This Privacy Policy applies to ArchiQMS, a software-as-a-service quality management system operated by JUDD.OS Pty Ltd(ABN 698 313 423) of O’Connor, Australian Capital Territory, Australia (“we”, “us”, “JUDD.OS”).
It describes how we collect, hold, use, and disclose personal information in connection with the ArchiQMS platform (“the Platform”) and our website at archiqms.com.au (“the Site”).
We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) contained in Schedule 1 of that Act. For subscribers and users located in New Zealand, the United Kingdom, or the European Economic Area, additional obligations apply as set out in Section 12 of this Policy.
This Policy operates alongside our Subscriber Terms of Service, Data Processing Agreement, and Acceptable Use Policy. Where those instruments address the same matter, they should be read together.
Subscribers— firms (typically architecture, engineering, or other design practices) that subscribe to the Platform. The subscriber is the firm entity, represented by its Director.
Users— individual staff members of a subscriber firm who access the Platform (Directors, Quality Managers, Project Architects, and Auditors).
Visitors— people who visit archiqms.com.au or submit an interest registration form on the Site without becoming subscribers.
Where a subscriber firm is established in a jurisdiction other than Australia, JUDD.OS processes personal information about that firm’s users in its capacity as a data processor acting on the firm’s instructions. The subscriber firm is the data controller in those circumstances. See Section 12 for jurisdiction-specific obligations.
When a firm subscribes to ArchiQMS and its staff use the Platform, we collect:
The Platform stores quality management records created by users in the course of their professional work. These records contain:
These records constitute quality evidence held on behalf of the subscriber firm. They are not used by JUDD.OS for any purpose other than operating the Platform and the purposes described in Section 5 of this Policy.
Where a subscriber firm activates the Email Intelligence feature, project emails are routed to a firm-specific BCC address at inbound.archiqms.com.au. The email body is processed by the Anthropic Claude API in working memory and is immediately and permanently discarded. We do not store email body text under any circumstances.
What we do retain is structured classification metadata extracted during processing: the signal type, the associated project reference, and a sender domain identifier. This metadata constitutes personal information under the APPs where it can be linked to an identifiable individual and is held accordingly.
The AI Disclosure presented to the Director during onboarding explains this process. The firm Director must explicitly acknowledge the disclosure before the BCC route is activated. The Director may disable this feature at any time in Settings.
Visitors to archiqms.com.au who submit an interest registration form provide their name, practice name, work email address, discipline, approximate staff count, and current certification status. This information is used to contact them about ArchiQMS. It is stored separately from subscriber data, is not subject to multi-tenant data isolation, and is retained for 24 months or until the visitor requests deletion, whichever is earlier.
We collect personal information:
We do not collect personal information by scraping third-party websites, purchasing data lists, or obtaining it from sources other than those described above.
The Site uses essential session cookies for authentication. No third-party advertising cookies are used. If analytics cookies are deployed, this section will be updated and subscribers will be notified in accordance with Section 14.
We use personal information to operate and deliver the Platform, including:
We use anonymised, aggregated, and de-identified platform usage data to improve the Platform. This includes analysing which AQIL prompt types generate the most quality findings, which project stage transitions are most commonly delayed, and how digest engagement rates vary by firm size and discipline. At no point in this process is any individual firm or person identifiable from the data we analyse.
This is a core part of how ArchiQMS improves over time. By using the Platform, subscribers consent to this use. Enterprise and government-tier subscribers may request an opt-out from aggregate analytics by contacting us at privacy@archiqms.com.au.
We may make anonymised, aggregated, sector-level datasets available to commercial partners, including professional indemnity insurers, ISO certification bodies, and industry associations such as the Australian Institute of Architects.
This will never involve the disclosure of any individual firm’s data, any identifiable personal information, or any data that could allow a recipient to identify a specific subscriber or user.
The datasets we may make available are limited to the following aggregated, de-identified categories:
We will not enter a commercial data arrangement unless we are satisfied that the recipient cannot, using reasonable means, re-identify any individual or firm from the data provided. All such arrangements will be subject to a data sharing agreement with appropriate confidentiality and use restrictions.
Subscribers who have concerns about sector data use may contact us at privacy@archiqms.com.au.
