Privacy Policy

This policy applies to:

• Tenant Administrators and Users — employees and contractors of freight forwarding companies (“Tenants”) who access the Platform on behalf of their employer.
• Client Portal Users — shipper or consignee contacts who access job-level shipment information through the Transveo client portal.
• Visitors — individuals who visit our marketing website at transveo.co without creating an account.

Transveo is a business-to-business (B2B) platform. If you are an employee or agent of a Tenant, your employer's data processing agreement with us governs how we handle data on their behalf. This policy governs our own first-party data practices.

2.1 Account and identity data

When a Tenant administrator sets up an account or creates user profiles, we collect: full name, work email address, job title, phone number (optional), branch assignment, and role within the Platform.

2.2 Shipment and operational data

The core function of Transveo is to manage freight jobs. This includes: bill of lading numbers, container references, port and customs data, cargo descriptions, consignee and shipper names and addresses, shipment timelines, document attachments (customs declarations, permits, certificates), financial records (vouchers, invoices, duty payments), and delivery confirmation data including electronic proof-of-delivery (e-POD) signatures and photos.

2.3 Financial and transaction data

We store invoices, payment records, disbursement requests (vouchers), and an immutable financial event ledger for each job. We do not collect or store payment card data; all payment processing is handled by third-party processors outside our Platform.

2.4 Usage and technical data

We automatically collect IP address, browser type and version, operating system, pages visited and actions taken within the Platform, timestamps, session identifiers, and error logs. This data is used for security monitoring, performance diagnostics, and product improvement.

2.5 Communications

If you contact our support team or send a demo enquiry, we retain your message content, contact details, and our correspondence.

2.6 Cookies and tracking

We use authentication cookies, session tokens, and analytics scripts. See our Cookie Policy for full details.

We process your data on the following legal bases:

We do not sell your personal data to third parties, use your operational data for advertising purposes, or train external AI models on your tenant data without your explicit written consent.

4.1 Infrastructure

Transveo is hosted on Supabase (PostgreSQL database, authentication, and file storage). Supabase is hosted on AWS infrastructure. Your data may be stored in data centres outside Ghana, including in the European Economic Area and the United States. We rely on appropriate safeguards (including standard contractual clauses where applicable) for such transfers.

4.2 Security measures

We implement the following controls to protect your data:

• All data in transit is encrypted using TLS 1.2+.
• Data at rest is encrypted using AES-256.
• Multi-tenant isolation: each Tenant's data is scoped by a unique tenantId enforced at every database query. No cross-tenant data access is permitted.
• Role-based access control (RBAC): users only access features and data corresponding to their assigned role.
• JWT-based authentication issued by Supabase; tokens are short-lived and rotate automatically.
• File storage uses private buckets with signed, time-limited URLs — no public file access.
• Audit logs track all state transitions and financial events.

4.3 Breach notification

In the event of a personal data breach, we will notify affected Tenants and, where required by law, the relevant supervisory authority within 72 hours of becoming aware of the breach.

We share your data only in the following circumstances:

• Sub-processors: Supabase (database, auth, storage), Resend (transactional email), Redis/BullMQ via self-hosted Docker (async job queue), and Sentry (error monitoring). Each sub-processor is bound by data processing agreements.
• Client Portal: If your Tenant shares job data with a consignee or shipper via the client portal, that recipient can view job status, documents, and communications specific to their shipment.
• Legal and regulatory: We may disclose data where required by Ghanaian law, a court order, or a request from the Ghana Revenue Authority, Customs Division, or other competent authority.
• Business transfers: If SAI Technology is involved in a merger, acquisition, or asset sale, your data may be transferred. We will notify you before your data becomes subject to a new privacy policy.

We do not share your data with advertising networks, data brokers, or any third party for their own marketing purposes.

We retain your data for as long as your Tenant account is active and as required by Ghanaian customs, tax, and commercial legislation. Typical retention periods:

• Shipment records and financial data: 7 years from job close date (in line with Ghana Revenue Authority requirements).
• User account data: Retained while the account is active, then pseudonymised or deleted within 90 days of account closure.
• Audit logs and financial event ledger: Immutable; retained for 7 years.
• Support communications: 3 years from last contact.
• Marketing opt-in records: Retained until consent is withdrawn.

Under the Ghana Data Protection Act, 2012 (Act 843) and applicable international data protection principles, you have the following rights:

• Right of access: Request a copy of personal data we hold about you.
• Right to rectification: Ask us to correct inaccurate or incomplete data.
• Right to erasure: Request deletion of your personal data, subject to legal retention obligations.
• Right to restrict processing: Ask us to limit how we use your data in certain circumstances.
• Right to object: Object to processing based on legitimate interest.
• Right to data portability: Receive your data in a structured, machine-readable format.
• Right to withdraw consent: Where processing is based on consent, you can withdraw at any time without affecting prior processing.

To exercise any of these rights, email privacy@transveo.co. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Data Protection Commission of Ghana (dataprotection.gov.gh).

Transveo is designed for use by business professionals. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has provided us with personal data, please contact us immediately and we will delete that data.

We may update this Privacy Policy from time to time. Material changes will be communicated to Tenant administrators via email and/or an in-platform notification at least 14 days before taking effect. Continued use of the Platform after the effective date constitutes acceptance of the revised policy.

For any questions, requests, or concerns about this Privacy Policy or how we handle your data: