Privacy Notice
Last updated: 2026-05-09
This privacy notice explains how the DSP Portal (“we”, “us”, “the Portal”) collects, uses, retains, and protects personal information when you use our service. The Portal is operated by AIMS Logistics LLC and is provided as a tool for Amazon Delivery Service Partners (“DSPs”) to manage their operations. If a DSP has provisioned an account for you, that DSP is the “controller” of your information; we act as the technology provider.
1. Information we collect
1.1 Information you give us directly
- Account & contact: name, work and personal email, phone, address, role (owner / manager / dispatcher / DA).
- Employment information: if you submit an employment application via the Portal, we collect what's on the application form — legal name, preferred name, date of birth, address, employment history (last 5 years), education, references, position you're applying for, optional resume, typed-name signature, the IP address you signed from, and the timestamp of submission.
- Drivers (DAs): Amazon transporter ID, employee ID, hire date, status, qualifications, scheduled shifts, attendance events, performance metrics. This information is sourced both directly and via Amazon's authorized data feeds when your DSP connects them.
- Vehicles you drive or maintain: VIN, license plate, inspection records, repair history, mileage, fuel records.
- Communications: messages you send through the in-app messenger, attachments (photos / voice notes / documents), notifications you've enabled.
1.2 Information we collect automatically
- Device and session: IP address, browser user-agent, session cookies, the time you signed in.
- Audit trail: when you sign in, view, edit, or sign documents through the Portal we record the action, the actor (you), the timestamp, and the data that changed. This is required for accountability and for legal-compliance recordkeeping.
- Push subscription tokens: if you grant permission for push notifications, your browser issues a token we store so we can deliver notifications to your device. We do not use it for tracking.
1.3 What we do not collect
We do not collect Social Security Numbers via the online application. We do not collect bank-account or routing numbers via the Portal. We do not use third-party advertising trackers. We do not collect biometric identifiers.
2. How we use the information
- To provide the Portal's features — rosters, schedules, messaging, applications, fleet records, performance dashboards.
- To process employment applications: route them to the appropriate hiring manager, prevent duplicate / spam submissions, retain or purge per the policies below.
- To deliver operational notifications you've subscribed to (push, in-app, optionally SMS).
- To detect and prevent abuse — rate limits, IP-level lockouts, audit logging.
- To comply with our legal obligations, respond to lawful requests, and defend our legal rights.
We do not sell personal information. We do not share personal information with third parties for their marketing purposes. We do not perform automated decision-making with legal effects on you (no resume-based hiring decisions are made by software; humans review every application).
3. How long we retain it
| Category | Retention |
|---|---|
| Employment application — submitted, awaiting review | 30 days from submission, then auto-purged |
| Employment application — rejected (soft or hard) | 90 days from rejection, then PII fields auto-purged |
| Employment application — hired | Retained as part of the employee record per applicable employment-recordkeeping laws |
| Active employee data (DA, manager, dispatcher) | Retained for the duration of the employment relationship plus standard recordkeeping windows after separation |
| Audit logs & security events | 7 years (for compliance and legal-defense purposes) |
| Push subscription tokens | Retained while active, removed when you unsubscribe or the device fails 3+ delivery attempts |
| Hard-rejected applicant blacklist hash | Indefinite. We retain a one-way hash of (email, date-of-birth) only — the original PII is purged after 90 days. The hash is used solely to enforce the “do not re-hire” decision. |
4. How we secure it
- In transit: every connection is TLS 1.2+ with modern cipher suites.
- At rest: the database lives on access-controlled infrastructure. Sensitive credential fields (e.g., outbound SMTP passwords used for notifications) are encrypted with AES-128 + HMAC.
- Access controls: the Portal enforces tenant isolation — data from one DSP is never returned to a query made by another. Roles (owner / manager / dispatcher / DA) further limit what each user can see.
- Authentication: passwords are stored as bcrypt hashes (never plain). Sessions use HTTP-only secure cookies with strict SameSite. Login attempts are rate-limited per IP and per account.
- Audit: sensitive actions (login, view PII, edit applications, mark hired/rejected) are logged with the actor identity, IP, and timestamp.
No system is 100% secure. We monitor for breaches and will notify affected parties consistent with applicable law.
5. Your rights
Depending on where you live, you may have the right to:
- Know what personal information we have about you and how it's used.
- Request a copy of that information in a portable format.
- Request deletion of your information (subject to legal-retention requirements; e.g., we generally cannot delete payroll-required records during employment).
- Correct inaccurate information.
- Withdraw consent for non-essential processing (e.g., turn off marketing email; you can already do this in-app).
- Not be discriminated against for exercising any of these rights.
To exercise any right, email AIMSLogisticsHR@gmail.com with the subject line “Privacy Request” and a description of what you're asking for. We will respond within 45 days (or as required by your jurisdiction's law). We may need to verify your identity before producing or deleting data.
California residents: this notice is a Notice at Collection and constitutes our compliance with the CCPA / CPRA. New York residents: we comply with the NY SHIELD Act's reasonable-security obligations. Other state residents (CO, CT, VA, UT, TX, etc.) have substantially similar rights and processes.
6. Subprocessors
We use the following third parties to operate the Portal. None of them sell your data:
- IONOS — hosting (United States data center)
- Amazon Logistics — data feeds and reports we are authorized to receive about your DSP's operations
- Browser push providers — Microsoft (WNS), Google (FCM), Apple (APNs) for delivering push notifications
7. Children's privacy
The Portal is not directed to children. We do not knowingly collect personal information from anyone under 18.
8. Changes to this notice
We will update this page when our practices change and revise the “Last updated” date. Material changes will be communicated to active users via the in-app messenger.
9. Contact
AIMS Logistics LLC
Email: AIMSLogisticsHR@gmail.com