Privacy Policy

1. Introduction and Scope

This Privacy Policy ("Policy") describes how AVOW Solutions Inc. ("CargoEZ," "we," "us," or "our") collects, uses, discloses, stores, and protects personal information and personal data (collectively, "Personal Data") through the CargoEZ software as a service platform available at cargoez.com (the "Platform" or "Services").

This Policy applies to all users of the Services, including individuals who register for accounts, authorized users of business customers, website visitors, and any other individuals whose Personal Data we process in connection with the Services.

Defined Terms: Capitalized terms not defined in this Policy have the meanings set forth in the CargoEZ Terms and Conditions dated February 24, 2026.

Controller/Data Fiduciary: For the purposes of applicable data protection laws, AVOW Solutions Inc. acts as the data controller or Data Fiduciary with respect to Personal Data collected directly from individuals. Business customers act as data controllers or Data Fiduciaries with respect to Personal Data they upload to the Platform ("Customer Data").

Governing Laws: This Policy is designed to comply with applicable privacy and data protection laws, including but not limited to:

  1. The California Consumer Privacy Act ("CCPA") as amended by the California Privacy Rights Act ("CPRA")

  2. The Digital Personal Data Protection Act, 2023 ("DPDPA") and Digital Personal Data Protection Rules, 2025 of India

  3. Other applicable state, federal, and international data protection regulations

2. Personal Data We Collect

We collect Personal Data in the following categories through various means when you interact with our Services:

2.1 Information You Provide Directly
Account Registration Data:

  1. Full name, email address, phone number

  2. Company name, business address, job title

  3. Login credentials (username, encrypted password)

  4. Billing information (payment method details, billing address)

  5. Tax identification numbers where required

Customer Data Uploaded to the Platform:

  1. Shipment information (consignor/consignee details, cargo descriptions, origin/destination)

  2. Business documents (invoices, bills of lading, customs documentation)

  3. Contact information of your customers, suppliers, and business partners

  4. Any other data you choose to upload, store, or process through the Services

Communications and Support:

  1. Support requests, inquiries, and correspondence via email or support tickets

  2. Feedback, survey responses, and testimonials

  3. Communications preferences and marketing consent

2.2 Information Collected Automatically
Technical and Usage Data:

  1. IP address, device identifiers, browser type and version

  2. Operating system, screen resolution, time zone settings

  3. Pages viewed, features accessed, time spent on Platform

  4. Click patterns, navigation paths, session recordings (anonymized)

  5. Referral sources, search terms used to find our Services

Cookies and Similar Technologies:

  1. Essential cookies (required for Platform functionality and security)

  2. Performance cookies (analytics, usage patterns, error tracking)

  3. Functional cookies (user preferences, language settings, customization)

  4. We do not use advertising or targeting cookies without explicit consent

2.3 Information from Third-Party Sources

  1. Authentication services (single sign-on providers like Google, Microsoft)

  2. Payment processors (transaction verification, fraud prevention)

  3. Business information services (company verification, credit checks for enterprise customers)

  4. Publicly available sources (company websites, business registries) for B2B verification

3. Legal Basis and Purpose for Processing Personal Data

We process Personal Data only when we have a valid legal basis under applicable law. The following table sets forth our legal bases and purposes:

Processing Purpose

Legal Basis (GDPR/DPDPA)

Data Categories

Provide Services and fulfill contractual obligations

Contractual necessity; Performance of contract

Account data, Customer Data, technical data, billing information

Process payments and billing

Contractual necessity; Legitimate interests in payment collection

Billing information, payment method details, transaction history

Customer support and communications

Contractual necessity; Legitimate interests; Consent where required

Contact information, support communications, usage data

Platform security and fraud prevention

Legitimate interests; Legal obligation; Specified purpose 

IP addresses, device data, login activity, security logs

Comply with legal and regulatory obligations

Legal obligation ; Compliance with law

All categories as required by applicable law

Product improvement and analytics

Legitimate interests; Consent where required

Usage data, performance metrics, aggregated statistics

Marketing communications

Consent; Legitimate interests (existing customer communications)

Contact information, communication preferences

3.1 Consent

Where we rely on consent as our legal basis, you have the right to withdraw consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before withdrawal. You may withdraw consent by contacting us at privacy@cargoez.com or through your account settings.

