AGTS - Aquiii Global Trade Solutions

Privacy Policy

Last updated: May 2026

DRAFT — pending counsel review. This document is presented for transparency and as a basis for legal review. Final terms will be issued by counsel.

Aquiii Global Trade Solutions ("AGTS", "we", "us", "our") operates the B2B trade platform available at a-g-t-s.com and related properties. This Privacy Policy describes the personal data we process, why we process it, who we share it with, how long we keep it, and what rights you have.

1. Who we are

The data controller is Safa Global Ventures S.A. de C.V. (or its applicable affiliate for your region). Contact: privacy@safa.mx. For users in Mexico, we comply with the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP) and its regulations.

2. Personal data we collect

We collect: (a) account data (name, email, phone, password hash, role, locale, RFC/Razón Social for Mexican entities); (b) company data (company name, country, sector, tax IDs, certifications); (c) transactional data (RFQs, quotes, orders, payment metadata from Stripe, supplier ratings); (d) communication data (messages, support tickets, inquiry forms); (e) technical data (IP address, browser, device, cookies, log files, error reports); (f) verification data submitted during factory audits or KYB checks (documents, photos, audit reports).

3. Why we process your data (lawful bases)

Performance of contract: to provide the platform, process orders, and deliver services you request. Legitimate interest: to operate, secure, and improve the platform, prevent fraud, and conduct B2B marketing to commercial contacts. Legal obligation: to comply with tax, anti-money-laundering, and trade-compliance requirements. Consent: where required for non-essential cookies and certain communications (you can withdraw consent at any time).

4. Who we share data with

Counterparties on the platform — buyers see verified suppliers and vice versa, including company information necessary to transact. Service providers — Stripe (payments), SendGrid (email), Neon and AWS (hosting and storage), Vercel (application hosting), Sentry (error monitoring), and similar processors bound by data-processing agreements. Authorities — when required by law, court order, or to protect rights, property, or safety. Corporate transactions — in case of merger, acquisition, or financing, with appropriate safeguards. We do not sell personal data.

5. International transfers

Personal data may be processed in the United States, the European Union, and other countries where our service providers operate. Where required, transfers rely on Standard Contractual Clauses or equivalent safeguards.

6. Retention

Account data: while your account is active, plus up to seven years after closure for tax, accounting, and dispute-resolution purposes. Transactional records: at least five years (Mexico) or as required by applicable law. Marketing data: until you opt out, plus a short suppression window. Security logs: 12 to 24 months. Backups follow the same horizon plus a short technical-rollover period.

7. Your rights

Subject to your jurisdiction, you may request: access to your data, correction of inaccurate data, deletion ("right to be forgotten"), restriction or objection to processing, portability (machine-readable export), and withdrawal of consent. Mexican users have ARCO rights (Access, Rectification, Cancellation, Opposition) under LFPDPPP. To exercise any right, email privacy@safa.mx with proof of identity. We respond within applicable statutory timeframes.

8. Security

We protect data with TLS in transit, encryption at rest where supported by our providers, role-based access controls, JWT-based session management with refresh-token rotation, audit logging of administrative actions, and periodic security review. No system is perfectly secure; we cannot guarantee absolute security.

9. Cookies and similar technologies

We use strictly necessary cookies for authentication and security, and (with consent) functional and analytics cookies. See our Cookie Policy at /cookies for details.

10. Children

AGTS is a B2B platform intended for users acting in a professional capacity. We do not knowingly collect data from individuals under 18. If you believe a minor has provided data, contact us and we will delete it.

11. Changes to this policy

We may update this Policy from time to time. Material changes will be communicated by email to registered users or by prominent notice on the platform. The "Last updated" date above reflects the most recent revision.

12. Contact and complaints

Privacy questions: privacy@safa.mx. Mexican users may also lodge a complaint with INAI (https://home.inai.org.mx). EU/EEA users may contact their local supervisory authority.

This document is provided for transparency. It is a draft pending review by qualified legal counsel and does not constitute legal advice. The final, counsel-approved version will supersede this document upon publication.