Privacy Policy - Aamin CMS

This privacy policy explains how Aamin CMS ("the System") collects, uses, stores, and protects personal and business data. Aamin CMS is a cargo management system used by freight forwarding companies operating in Somalia and East Africa. We are committed to safeguarding the privacy and security of all information entrusted to us.

1. Data We Collect

The System collects and processes the following categories of information:

Personal information: Names, phone numbers, and addresses of consignees (freight recipients) and company staff
Financial records: Freight charges, payments, discounts, account receivables, and expense records
Shipment information: Tracking IDs, marks, container/flight numbers, weight, quantity, destinations, and shipment status
Company information: Company names, contact details, employee records, and operational data
Authentication data: User IDs, hashed passwords, and SMS verification codes for two-factor authentication

2. How Data Is Stored

We take data security seriously and employ the following measures:

All data is stored in encrypted databases hosted on secure servers
Passwords are hashed using industry-standard algorithms (PBKDF2 with SHA-256) and are never stored in plain text
All communication between users and the System is encrypted via HTTPS/TLS
Database backups are maintained securely to prevent data loss
Access to production servers is restricted to authorised system administrators

3. Data Access and Multi-Tenant Isolation

Aamin CMS is a multi-tenant system, meaning multiple freight companies use the same platform. Data isolation is strictly enforced:

Company administrators can only access data belonging to their own company
Authorised staff (finance officers, SMS operators) can only access data within their company and role permissions
System administrators have access to system-wide data for maintenance and support purposes only
No company can view, modify, or access another company's data under any circumstances

                Multi-tenant guarantee: Every data query in the System is filtered by company,
                ensuring complete isolation between organisations. Your business data is never visible to
                other companies on the platform.
            

4. Data Retention

We retain your data according to the following policy:

Data is retained for as long as your company account remains active on the System
After account deactivation or termination, data is retained for an additional one (1) year to allow for any outstanding business matters, audits, or disputes
After the one-year post-termination period, all company data is permanently deleted from our systems, including backups
Financial records may be retained longer if required by applicable laws or regulations in Somalia or the operating jurisdiction

5. Data Deletion

If you wish to have your data deleted from the System:

Individual freight records: Contact your company administrator, who can manage records through the System
Complete account deletion: Contact the system administrator to request full removal of your company's data
Deletion requests will be processed within 30 business days
Once deleted, data cannot be recovered

To request data deletion, email: aamincms@gmail.com

6. Third-Party Services

The System integrates with the following third-party services to provide notifications and communication:

Twilio (WhatsApp notifications): Consignee phone numbers are shared with Twilio to deliver shipment notifications, tracking links, and PDF documents (receipts, invoices) via WhatsApp. Twilio's privacy policy applies to data processed by their service.
Hormuud Telecom (SMS notifications): Consignee phone numbers are shared with Hormuud's SMS API to send shipment status updates, two-factor authentication codes, and group SMS messages. Hormuud's data handling policies apply to data they process.

We only share the minimum information necessary (phone numbers and message content) with these providers. No financial data or detailed shipment records are shared with third parties.

7. Cookies

The System uses only essential cookies:

Session cookies: Used solely for user authentication and maintaining your login session. These cookies expire when you close your browser or after one hour of inactivity.
CSRF tokens: Used to protect forms against cross-site request forgery attacks

We do not use tracking cookies, analytics cookies, or any third-party advertising cookies. No user behaviour is tracked for marketing purposes.

8. Regional Considerations

Aamin CMS primarily serves freight forwarding companies operating in Somalia and the broader East Africa region. We are committed to complying with applicable data protection regulations in these jurisdictions. As data protection legislation evolves in Somalia and East Africa, we will update our practices accordingly.

9. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or applicable regulations. Significant changes will be communicated to company administrators via the System. The effective date at the top of this page will be updated with each revision.

10. Contact Us

If you have questions or concerns about this privacy policy or how your data is handled, please contact us:

Email: aamincms@gmail.com
Through the System: Contact your company administrator, who can raise enquiries on your behalf

Last updated: February 2026