Under the DPDPA, our consent requests meet the following requirements:

  1. Free, specific, informed, unconditional, and unambiguous

  2. Provided through clear affirmative action (no pre-checked boxes)

  3. Limited to Personal Data necessary for the specified purpose

  4. Withdrawal mechanisms as accessible as granting consent

4. How We Use Personal Data

We use Personal Data for the following specific purposes:

Service Delivery and Performance:

  1. Create, maintain, and authenticate user accounts

  2. Provide access to Platform features and functionality

  3. Process and store Customer Data as instructed by business customers

  4. Generate invoices, process payments, and maintain billing records

  5. Enable communication features (notifications, alerts, user collaboration)

Security and Integrity:

  1. Monitor for security threats, unauthorized access, and suspicious activity

  2. Implement authentication and access controls

  3. Conduct security assessments and vulnerability testing

  4. Maintain audit logs for security and compliance purposes

  5. Prevent fraud, abuse, and violations of our Terms and Conditions

Customer Support and Communications:

  1. Respond to inquiries, support requests, and technical issues

  2. Provide product updates, service announcements, and security alerts

  3. Send transactional emails (account confirmations, password resets, billing notices)

  4. Conduct user satisfaction surveys and collect feedback

Analytics and Improvement:

  1. Analyze Platform usage patterns to improve user experience

  2. Identify performance issues and optimize infrastructure

  3. Develop new features and enhance existing functionality

  4. Generate aggregated, anonymized statistics and reports

Legal and Regulatory Compliance:

  1. Comply with applicable laws, regulations, and legal processes

  2. Respond to lawful requests from government authorities

  3. Enforce our Terms and Conditions and other policies

  4. Protect our legal rights and defend against legal claims

  5. Conduct internal audits and compliance assessments

Marketing (with appropriate consent):

  1. Send promotional emails about new features, updates, and offerings

  2. Share relevant industry insights and educational content

  3. Invite participation in webinars, events, and case studies

  4. You may opt out of marketing communications at any time via unsubscribe links or by contacting privacy@cargoez.com

5. How We Share Personal Data

We do not sell Personal Data. We share Personal Data only in the following limited circumstances:

5.1 Service Providers and Processors

We engage trusted third-party service providers who process Personal Data on our behalf under strict contractual obligations. These include:

  1. Cloud infrastructure providers (data hosting, storage, and computing services)

  2. Payment processors and financial services providers

  3. Customer support and communication platforms

  4. Analytics and monitoring services

  5. Security and fraud prevention services

  6. Email delivery and communication services

All service providers are contractually obligated to:

  1. Process Personal Data only as instructed by CargoEZ

  2. Implement appropriate security measures

  3. Maintain confidentiality of Personal Data

  4. Comply with applicable data protection laws

  5. Delete or return Personal Data upon termination

5.2 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, Personal Data may be transferred to the successor entity. We will notify affected individuals via email and/or prominent notice on our Platform at least 30 days before any such transfer, and you will have the opportunity to delete your account before the transfer.

5.3 Legal Obligations and Protection of Rights

We may disclose Personal Data when we believe in good faith that disclosure is necessary to:

  1. Comply with applicable laws, regulations, legal processes, or enforceable governmental requests

  2. Enforce our Terms and Conditions, investigate potential violations, and take action regarding suspected illegal activities

  3. Detect, prevent, or address fraud, security, or technical issues

  4. Protect against harm to the rights, property, or safety of CargoEZ, our users, or the public as required or permitted by law

5.4 With Your Consent

We may share Personal Data with third parties when you have provided specific consent for such sharing, including for integration with third-party applications or services you choose to connect.

5.5 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify individuals for business purposes, including industry analysis, benchmarking, and research.

6. International Data Transfers

6.1 Data Storage Locations

Customer Data is primarily stored on secure servers located in the United States. We may transfer or process Personal Data in other jurisdictions as necessary to provide the Services, including for backup, disaster recovery, and support operations.

6.2 Cross-Border Transfer Safeguards

When we transfer Personal Data from India, the European Economic Area ("EEA"), the United Kingdom ("UK"), or other jurisdictions with comprehensive data protection laws to countries that may not provide an equivalent level of protection, we implement appropriate safeguards, including:

  1. Standard Contractual Clauses approved by relevant data protection authorities

  2. Adequacy decisions recognizing equivalent protection in the destination country

  3. Binding corporate rules where applicable

  4. Explicit consent for transfers where required by law

6.3 India-Specific Transfers (DPDPA Compliance)

For Personal Data of Indian residents processed under the DPDPA, cross-border transfers are conducted in accordance with applicable rules. We maintain appropriate contractual and technical safeguards to ensure continued protection of Personal Data transferred outside India.

7. Data Retention

7.1 Retention Principles

We retain Personal Data only for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law. Our retention decisions are based on:

  1. The nature and sensitivity of the Personal Data

  2. The purposes for which we process the Personal Data

  3. Applicable legal, regulatory, tax, accounting, or reporting requirements

  4. Contractual obligations and business needs

  5. Potential legal claims and statute of limitations periods

7.2 Specific Retention Periods

Data Category

Retention Period

Active account data

Duration of Subscription Term plus 90 days

Customer Data

Retention period specified by Customer; default 90 days after termination

Billing and payment records

7 years from transaction date (tax and accounting requirements)

Support communications

3 years from closure of support ticket

Security and audit logs

1 year from creation (DPDPA Rule 8 compliance)

Marketing communications

Until consent withdrawn or 2 years of inactivity

Anonymized analytics data

Indefinitely (cannot identify individuals)

7.3 Deletion After Retention Period

Upon expiration of the applicable retention period, we securely delete or anonymize Personal Data using industry-standard methods, including:

  1. Secure deletion protocols for electronic data (overwriting, cryptographic erasure)

  2. Destruction of physical records through shredding or incineration

  3. Anonymization techniques that render data non-identifiable

8. Your Privacy Rights

8.1 Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the CCPA as amended by the CPRA:

Right to Know: You may request disclosure of the categories and specific pieces of Personal Data we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share Personal Data.

Right to Delete: You may request deletion of Personal Data we have collected from you, subject to certain exceptions (e.g., legal compliance, fraud prevention, internal uses).

Right to Correct: You may request correction of inaccurate Personal Data we maintain about you.

Right to Opt-Out of Sale/Sharing: We do not sell or share Personal Data for cross-context behavioral advertising. If our practices change, we will provide a "Do Not Sell or Share My Personal Information" link.

Right to Limit Use of Sensitive Personal Information: If we collect sensitive Personal Information as defined by the CPRA, you may limit our use to providing Services and other permitted purposes.

Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.

Authorized Agent: You may designate an authorized agent to submit requests on your behalf by providing written authorization.

8.2 Rights for Indian Residents (DPDPA)

If you are a resident of India, you have the following rights under the DPDPA as a Data Principal:

Right to Access: You may obtain confirmation whether we are processing your Personal Data and access such Personal Data in a clear and concise manner.

Right to Correction and Updation: You may request correction of inaccurate, misleading, or incomplete Personal Data and update your Personal Data.

Right to Erasure: You may request deletion or erasure of your Personal Data, subject to legal and contractual obligations that require retention.

Right to Data Portability: Upon request, we will provide your Personal Data to you or another Data Fiduciary in a structured, commonly used, and machine-readable format.

Right to Nominate: You may nominate another individual who may exercise your rights in the event of your death or incapacity.

Right to Withdraw Consent: You may withdraw consent previously provided for processing, which will not affect the lawfulness of processing based on consent before withdrawal.

Right to Grievance Redressal: You may submit complaints regarding processing of your Personal Data through our grievance mechanism described in Section 12.

8.3 Rights for Residents of Other Jurisdictions

Depending on your location, you may have additional rights under local data protection laws, including rights under the General Data Protection Regulation ("GDPR") if you are in the EEA or UK. Please contact us to exercise applicable rights.

8.4 How to Exercise Your Rights

To exercise any of the rights described above, please submit a request by:

  1. Email: privacy@cargoez.com

  2. Support portal: cargoez.com/support with subject line "Privacy Rights Request"

  3. Mail: AVOW Solutions Inc., Attn: Privacy Officer, Surya Dhamija

Verification Process: To protect your privacy and security, we will verify your identity before processing requests. Verification may require matching information you provide with information we have on file, or additional authentication steps.

Response Timeline: We will respond to verified requests within the timeframes required by applicable law (generally 30-45 days, with possible extension communicated to you).

No Fee for Requests: We do not charge a fee to process or respond to your verifiable requests unless they are excessive, repetitive, or manifestly unfounded. If we determine a fee is warranted, we will notify you and explain why before completing your request.

9. Data Security

9.1 Security Measures

We implement comprehensive technical, physical, and organizational security measures to protect Personal Data against unauthorized access, loss, destruction, alteration, or disclosure. Our security program includes:

Technical Safeguards:

  1. Encryption in transit using TLS 1.2 or higher for all data transmissions

  2. Encryption at rest using AES-256 or equivalent for stored data

  3. Multi-factor authentication for administrative access

  4. Regular security patches and updates to infrastructure

  5. Intrusion detection and prevention systems

  6. Automated vulnerability scanning and penetration testing

  7. Security information and event management (SIEM) systems

Physical Safeguards:

  1. Secure data center facilities with restricted access controls

  2. 24/7 physical security monitoring and surveillance

  3. Environmental controls (fire suppression, climate control, backup power)

Organizational Safeguards:

  1. Background checks and confidentiality agreements for employees with data access

  2. Regular security awareness training for all personnel

  3. Incident response and data breach notification procedures

  4. Access controls based on principle of least privilege and need-to-know

  5. Regular security audits and compliance assessments

  6. Vendor security assessments and contractual safeguards

9.2 Data Breach Notification

In the event of a security breach that results in unauthorized access to or disclosure of Personal Data, we will:

  1. Notify affected individuals without undue delay, and in any event within 72 hours of becoming aware of the breach (as required by DPDPA and other applicable laws)

  2. Provide information about the nature and extent of the breach, categories of data affected, and number of individuals impacted

  3. Describe steps we are taking to investigate, contain, and remediate the breach

  4. Advise affected individuals on steps they can take to protect themselves

  5. Notify relevant data protection authorities as required by applicable law

  6. Cooperate with customers in meeting their own breach notification obligations

9.3 Your Security Responsibilities

Security is a shared responsibility. You are responsible for:

  1. Maintaining the confidentiality of your login credentials

  2. Using strong, unique passwords and enabling multi-factor authentication

  3. Not sharing your account access with unauthorized individuals

  4. Promptly notifying us of any suspected unauthorized access at security@cargoez.com

  5. Keeping your contact information current to receive security notifications

10. Children's Privacy

The Services are not directed to individuals under the age of 18, and we do not knowingly collect Personal Data from children. If we become aware that we have inadvertently collected Personal Data from a child under 18 without verifiable parental consent, we will take steps to delete such information promptly. Parents or guardians who believe we may have collected information from a child should contact us immediately at privacy@cargoez.com.

Under the DPDPA, additional protections apply to processing Personal Data of children under 18, and verifiable consent from a parent or legal guardian is required before processing such data.

11. Cookies and Tracking Technologies

11.1 Types of Cookies We Use

We use cookies and similar tracking technologies (collectively, "Cookies") to enhance your experience, analyze usage, and provide certain features. The following table describes the types of Cookies we use:

Cookie Type

Purpose

Examples

Duration

Strictly Necessary

Essential for Platform operation, security, and authentication

Session cookies, security tokens, load balancing

Session or 12 months

Performance and Analytics

Usage statistics, error tracking, performance monitoring

Google Analytics, error logging

12-24 months

Functional

User preferences, language settings, customization

Language selection, UI preferences

12 months

Marketing (with consent)

Track effectiveness of marketing campaigns

Email campaign tracking, referral sources

12 months

Table 3: Cookie types and purposes

11.2 Managing Cookie Preferences

You can control Cookie settings through:

  1. Our Cookie preference center available at cargoez.com/cookie-settings

  2. Your browser settings (most browsers allow you to refuse or delete Cookies)

  3. Opt-out mechanisms for specific analytics services (e.g., Google Analytics opt-out)

Note: Disabling strictly necessary Cookies may affect Platform functionality and your ability to access certain features.

11.3 Do Not Track Signals

Our Platform does not currently respond to "Do Not Track" signals from browsers because no uniform standard has been adopted. We will continue to monitor developments in Do Not Track technology.

12. Complaints and Grievance Redressal

12.1 Internal Grievance Mechanism

We are committed to resolving privacy concerns promptly and fairly. If you have a complaint about our privacy practices:

Contact Our Privacy Officer:

  1. Name: Surya Dhamija

  2. Email: privacy@cargoez.com

  3. Address: AVOW Solutions Inc., Attn: Privacy Officer, Surya Dhamija

Grievance Process:

  1. Submit your complaint in writing via email or mail, providing details of your concern

  2. We will acknowledge receipt within 3 business days

  3. We will investigate the complaint and respond within 30 days with our findings and proposed resolution

  4. If you are not satisfied with our response, you may escalate within our organization or pursue external remedies

12.2 Regulatory Complaints

You have the right to lodge complaints with relevant data protection authorities:

For California Residents:

  1. California Privacy Protection Agency (CPPA)

  2. Website: cppa.ca.gov

  3. California Attorney General's Office

For Indian Residents:

  1. Data Protection Board of India

For Other Jurisdictions:

Contact your local data protection authority or supervisory body.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Services. When we make material changes, we will:

  1. Update the "Last Updated" date at the top of this Policy

  2. Notify you via email to the address associated with your account at least 30 days before the changes take effect

  3. Post a prominent notice on our Platform

  4. For material changes affecting your rights, obtain your consent where required by applicable law

Your continued use of the Services after the effective date of changes constitutes acceptance of the updated Policy. If you do not agree to the changes, you may terminate your account in accordance with our Terms and Conditions.

We encourage you to review this Policy periodically to stay informed about our privacy practices.

14. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact:

AVOW Solutions Inc.
Privacy Officer: Surya Dhamija
Email: privacy@cargoez.com
Support: support@cargoez.com
Website: www.cargoez.com
Address: 1817 Houret Court, Milpitas,California, 95035.
Phone: +1 (408) 715-4600

For Legal and Compliance Inquiries:
Email:legal@cargoez.com

15. Acknowledgment and Acceptance

BY ACCESSING OR USING THE CARGOEZ SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND AGREE TO THE COLLECTION, USE, DISCLOSURE, AND PROCESSING OF YOUR PERSONAL DATA AS DESCRIBED HEREIN. IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY, PLEASE DO NOT USE OUR SERVICES.