We retain and may disclose personal information where required to comply with the Privacy Act 1988 (Cth), the Notifiable Data Breaches scheme, court orders, or other applicable law.
We do not sell individual subscriber or user data. We disclose personal information only in the following circumstances:
We engage the following subprocessors to operate the Platform. Each processes personal information only on our instructions and under contractual data protection obligations:
| Subprocessor | Purpose | Data location |
|---|---|---|
| Supabase (Supabase Inc.) | Database and authentication infrastructure | Sydney, Australia (ap-southeast-2) |
| Vercel Inc. | Application hosting and content delivery | United States (with CDN edge nodes globally) |
| Anthropic PBC | AI processing via Claude API for AQIL and email intelligence classification | United States |
| Resend Inc. | Transactional email delivery | United States |
| Stripe Inc. | Payment processing and subscription management | United States |
| Sentry (Functional Software Inc.) | Error monitoring | United States |
For subscribers outside Australia, the cross-border transfer of personal information to Anthropic (for AI processing) and Vercel (for hosting) is conducted under the APP 8 framework and, where applicable, under the model clauses or equivalent safeguards required by the subscriber’s jurisdiction.
Where a subscriber Director generates an auditor access token and shares it with an external ISO 9001 auditor, that auditor gains read-only access to the subscriber’s quality evidence records through the ArchiQMS Auditor Portal. This access is time-limited, fully logged, and constitutes the subscriber’s own disclosure to their own auditor. JUDD.OS is not a party to that disclosure.
We may disclose personal information to regulators, law enforcement, or courts where required by law or where we have a good-faith belief that disclosure is necessary to protect our legal rights or prevent harm.
All subscriber and user personal information is stored in Supabase’s Sydney data centre (ap-southeast-2 region) unless otherwise stated in this Policy. All production data remains in Australia. This satisfies Australian data residency requirements for government-sector subscribers.
Claude API calls (for AQIL processing and email intelligence) are processed by Anthropic in the United States. Email body text is never transmitted — only structured prompt inputs derived from email metadata. All AI interactions are logged in the Platform with timestamps and call metadata, without storing the email body.
We implement the following technical and organisational controls:
A defined set of quality evidence records in the Platform are INSERT-ONLY — they are created once and can never be modified or deleted. This includes stage gate records, AQIL confirmation and suppression records, peer review items, corrective action records, and activity logs. This architecture is a deliberate ISO 9001 compliance design — the immutability of these records is what makes them reliable audit evidence.
This has an important consequence for erasure requests: see Section 9.3.
| Category | Retention period | Basis |
|---|---|---|
| Active subscriber firm data | Duration of subscription + 30-day grace period after cancellation | Contractual necessity |
| Project quality records (general) | 7 years from project completion | APP 11; professional indemnity industry standard |
| Project records (regulated designs under DBP Act 2020) | 10 years from project completion | DBPR Clause 84; NSW Design and Building Practitioners Act 2020 |
| PI insurance certificates | 7 years from certificate date | Professional indemnity industry standard |
| Staff personal information | Duration of employment + 7 years | Privacy Act 1988 (Cth); professional records retention |
| Billing records | As required by Stripe DPA and applicable tax law | Legal obligation |
| Interest registration records | 24 months from submission, or until deletion requested | Legitimate interest |
| Activity logs and audit trails | 7 years | ISO 9001 §7.5; professional indemnity records |
When a subscription is cancelled, the 30-day grace period allows the firm to download a full JSON export of all their records before deletion. After 30 days, all subscriber personal information is permanently deleted except where a longer retention period is required by law.
You have the right to request access to personal information we hold about you. Requests should be directed to privacy@archiqms.com.au. We will respond within 30 days. We will not charge for providing access unless the request is unusually complex.
If personal information we hold is inaccurate, incomplete, or out of date, you may request correction. Users can correct most personal information (name, role, email) directly within Settings. Where correction is not available in-app, contact privacy@archiqms.com.au.
You may request deletion of your personal information. For most categories of data, we will action this request within 30 days.
