portal access controls the records they hold about you. For those records, contact that business directly. For your Archer account details, contact us.
We do not sell your personal information. Ever.
You can ask us to access, correct, or delete your Archer account data at any time by emailing helpdesk@teamarcher.com.au.
If there is ever a data breach that affects you, we will tell you as soon as practicable in line with Australian law.
This policy is governed by the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

The full privacy policy follows below. The summary above does not replace it.

Your Privacy Matters — Please Read This Policy Carefully

This Privacy Policy ("Policy") describes how Custos Group Pty Ltd ABN 66 667 179 339 ("we," "us," or "our"), the operator of the Archer platform, collects, uses, stores, discloses, and protects personal information. Archer is owned and developed by Essential Services Guide Pty Ltd ABN 54 629 234 760. This Policy is made in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). By accessing or using Archer in any capacity, you agree to the practices described in this Policy.

1. Who We Are

Archer is owned and developed by Essential Services Guide Pty Ltd and operated by Custos Group Pty Ltd. Custos Group Pty Ltd is the operating entity responsible for your personal information and privacy compliance. Contact details for both entities are as follows:

Custos Group Pty Ltd — ABN: 66 667 179 339 (Operator)

Essential Services Guide Pty Ltd — ABN: 54 629 234 760 (Owner & Developer)

Address: PO Box 9047, Sale VIC 3853

Website: teamarcher.com.au

Email: helpdesk@teamarcher.com.au

For all privacy-related enquiries, requests, or complaints, please contact Custos Group Pty Ltd at the details above.

2. Scope of This Policy

This Policy applies to personal information collected through all Archer touchpoints, including:

The Archer web application and Tenant workspace portals across all supported platforms (web, iOS, Android);
The Tenant sign-up and login flows;
The Client Portal — the dedicated application through which Tenant clients access information shared by their Tenant; and
Any communications between users and Archer support or administrative teams.

This Policy does not apply to third-party services linked to or integrated with the Platform.

3. Roles & Data Responsibilities

Understanding who is responsible for personal information on the Archer platform is important, particularly for Client Portal Users.

3.1 Archer as Data Controller

Custos Group Pty Ltd ABN 66 667 179 339 is the APP entity and data controller for:

Account registration data for all user roles;
Platform usage and technical data collected automatically; and
Billing and payment information for Tenant Admins.

3.2 Tenants as Data Controllers for Their Clients

Each Tenant is an independent data controller for personal information they collect, load, or manage about their own clients. Tenants are responsible for complying with the Privacy Act 1988 (Cth), the APPs, and any other applicable laws in their dealings with their clients. Custos Group Pty Ltd, as the operating entity, is the APP entity responsible for Archer's own compliance with the Privacy Act 1988 (Cth).

3.3 Archer as Data Processor for Tenant Client Data

In relation to personal information a Tenant holds about their clients within the Archer platform, Custos Group Pty Ltd acts as a data processor — handling that data on behalf of and under the instruction of the Tenant. Neither Custos Group Pty Ltd nor Essential Services Guide Pty Ltd uses Tenant client data for any purpose other than providing the Platform services.

3.4 What This Means for Client Portal Users

If you are a Client Portal User:

Archer collects and controls your account registration data (name, email, phone number);
Your Tenant controls the client records and information they hold about you within their workspace;
To exercise rights in relation to data your Tenant holds about you, contact your Tenant directly; and
To exercise rights in relation to your Archer account registration data, contact us at helpdesk@teamarcher.com.au.

4. Information We Collect

4.1 Information You Provide Directly

Full legal name and preferred name;
Business name and trading name (Tenant Admins);
Email address and contact telephone number;
Business address and ABN/ACN (Tenant Admins);
Billing and payment information (Tenant Admins — processed securely via our payment provider);
Login credentials (stored in encrypted form — we never store plain-text passwords); and
Profile information and account preferences.

4.2 Information Collected Automatically

IP address and approximate geographic location;
Device type, operating system, and browser type;
Session data including pages visited, features used, and time spent;
Log data including error reports and platform activity; and
Cookies and similar tracking technologies (see Section 11).

