1. Introduction
AHF Technologies develops and maintains internal enterprise systems, including an internal ERP used to manage our business operations. We are committed to protecting the confidentiality, integrity, and availability of all data processed within our systems. This Privacy & Data Security Policy explains how we collect, process, store, and protect data and how we securely integrate with trusted external systems.
2. Scope
This policy applies to all employees, contractors, and authorized users of AHF Technologies’ ERP system, and to all data stored, processed, or transmitted within our IT infrastructure or through authorized API integrations.
3. Data We Handle
Our ERP handles internal operational data and limited external business data exchanged securely with trusted partners. This includes:
- Employee Data: names, contact details, and role-based credentials.
- Business Data: orders, inventory records, supplier and logistics information.
- System Data: audit logs, authentication tokens, and activity history.
- Integration Data: securely exchanged information with authorized third-party APIs.
4. Purpose of Data Processing
Data is processed only for legitimate business purposes, such as: managing internal operations; facilitating secure data exchange with suppliers, carriers, and partner systems; enforcing role-based access control; ensuring compliance and audits; and maintaining system performance and security.
5. Information Security Controls
We maintain a multi-layered security framework covering systems, users, and data:
Access Control
Unique accounts and role-based permissions for all users. Administrative access restricted to authorized personnel. All user actions are logged for traceability.
Encryption & Network Security
Data in transit is protected with TLS 1.2 or higher. Passwords and sensitive identifiers are stored using industry-standard hashing. Database and network access are restricted and firewalled.
Application Security
Secure coding practices to prevent injection, CSRF, and XSS vulnerabilities. Regular security audits, vulnerability scans, and patch management. API connections require authenticated tokens and encrypted channels.
Infrastructure Security
Servers protected by multi-layer firewalls, intrusion detection, and malware protection. Regular encrypted backups stored off-site. Logical separation of development, staging, and production environments.
6. Data Retention & Deletion
Data is retained only for as long as required for operational, legal, or audit purposes. When no longer needed, data is securely deleted or anonymized according to internal retention procedures.
7. Employee Responsibilities & Confidentiality
All employees and authorized users must follow internal data-handling and IT security guidelines, sign confidentiality and non-disclosure agreements, and receive regular training on data protection. Misuse or unauthorized access is treated as a disciplinary violation.
8. Monitoring & Incident Response
Continuous monitoring is in place for unauthorized access or system anomalies. An Incident Response Plan (IRP) exists to investigate and mitigate potential breaches. Incidents are documented, reviewed, and remediated; legal notifications are made if required.
9. Third-Party Integrations
Our ERP connects securely with multiple trusted external systems via APIs. We ensure that:
- All integrations use secure authentication protocols and encrypted channels.
- Only the minimum required data is transmitted for intended operational purposes.
- External systems are expected to maintain their own data protection and security obligations.
- No third-party integration is permitted without prior management approval.
10. Compliance & Standards
AHF Technologies aligns with recognized information security principles and relevant legal requirements, GDPR where applicable, and local data protection laws and regulations.
11. Policy Review & Maintenance
This policy is reviewed annually or upon significant organizational, technical, or regulatory changes. Updates are approved by management and communicated internally.