Section 1: Privacy Policy  

Effective Date: April 26, 2025

Introduction

Archer Access LLC (“Company,” “we,” “us,” or “our”) operates the website https://www.archeraccess.com and provides the Dataship platform (“Platform”), which includes our web application, integrations, and related services (collectively, the “Services”). We are committed to protecting the privacy and security of our users, customers, and visitors. This Privacy Policy explains how we collect, use, disclose, and safeguard your Personal Data when you access or use our Platform.

By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy and agree to its terms. If you do not agree, you must discontinue use of the Platform and Services.

 

Definitions

For purposes of this Policy, the following terms have the meanings set forth below. Other capitalized terms not defined here have the meanings given to them elsewhere in this Policy or in our Terms of Service.

• "Affiliate" – Any entity that directly or indirectly controls, is controlled by, or is under common control with Archer Access LLC.

• "Data Controller" / "Controller" – The entity that determines the purposes and means of processing Personal Data.

• "Data Processor" / "Processor" – The entity that processes Personal Data on behalf of the Controller.

• "Personal Data" – Any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, to an identified or identifiable natural person, as defined by applicable law.

• "Platform" – The Archer Access LLC websites, software applications, APIs, and related services provided by us.

• "Process" / "Processing" – Any operation or set of operations performed on Personal Data, whether automated or not, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, transmission, dissemination, alignment, restriction, erasure, or destruction.

• "Services" – All products, software, and services provided by Archer Access LLC, including but not limited to the Platform, integrations, support, and related offerings.

• "Subprocessor" – A third party engaged by Archer Access LLC to process Personal Data on our behalf.
  "User" / "Customer" – Any individual or entity who accesses or uses the Platform or Services.

• "You" / "Your" – The individual or entity accessing or using the Platform or Services.

 

Information We Collect

We collect the following types of Personal Data, which you provide directly to us or which we collect automatically during your use of our Platform and Services. This list is illustrative and not exhaustive:

• Data You Provide Directly – Such as your name, email address, phone number, company name, billing information, uploaded files, support requests, and any other information necessary to deliver the Services.

• Authentication Data – Login credentials, password reset information, multi-factor authentication details, security questions, and related security settings.

• Financial Information – Payment method details processed securely through trusted third-party payment processors (e.g., Stripe). We do not directly access, store, or collect your complete credit card information.

• Platform Usage Data – IP addresses, device and browser information, operating system details, activity logs, timestamps, referring URLs, and actions taken within the Platform.

• Communications – Records of support chats, emails, contact form submissions, and other communications between you and our team.

• Other Information – Any additional information you choose to provide, as well as any data collected for legal compliance, fraud prevention, security, analytics, or other purposes described in this Policy.
   

This section also serves as our “Notice at Collection” for California residents as required by the CCPA/CPRA.

Your Privacy Rights (California CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know – Request information about the categories and specific pieces of Personal Data we have collected, used, disclosed, or shared.

• Right to Delete – Request deletion of Personal Data we have collected, subject to certain exceptions.

• Right to Correct – Request correction of inaccurate Personal Data we maintain.

• Right to Opt-Out of Sharing – Request that we not share your Personal Data for cross-context behavioral advertising.

• Right to Non-Discrimination – We will not discriminate against you for exercising your privacy rights.
   

We do not sell Personal Data.
 

How to Exercise Your Rights:
You may submit a request by emailing info@archeraccess.com. Please include your name, email address, and a description of your request. We may require additional information to verify your identity or the authority of your authorized agent.

 

When We Act as a Processor

In certain cases, our Customers use the Platform to upload, store, or process Personal Data about their own employees, clients, vendors, or other individuals. In these situations, the Customer is the Data Controller, and Archer Access LLC acts solely as a Data Processor, processing such Personal Data only on the Customer’s documented instructions and in accordance with applicable law.
 

The terms governing our processing of Personal Data on behalf of Customers are set out in our Data Processing Addendum (DPA), which forms part of and is incorporated into this Privacy Policy by reference.

 

How We Use Personal Data

We use Personal Data for purposes that are necessary, useful, lawful, or otherwise related to the operation, improvement, and protection of our Platform, Services, business, and legal interests. These purposes include, but are not limited to:

• Providing and improving Services – Delivering, maintaining, and enhancing the Platform; enabling features and integrations; and tailoring user experiences.

• Account management and security – Creating accounts, verifying identity, authenticating logins, managing permissions, and preventing unauthorized access or fraud.

• Transactions and payments – Processing orders, subscriptions, renewals, refunds, invoices, and receipts.

• Communications – Responding to inquiries, sending important notices, and delivering service-related or promotional messages where permitted by law.

• Technical support and issue resolution – Addressing support requests, troubleshooting, and ensuring system maintenance.
  Analytics and business operations – Monitoring usage trends, performing analysis, and supporting strategic planning.

• Product development – Designing, testing, and improving new features and services.

• Marketing and promotions – Advertising our Services and sending offers where legally allowed.