Important exception — INSERT-ONLY evidence records: Where personal information is contained within an immutable quality evidence record (a stage gate record, AQIL confirmation, peer review record, corrective action, or activity log), we are unable to delete that record without compromising the integrity of the audit evidence trail. This is required for professional indemnity insurance and, in some cases, by building legislation (DBP Act 2020). In these circumstances, we will anonymisethe record by replacing identifying information (name, email) with “REDACTED” while preserving the quality evidence content. This satisfies the erasure request while maintaining the professional evidence trail the subscriber firm is legally obligated to retain. This position is disclosed in our Data Processing Agreement.
You may opt out of:
You cannot opt out of transactional communications necessary to operate the Platform (account notices, security alerts, billing confirmations).
If you believe we have breached the APPs, you may lodge a complaint with us at privacy@archiqms.com.au. We will respond within 30 days. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
We comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth). In the event of an eligible data breach involving personal information, we will:
The Platform uses the Anthropic Claude API for two purposes:
AQIL prompts:AI-generated quality guidance is presented to users as indicative prompts only. AQIL outputs are not legal or compliance advice. They do not constitute architectural or engineering advice. Confirmation of an AQIL prompt constitutes the user’s own professional judgement — not AI decision-making. Every confirmation record is framed as a human action taken with AI assistance, not as an AI determination.
Email intelligence classification: The Anthropic Claude API analyses email metadata to classify signals relevant to project quality management. The email body is processed in working memory and immediately discarded. Only structured classification metadata is retained.
No automated decision-making with legal or significant effect is applied to any individual based solely on AI processing. All consequential decisions in the Platform (stage gate approvals, corrective action responses, AQIL suppressions) require human confirmation.
Subscribers established in New Zealand are subject to the Privacy Act 2020 (NZ) and the New Zealand Information Privacy Principles (NZIPPs). JUDD.OS processes personal information for New Zealand subscribers in its capacity as an overseas agency under that Act. New Zealand users have equivalent rights of access and correction to those described in Section 9. Data is held in Australia (Sydney) under the APP cross-border transfer framework. New Zealand subscribers who wish to raise a concern may contact the Office of the Privacy Commissioner (New Zealand) at privacy.org.nz.
Subscribers established in the United Kingdom are subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. For UK subscribers, JUDD.OS acts as a data processor and the subscriber firm acts as the data controller. UK users have the following rights under UK GDPR: access, rectification, erasure (subject to the INSERT-ONLY evidence records limitation described in Section 9.3), restriction of processing, data portability, and the right to object. The lawful basis for processing is contractual necessity (for operating the Platform) and legitimate interests (for aggregate analytics). Cross-border transfers to Australia are conducted under the UK adequacy framework or, where not available, under International Data Transfer Agreements. UK subscribers who wish to raise a concern may contact the Information Commissioner’s Office (ICO) at ico.org.uk.
Where subscribers are established in EEA member states, equivalent obligations under the EU General Data Protection Regulation (GDPR) (Regulation 2016/679) apply. Standard Contractual Clauses will be executed where required for cross-border transfers. EEA subscribers may exercise the rights described above and may contact their national supervisory authority.
Notwithstanding the jurisdiction-specific provisions above, this Policy and the Subscriber Terms of Service are governed by the laws of the Australian Capital Territory, Australia. Disputes are subject to the non-exclusive jurisdiction of the courts of the ACT.
ArchiQMS is designed to help subscriber firms achieve and maintain ISO 9001:2015 certification. The way we handle data in operating the Platform is itself consistent with ISO 9001 principles:
Subscribers should note that ArchiQMS provides tools to assist ISO 9001 compliance but does not itself certify any firm. Certification decisions rest with the subscriber’s chosen accredited certification body.
We will notify subscribers of material changes to this Policy by email and by posting a notice in the Platform. The updated Policy will take effect 30 days after notification unless the change is required by law, in which case it takes immediate effect. Continued use of the Platform after the effective date constitutes acceptance of the updated Policy. The version history of this Policy is maintained at archiqms.com.au/legal/privacy.
Privacy Officer
JUDD.OS Pty Ltd
O’Connor, Australian Capital Territory, Australia
Email: privacy@archiqms.com.au
This Policy was last updated: May 2026
Policy version: 0.1
Document controller: JUDD.OS Pty Ltd