1. Introduction & Scope

Lego Solution (also referred to as “we”, “us”, “our”, or “Legosols”) is a tech provider based in Pakistan, offering services that integrate with Meta / WhatsApp Business APIs to enable messaging, automation, notifications, etc.

This Privacy Policy describes how we collect, use, store, share, and protect personal data in relation to our website legosols.com, our application(s), APIs, and all associated services (collectively, the “Services”).

By using our Services, you consent to the practices described in this policy. If you do not accept this policy, please do not use our Services.

2. Definitions

• Personal Data / Personal Information: Any information that identifies or can identify an individual (e.g. name, phone number, email, IP address).
• Processing: Any operation performed on personal data — collection, storage, use, sharing, deletion, etc.
• Controller / Processor: We determine the purposes and means of processing. In some contexts, we may act as a processor on behalf of a client.
• User / Customer: A person or business using our Services.
• Meta / WhatsApp Data: Data or metadata received from WhatsApp / Meta APIs (message status, timestamps, etc.).
• Sub-processor / Service Provider: External entities we use (hosting, analytics, storage, email, etc.).

3. What Data We Collect / Receive

a) Data You Provide

- Name, business name, email address, phone number, address, profile details
- Opt-in consents, preferences, message templates, message content (as permitted), user feedback or support requests

b) Data from WhatsApp / Meta APIs

- Message metadata (timestamps, delivery status, sender/recipient identifiers)
- Device or connection metadata (IP address, device identifiers, OS)
- Logs, usage statistics, performance metrics

c) Automatically Collected / Technical Data

- Cookies, local storage, analytics (page views, interactions)
- IP address, browser type, device model, screen resolution, locale, referrer
- Error logs, crash reports

d) From Third Parties

- If you integrate or allow third-party services (CRM, marketing tools), we may receive additional data from them.

4. Purposes of Processing / How We Use Data

We may use the data for:

• Operating, managing and maintaining the Services (message delivery, routing, notifications)
• Authenticating / identifying users
• Improving and developing features, analytics, monitoring performance
• Communications (support, updates, announcements)
• Personalizing experience, customized content (if applicable)
• Marketing and promotions (if you opt-in)
• Legal compliance, fraud prevention, dispute resolution
• Business operations (backups, audits, record-keeping)

5. Legal Basis & Consent

- Where required, we rely on user consent for processing.
- Some processing is necessary to perform the contract (i.e. to deliver the services you requested).
- We may also rely on legitimate interests (e.g. analytics, security), provided they do not override your rights.
- By using the Services or providing your data, you agree to this policy. You can withdraw consent where allowed; note, some services may then not function.

6. Cookies, Tracking & Analytics

We use cookies, pixels, local storage, and similar technologies to track interactions, manage sessions, remember preferences, measure performance, and ensure security.
Third-party analytics or advertising services may also set cookies (e.g. Google Analytics).
You can disable or block cookies in your browser settings, but this may impact site functionality or certain features.

7. Sharing Data / Third Parties

We may share data in the following ways:

• With sub-processors / service providers (hosting, email, analytics) under confidentiality obligations
• With Meta / WhatsApp as necessary for integration (message routing, metadata exchange)
• With affiliates or business partners (if explicitly consented or under agreement)
• To comply with legal obligations (court orders, law enforcement)
• If our business merges / is acquired, data may be transferred under safeguards

We will not sell your personal data to unrelated third parties.
If data is transferred across borders, we will ensure appropriate safeguards (e.g. contracts, encryption).

8. Security of Data

We implement technical and organizational measures to protect your data (e.g. encryption in transit and at rest, access controls, secure infrastructure).
Access is limited to authorized personnel on a need-to-know basis.
Regular security audits and reviews will be conducted.
However, no system is 100% secure — we cannot guarantee absolute security but will act quickly if breaches occur.

9. Data Retention & Deletion

- We retain personal data only as long as needed for the purposes collected (or as legally required).
- After that, data will be deleted, anonymized, or destroyed securely.
- You may request deletion or anonymization of your data at any time (see Section 11).
- If you stop using the Services, data may remain for a grace period (e.g. 6 months) before final deletion.

10. Users’ Rights

You have the following rights (depending on applicable law):

• Access your personal data
• Rectify or correct inaccurate / incomplete data
• Delete / erase data (where feasible)
• Object to or restrict processing
• Withdraw consent
• Data portability (where applicable)
• Lodge complaint with a supervisory authority (if applicable)

To exercise these rights, contact us via the contact info below. We will respond within a reasonable timeframe (e.g. 30 days).

11. Opt-Out / Unsubscribe / Message Preferences

- For marketing messages (if any), you may opt out at any time by email or via links provided.
- For WhatsApp / messaging, you may stop receiving messages (e.g. by replying “STOP” or contacting us).
- Note: if you opt out, certain features may cease functioning.

12. Children & Minors

- Our Services are not intended for minors (under 18).
- We do not knowingly collect personal data from minors.
- If we discover we have collected data from a minor without proper consent, we will delete it immediately.

13. Changes to This Privacy Policy

We may update this policy periodically (e.g. for new features or legal changes).
When changes occur, we will update the “Last Updated” date and, where feasible, notify you (via email, banner, or in-app).
Continued use of Services after changes indicates acceptance of the revised policy.

14. Governing Law & Jurisdiction

This Privacy Policy is governed by the laws of Pakistan.
Any disputes shall be resolved in the courts or via arbitration in Lahore, Pakistan.

15. Contact Information

16. Additional WhatsApp / Meta Integration Disclosures

- Because our Services integrate with WhatsApp / Meta APIs, we may receive message metadata, delivery receipts, status updates, etc.
- Depending on implementation, message content may be end-to-end encrypted (so we may not have direct access to content).
- Some data may pass through or be stored on infrastructure controlled or used by Meta.
- You should also comply with WhatsApp Business Messaging Policy and Meta’s developer / privacy requirements.
- Our privacy policy must accurately describe what data is collected and for what purpose, as required by Meta developer policies.