• Legal and compliance – Meeting legal obligations, cooperating with authorities, and enforcing our agreements.

• Corporate transactions – Supporting mergers, acquisitions, reorganizations, or other business transfers.

• Other purposes – Any additional purpose described at the time of collection, permitted by law, or carried out with your consent.
   

We may combine data from multiple sources and retain it as long as necessary for these purposes, unless a longer period is required or permitted by law.

​
 

Sharing of Personal Data
 

We do not sell Personal Data.

However, we may share Personal Data in accordance with applicable law and as reasonably necessary to operate our business, deliver and improve our Services, comply with legal obligations, or protect our legitimate interests. Such sharing may occur in the following circumstances:
 

Affiliates and Related Entities – We may share Personal Data with our parent company, subsidiaries, joint ventures, and other affiliated entities for purposes including, but not limited to, improving and developing our Services, responding to inquiries, providing technical or customer support, and assisting in operational, financial, and administrative functions.
 

Service Providers and Subprocessors – We engage carefully selected third parties to perform services on our behalf, such as payment processing, cloud hosting, data analytics, customer communications, marketing support, and information security. These parties are provided access only to the Personal Data necessary to perform their duties and are contractually obligated to maintain the confidentiality and security of such data.
 

Business Transactions – In the event of a merger, acquisition, reorganization, sale of assets, financing, or similar corporate transaction involving Archer Access LLC, Personal Data may be transferred as part of the transaction. Any recipient of such data will be permitted to use it only in accordance with this Privacy Policy, unless otherwise agreed by you or required by law.
 

Legal, Regulatory, and Compliance Obligations – We may disclose Personal Data when required to do so by law, subpoena, court order, or governmental request, or when we, in our sole discretion, believe that such disclosure is reasonably necessary to:

• Comply with applicable laws and regulations

• Cooperate with law enforcement or regulatory investigations

• Enforce our agreements, policies, or terms of use

• Protect the rights, property, safety, or security of our company, our users, or others

• Detect, prevent, or address suspected fraud, unauthorized access, or other illegal or harmful activities

• Safeguard our operations, reputation, and legal interests

• Pursue available remedies or limit potential damages
   

With Your Consent – We may share Personal Data with third parties when you have provided consent for such disclosure. We reserve the right to combine Personal Data with other information we collect or receive and to share such combined information in accordance with this Privacy Policy.
 

Data Security

Users’ Personal Data is stored on secure, third-party cloud servers. We implement a combination of administrative, technical, and physical safeguards designed to protect Personal Data against unauthorized access, disclosure, alteration, or destruction. These measures may include encryption in transit and at rest, firewalls, intrusion detection and prevention systems, access controls, network monitoring, and regular security testing.
 

While we take reasonable steps to protect Personal Data, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot and do not guarantee absolute security of information transmitted to or stored on the Platform.
 

You are responsible for maintaining the confidentiality of any login credentials, passwords, and other account information, and for taking reasonable precautions to protect your Personal Data when using the Platform.
 

We disclaim all liability for any unauthorized access, hacking, data loss, or other security breaches beyond our reasonable control, including those affecting third-party hosting providers, networks, or integrations. Our security practices may be updated from time to time to address evolving threats and technologies.

In the event of a data breach affecting Personal Data, we will notify affected Customers as required by applicable law.

 

Data Retention

We retain Personal Data for as long as necessary to fulfill the purposes for which it was collected, including to:

• Provide and maintain the Services

• Comply with applicable legal, regulatory, tax, accounting, and reporting requirements

• Enforce our agreements and resolve disputes

• Maintain business and operational records

• Protect and defend our legal rights and interests
   

Retention periods may vary depending on the type of data, the nature of our relationship with you, and our legal or contractual obligations. Certain information may be retained for longer periods where required by law, for legitimate business purposes, or in connection with actual or potential legal claims.
 

When Personal Data is no longer needed for the purposes for which it was collected, we will either delete it, anonymize it, or securely store it and isolate it from further processing until deletion is possible. We may retain anonymized or aggregated information indefinitely for research, statistical analysis, or business purposes.
 

Please note that copies of Personal Data may remain in backup storage for a limited period after deletion and that we are not responsible for the retention practices of third parties with whom you have shared your information.

 

Limitation of Liability

To the maximum extent permitted by applicable law:

No Warranties – The Platform and Services are provided “as is” and “as available,” without warranties of any kind, whether express, implied, statutory, or otherwise, including, without limitation, any warranties of merchantability, fitness for a particular purpose, title, or non-infringement. We do not warrant that the Services will operate without interruptions, be error-free, secure, or free from viruses or other harmful components.
 

Exclusion of Damages – Archer Access LLC, its affiliates, officers, employees, agents, licensors, and service providers shall not be liable for any direct, indirect, incidental, special, consequential, punitive, or exemplary damages, including, without limitation, loss of revenue, profits, goodwill, data, business opportunities, or anticipated savings, arising out of or related to your use of or inability to use the Platform, loss or compromise of data, security breaches, unauthorized access, or the conduct of any third party, whether based on contract, tort (including negligence), strict liability, or any other legal theory, even if we have been advised of the possibility of such damages.
 