4.3 Information About Client Portal Users Provided by Tenants

Tenants may provide Archer with certain details about their clients (such as name and email) when setting up Client Portal access. This information is used solely to facilitate Client Portal registration. The Tenant remains the data controller for any such information.

5. How We Use Your Information

5.1 Providing and Operating the Platform

Creating and managing your Account;
Authenticating your identity and maintaining platform security;
Processing Subscription payments and managing billing (Tenant Admins);
Enabling platform features appropriate to your role; and
Facilitating the Client Portal experience as configured by the Tenant.

5.2 Improving the Platform

Analysing usage patterns to improve features and user experience;
Diagnosing technical issues and performance problems; and
Conducting internal research using aggregated, anonymised data.

5.3 Communications

Sending transactional messages such as account confirmations, password resets, and billing receipts;
Notifying you of material changes to this Policy or the Terms and Conditions;
Providing platform updates, maintenance notices, and support communications; and
Sending marketing or promotional communications only where you have consented, in compliance with the Spam Act 2003 (Cth). You may opt out at any time using the unsubscribe link in any marketing email or by contacting helpdesk@teamarcher.com.au.

5.4 Legal and Compliance Obligations

Complying with the Privacy Act 1988 (Cth), the APPs, and other applicable laws;
Responding to valid legal requests including court orders and regulatory investigations;
Enforcing our Terms and Conditions and platform policies; and
Detecting, preventing, and responding to fraud, abuse, and security incidents.

6. Legal Basis for Processing

Contract: Processing is necessary to provide the Platform services under our Terms and Conditions.

Legitimate Interests: Processing is necessary for our legitimate business interests, including platform security, fraud prevention, and service improvement, where those interests are not overridden by your rights.

Legal Obligation: Processing is required to comply with the Privacy Act 1988 (Cth), the APPs, and other applicable laws.

Consent: Where we rely on consent (e.g. marketing communications under the Spam Act 2003 (Cth)), you may withdraw it at any time by contacting helpdesk@teamarcher.com.au.

7. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share it only as follows:

7.1 Within the Platform — Role-Based Access

Global Admins may access Tenant account details for platform governance and support;
Tenant Admins may access Team Member and Client Portal User account details within their workspace;
Team Admins may access Team Member information within their team; and
Client Portal Users can only access their own profile and information their Tenant has explicitly shared with them.

7.2 Client Portal — Tenant Access to Client Data

Within the Client Portal context, the Tenant and their authorised Team Members can view and manage the client records held in their workspace. Archer personnel may access Client Portal User data only where strictly necessary for platform support and security.

7.3 Service Providers

We engage trusted third-party service providers including cloud hosting, payment processing, email delivery, analytics, and security services. All are contractually required to handle personal information in accordance with this Policy and the APPs.

7.4 Legal Requirements

We may disclose personal information if required by the Privacy Act 1988 (Cth), a court order, or regulatory investigation, or to protect the rights, property, or safety of Archer, our users, or the public.

7.5 Business Transfers

In the event of a merger, acquisition, or sale of our business, personal information may be transferred as part of that transaction. We will provide notice before your personal information becomes subject to a different privacy policy.

8. Multi-Tenancy & Data Isolation

Each Tenant's workspace data is logically isolated and inaccessible to other Tenants;
Client Portal Users can only access their own profile and content their Tenant has explicitly shared with them;
Client Portal Users cannot view other clients' data, Tenant workspace data, or administrative information; and
Archer enforces these boundaries through technical access controls, encryption, and role-based permissions.

9. Data Retention

Active Account data is retained for the duration of your account activity;
Upon termination of a Tenant Subscription, all workspace data — including Client Portal User account data — is retained for 30 days to allow data export, then permanently deleted;
Billing and financial records are retained for a minimum of 7 years as required by Australian taxation and financial legislation;
Log and security data is retained for up to 12 months; and
Anonymised, aggregated analytics data may be retained indefinitely.

Client Portal Users wishing to have their account data deleted should contact their Tenant first, or contact Archer at helpdesk@teamarcher.com.au. Deletion requests will be actioned within 30 days, subject to legal retention obligations.

