This Privacy Policy applies to all users of the Orbit360 platform, including customers, administrators, logistics coordinators, drivers, field agents, support staff, contractors, and any users who interact with the web system, mobile applications, APIs, dashboards, portals, forms, uploaded documents, and related services.

The policy covers personal data and operational information processed in connection with account creation, customer management, shipment processing, customs-supporting workflows, incident reporting, vehicle checklists, inventory scanning, document handling, communication, analytics, and audit readiness.

Depending on the services used, we may collect and process the following categories of information:

• Identity and account data: names, usernames, staff identifiers, customer codes, company names, email addresses, and contact numbers.
• Customer and business profile data: KYC information, trading names, contact persons, addresses, tax or registration references, and supporting documents.
• Shipment and logistics data: booking information, waybills, references, transport events, delivery milestones, collection records, package details, and cargo-related status updates.
• Customs and trade-supporting data: declarations support records, invoice references, document attachments, customs workflow notes, clearance-related information, and traceability records.
• Operational workflow data: task allocations, timestamps, approvals, notes, reassignment history, closure actions, and system-generated audit trails.
• Incident and risk data: driver incident reports, route disruptions, seal observations, authority interactions, escalation notes, risk indicators, and mitigation actions.
• Vehicle and asset data: checklist records, registration numbers, condition assessments, service readings, fault reporting, and inspection history.
• Location and device data: GPS coordinates, device metadata, IP addresses, browser type, app version, operating system, and usage events where enabled or operationally required.
• Uploaded content: invoices, permits, customs-supporting files, proof-of-delivery documents, identity documents, images, attachments, and user-submitted files.

We use information for legitimate business and operational purposes, including to:

• create and manage user accounts, roles, permissions, and customer profiles;
• process shipments, collections, deliveries, scans, manifests, and logistics workflows;
• maintain shipment visibility, traceability, and status communication across operational stages;
• manage customs-supporting processes, document completeness, and compliance-oriented records;
• record incidents, checklist observations, seal exceptions, and operational disruptions;
• support AEO-oriented controls such as auditability, accountability, access control, and secure handling of logistics data;
• investigate fraud, misuse, unauthorized access, data anomalies, and security threats;
• generate dashboards, analytics, performance reports, risk indicators, and service improvements;
• respond to support requests, legal obligations, and regulatory or contractual requirements.

Where applicable, information may be processed on the basis of contract performance, legitimate interests in operating a secure logistics platform, user consent where specifically requested, compliance with legal obligations, and the need to establish, exercise, or defend legal claims.

In regulated or customs-sensitive operating environments, certain records may also be processed because traceability, recordkeeping, access logging, and shipment accountability are necessary to support secure trade operations and demonstrate proper operational control.

We do not sell personal data. We may disclose information only where reasonably necessary, such as:

• to authorized internal users with a legitimate operational need to access the data;
• to customers, suppliers, agents, drivers, or logistics partners directly involved in a shipment, workflow, or related service transaction;
• to service providers that host, maintain, secure, or support the platform, subject to confidentiality and security obligations;
• to customs, tax, law enforcement, regulators, or other competent authorities where disclosure is required or lawfully requested;
• during audits, investigations, legal proceedings, or risk assessments where access to specific records is necessary.

We take reasonable technical and organizational measures to protect information from unauthorized access, loss, misuse, alteration, unlawful disclosure, or destruction. These measures may include:

• user authentication and role-based access control;
• password protection and session management;
• secure APIs and controlled system integration points;
• workflow logging, task timestamps, approval history, and change tracking;
• incident logging and review processes;
• restricted access to customer, shipment, and compliance-sensitive records;
• document traceability and operational accountability controls;
• monitoring of suspicious or unusual activity where reasonably required for security.

No system can be guaranteed to be completely secure. However, we continuously seek to improve platform resilience, data handling discipline, and audit readiness.

Orbit360 may be used to support secure supply chain operations and AEO-oriented readiness practices. In that context, the platform may maintain records and controls that contribute to:

• end-to-end shipment traceability and milestone accountability;
• digital retention of operational and trade-supporting documents;
• security event and incident reporting with follow-up actions;
• controlled user access to operationally sensitive information;
• audit trail preservation for tasks, status changes, and approvals;
• monitoring of cargo, seals, transport events, and exception handling;
• evidence preparation for internal reviews, partner validation, and compliance audits.

This policy does not itself certify AEO status. It supports an operational framework in which data governance, traceability, and accountability can strengthen overall compliance readiness.

We retain information only for as long as necessary for the purposes described in this policy, including service delivery, support, recordkeeping, dispute handling, audit requirements, legal obligations, and compliance-sensitive operational traceability.

Retention periods may vary depending on the type of record, such as shipment history, customer files, workflow logs, uploaded documents, incident reports, and statutory or regulatory requirements. Where deletion is not immediately possible, records may be archived and access-restricted.

Subject to applicable law and operational limitations, individuals may request access to their personal information, correction of inaccurate data, restriction of certain processing, objection to certain uses, or deletion where retention is no longer legally or operationally necessary.

Some records may need to be retained despite a deletion request where they form part of audit trails, security records, shipment history, incident records, contractual evidence, or legally required files.

The platform may use cookies, session identifiers, browser storage, and similar technologies to maintain login sessions, improve usability, remember preferences, support analytics, and strengthen security monitoring.

Disabling certain browser technologies may reduce system functionality, especially in areas requiring secure authentication or workflow continuity.

Where mobile applications or field tools are used, the platform may process device and location-related data to support live operations, route monitoring, proof of activity, incident validation, vehicle accountability, and service continuity.

• GPS collection may be enabled for operational visibility, asset monitoring, or incident response.
• Device information may be used for authentication, troubleshooting, fraud prevention, and version support.
• Location records may be associated with scan activity, driver incidents, or workflow events where business use requires it.

Because logistics and trade operations may involve multiple jurisdictions, some data may be accessed, processed, stored, or transmitted across borders in the course of service delivery, cloud hosting, communication, customs support, or partner coordination.

Where this occurs, we expect reasonable safeguards, confidentiality obligations, and controlled access arrangements to be applied in line with applicable operational and legal requirements.

We maintain processes intended to identify, record, assess, and respond to suspected privacy, misuse, access control, cybersecurity, and operational data incidents. Where appropriate, we may investigate affected accounts, preserve system logs, isolate impacted processes, and notify relevant parties in accordance with legal or contractual obligations.

Incident records may be retained for audit, remediation, disciplinary, legal, insurance, or regulatory review purposes.

The platform may interact with third-party services such as hosting providers, mapping services, SMS or email gateways, payment services, cloud storage, analytics tools, or government-facing integration channels. These providers may process limited data necessary to perform their functions.

Third-party platforms operate under their own terms and privacy commitments. We encourage users and customers to review relevant third-party notices where such integrations apply.

We may revise this Privacy Policy from time to time to reflect platform improvements, legal changes, operational requirements, customer commitments, or stronger compliance controls. When updated, the revised version will be posted on this page with a new effective or updated date.

Material changes may also be communicated through the platform, login notices, customer communication, or other appropriate channels where reasonably necessary.

For privacy, compliance, or data handling questions, please contact:

• Support: info@consultagile.com
• Compliance: info@consultagile.com
• Platform: Orbit360

By continuing to use the platform, users acknowledge that they have been made aware of this Privacy Policy and understand that information may be processed as necessary to operate, secure, improve, and govern the services.