Liability Cap – If liability is established despite the foregoing exclusions, our total cumulative liability arising out of or related to the Services, these Terms, the Privacy Policy, the Data Processing Addendum, or any related agreement shall not exceed the total amount you paid to Archer Access LLC for the Services during the three (3) months immediately preceding the event giving rise to the claim.
 

Third-Party Services – We are not responsible for the acts, omissions, or services of any third party, including hosting providers, payment processors, or integration partners, nor for any failure, delay, or loss caused by events beyond our reasonable control, including acts of God, natural disasters, network or utility outages, labor disputes, or governmental actions.

Your sole and exclusive remedy for dissatisfaction with the Platform or Services is to stop using them.

The Platform is intended for use in the United States only. If you access the Platform from outside the United States, you do so at your own risk and are responsible for compliance with local laws.

 

Cookies & Tracking Technologies

We use cookies, web beacons, pixels, scripts, local storage, and other tracking technologies (“Cookies”) to collect and store information about your use of the Platform. These technologies help us:

• Authenticate users, maintain sessions, and secure accounts

• Remember preferences, settings, and user interface customizations

• Analyze usage trends, measure performance, and improve the Platform’s functionality

• Deliver, personalize, and measure the effectiveness of content, communications, and marketing

• Detect, prevent, and address security incidents, fraud, and other harmful activity

• Facilitate integrations with third-party services and social media platforms

• Support our analytics, research, and product development efforts
   

Cookies may be set by us (“first-party cookies”) or by authorized third parties providing services on our behalf (“third-party cookies”), such as analytics providers, advertising networks, and social media platforms. These third parties may collect information about your online activities over time and across different websites and services.
 

You can control or disable cookies through your browser or device settings. However, please note that some features of the Platform may not function properly if Cookies are disabled.

By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy and agree to its terms. If you do not agree, you must discontinue use of the Platform and Services.

 

 

Section 2: Archer Access – Data Processing Addendum (DPA)
 

Effective Date: April 26, 2025
 

This Data Processing Addendum (“DPA”) is incorporated into and forms part of the agreement (“Agreement”) between: Archer Access LLC (“Processor,” “we,” “us”), and The entity or individual identified as the customer in the Agreement (“Controller,” “you”). This DPA governs our processing of Personal Data on your behalf in connection with your use of the Dataship platform (“Platform”) and related services (“Services”).
 

Scope & Roles

This DPA applies whenever you provide, upload, or otherwise make Personal Data available to us for processing. For such data, you are the Data Controller and we are the Data Processor under applicable data protection laws.

Processing Instructions
We will process Personal Data only on your documented instructions, except where otherwise required by applicable law, in which case we will notify you (unless prohibited by law).

Processing may include, without limitation:

• Delivering, operating, maintaining, securing, and improving the Services

• Performing our obligations and exercising our rights under the Agreement

• Enabling features, integrations, and configurations requested by you

• Conducting troubleshooting, support, and incident resolution

• Meeting legal, regulatory, and compliance obligations

• Protecting the security, integrity, and availability of the Services and related systems
   

Security Measures
We will maintain appropriate technical and organizational measures to protect Personal Data against unauthorized access, loss, alteration, or disclosure. These include encryption, access controls, network security, monitoring, and regular security reviews.

All personnel with access to Personal Data are bound by confidentiality obligations.

Subprocessors

You authorize us to engage third-party subprocessors to support the provision, maintenance, and improvement of the Services. We require all subprocessors to enter into written agreements imposing data protection obligations no less protective than those set out in this DPA. A current list of subprocessors is available upon request. 
 

Data Subject Rights

We will assist you, where reasonably possible, in responding to requests from individuals to exercise their rights under applicable law (e.g., access, correction, deletion). If we receive such a request directly, we will forward it to you without undue delay.
 

Breach Notification

If we become aware of a personal data breach affecting Personal Data, we will notify you without undue delay, consistent with applicable law. Our notice will include the information reasonably available to us at the time, and we may provide additional details as they become available. We are not responsible for investigating or remediating issues beyond our systems, but we will cooperate in good faith to support your compliance obligations.
 

Return & Deletion of Data

Upon termination or expiration of the Agreement, and at your written request, we will return or securely delete all Personal Data in our possession or control, unless retention is required by applicable law. If deletion is not technically feasible, we will implement measures to prevent any further processing of the data except for storage to the extent required by law.
 

Liability & Governing Law

The same limitations of liability and governing law in the Agreement, Privacy Policy, and Terms of Service apply to this DPA. This DPA does not create any new liabilities beyond those already in the Agreement
 

Definitions

Terms such as “Personal Data,” “Processing,” “Controller,” “Processor,” and “Data Subject” have the meanings given under applicable data protection laws, including the CCPA/CPRA and GDPR (where applicable).

By continuing to use the Services, both parties agree to this DPA.