10. Data Security

Encryption of data in transit using TLS (Transport Layer Security);
Encryption of data at rest using industry-standard protocols;
Role-based access controls limiting access to authorised personnel only;
Multi-tenant data isolation to prevent cross-tenant access;
Secure password hashing — we never store plain-text passwords;
Regular security assessments and vulnerability testing; and
Incident response procedures to detect, contain, and respond to data breaches.

In the event of a data breach that is likely to result in serious harm to any individual, Archer will comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth) and will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable.

11. Cookies & Tracking Technologies

The Platform and Client Portal use cookies and similar technologies. We use the following types:

Essential Cookies: Required for the Platform and Client Portal to function, including authentication and session management. These cannot be disabled.

Functional Cookies: Remember your preferences and settings to personalise your experience.

Analytics Cookies: Help us understand how users interact with the Platform and Client Portal. Data is aggregated and anonymised where possible.

The Archer Platform and Client Portal do not use advertising cookies or cross-site tracking technologies. We do not sell data derived from cookies to third parties.

The Archer Platform honours Do Not Track (DNT) browser signals where technically practicable. You may also manage cookie preferences through your browser settings, though disabling certain cookies may affect Platform or Client Portal functionality.

12. International Data Transfers

Archer is operated from Australia by Essential Services Guide Pty Ltd. If you access the Platform from outside Australia, your personal information may be transferred to and processed in Australia.

Where we engage third-party service providers outside Australia, we take steps to ensure transfers comply with APP 8 of the Privacy Act 1988 (Cth) and that appropriate contractual safeguards are in place.

13. Your Privacy Rights

Under the Privacy Act 1988 (Cth) and the APPs, you have the following rights in relation to your personal information:

Right of Access (APP 12): You may request a copy of the personal information we hold about you.

Right to Correction (APP 13): You may request correction of inaccurate or incomplete personal information.

Right to Deletion: You may request deletion of your personal information, subject to our legal retention obligations.

Right to Portability: You may request a copy of your personal information in a structured, machine-readable format (CSV or JSON where technically practicable).

Right to Object: You may object to processing where we rely on legitimate interests.

Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

13.1 How to Exercise Your Rights

To exercise rights in relation to data Archer controls (your account registration data): contact us at helpdesk@teamarcher.com.au.

If you are a Client Portal User and wish to exercise rights in relation to data your Tenant holds about you: contact your Tenant directly in the first instance, as they are the data controller for that information.

We will respond to all requests within 30 days. We may need to verify your identity before processing your request.

14. Children's Privacy

The Archer platform and Client Portal are not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided personal information without appropriate consent, contact us at helpdesk@teamarcher.com.au and we will take steps to delete it.

15. Third-Party Links & Integrations

The Platform and Client Portal may contain links to third-party websites or integrate with third-party services. This Policy does not apply to those third-party services. We encourage you to review their privacy policies before providing personal information.

16. Force Majeure

Archer will not be liable for any failure or delay in performing our obligations under this Policy due to causes beyond our reasonable control, including acts of God, cyberattacks, pandemic, natural disaster, or government action. We will notify affected users as soon as practicable and take all reasonable steps to restore normal operations.

17. Changes to This Privacy Policy

We may update this Policy from time to time. When we make material changes, we will:

Update the version number and effective date;
Update the Document Version Control table;
Notify Tenant Admins via email or in-platform notification at least 14 days before changes take effect; and
Where changes materially affect Client Portal Users, Tenant Admins will be asked to notify their clients accordingly.

Continued use of the Platform after the effective date of any updated Policy constitutes acceptance of the changes.

18. Complaints & Contact

If you have a complaint about how we handle your personal information, please contact us first:

Privacy Officer — Custos Group Pty Ltd

Email: helpdesk@teamarcher.com.au

Post: PO Box 9047, Sale VIC 3853

Website: teamarcher.com.au

We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days.

If you are a Client Portal User and your complaint relates to how your Tenant handles your information, please contact your Tenant directly in the first instance.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

Website: www.oaic.gov.au

Phone: 1300 363 992

Post: GPO Box 5218, Sydney NSW 2001

Archer | Custos Group Pty Ltd ABN 66 667 179 339 | PO Box 9047, Sale VIC 3853 | helpdesk@teamarcher.com.au

Privacy Policy v2.1 | Effective 1 June 2026 | Governed by the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

Back to registration