Privacy Policy

Effective Date: April 2026

Last Updated: April 2026

This Privacy Policy explains how Lesh Hek ("we," "us," "our," or "Lesh Hek") collects, uses, protects, and shares your personal information when you use our mobile application (the "App"), website (https://leshhek.augminter.com), and related services (collectively, the "Service").

Lesh Hek is committed to protecting your privacy and ensuring you have a transparent understanding of how your personal data is handled. We operate with dignity, security, and consent as core principles.

Important: This is a template for informational purposes. Consult with a qualified attorney for legal advice specific to your situation.

1. Introduction & Jurisdiction

Lesh Hek operates in Lebanon and is committed to protecting your privacy under international data protection standards. Although Lebanon does not have a comprehensive data protection law, we voluntarily adopt privacy principles aligned with GDPR (General Data Protection Regulation), CCPA (California Consumer Privacy Act), LGPD (Brazil), and PIPEDA (Canada) to ensure your data is treated with the highest level of care and respect.

This policy applies to all personal information collected through:

• The Lesh Hek mobile application (iOS and Android)
• Our website at https://leshhek.augminter.com
• Email communications and customer support
• In-person interactions (if applicable)

If you do not agree with this Privacy Policy, please do not use the Service.

2. Information We Collect

We collect information necessary to deliver menstrual products safely and securely while preventing fraud and duplication. Below is a detailed breakdown:

2.1 Information You Provide Directly

• Phone Number: Used as your unique user identifier and verified via WhatsApp OTP (One-Time Password). This is the only contact method we use for account access.
• Personal Identification:
  • Full name
  • Date of birth
  • Gender identity
• Identity Documents:
  • Front and back of official ID (Lebanese ID, passport, or other government-issued ID)
  • Family documents (if required for household verification)
  • These are encrypted and stored securely on our servers
• Delivery Address:
  • Street address
  • Neighborhood/Area
  • City
  • Landmarks (optional, for delivery accuracy)
• Household Information:
  • Names of household members you wish to register
  • Age or date of birth of household members
  • Relationship to household member (sister, daughter, mother, etc.)
  • Menstruating status of each household member

2.2 Information Collected Automatically

• Device Information:
  • Device type (iOS or Android)
  • Device model and operating system version
  • App version
  • Unique device identifier (FCM token for push notifications)
• Usage Data:
  • Pages or features accessed within the app
  • Time and duration of visits
  • Actions taken (e.g., order submission, document upload)
  • Error logs and crash reports
• Connection Information:
  • IP address (for security and fraud prevention)
  • Network type (WiFi, cellular, etc.)

2.3 Information from Third Parties

We do not actively collect information about you from third parties. However, we may receive information during delivery coordination with our fulfillment partners (name, address, phone number are shared only for delivery purposes).

3. How We Use Your Information

We use the information we collect for the following purposes, all aligned with our mission of providing dignified menstrual product access:

3.1 Service Delivery

• Verify your identity to prevent fraud and duplicate registrations
• Register you and household members for the program
• Process and fulfill monthly product delivery requests
• Update and maintain your delivery address
• Track order status and delivery history

3.2 Communication

• Send WhatsApp OTP codes for account verification
• Send push notifications about order status, delivery updates, and service announcements
• Respond to customer support inquiries
• Notify you of policy changes or service updates

3.3 Security & Fraud Prevention

• Detect and prevent duplicate registrations and fraudulent claims
• Verify identity documents to ensure eligibility
• Monitor account activity for unauthorized access
• Investigate suspicious patterns (e.g., multiple addresses, mismatched identity data)
• Comply with safety and fraud prevention standards

3.4 Legal & Compliance

• Comply with legal obligations if required by Lebanese authorities
• Protect our legal rights and defend against legal claims
• Respond to lawful requests for information from government agencies

3.5 Service Improvement

• Analyze app usage patterns to improve user experience
• Identify technical issues and fix bugs
• Understand service gaps and improve delivery logistics
• Conduct internal research to strengthen the program

3.6 Marketing & Outreach (Anonymized Data Only)

• We do not use your personal data for advertising or marketing
• We may use anonymized, aggregated data (e.g., "100 women in Beirut received products") for impact reporting and fundraising
• Any personal stories shared are only with explicit consent and full anonymization

4. Data Storage & Security

4.1 Where Your Data is Stored

• Identity Documents: Encrypted and stored on AWS S3-compatible secure servers with restricted access
• Personal Information: Encrypted in a MySQL database on secure, access-controlled servers
• Communication Tokens: Stored securely in encrypted format for push notifications and OTP delivery

4.2 Security Measures

We implement industry-standard security measures to protect your data:

• Encryption in Transit: All data transmitted between your device and our servers uses TLS/SSL encryption (HTTPS)
• Encryption at Rest: Sensitive data (identity documents, personal information) is encrypted while stored on servers
• Access Control: Only authorized Lesh Hek staff with verified identity can access personal data, and access is logged
• Secure Authentication: We use WhatsApp OTP instead of passwords to eliminate password-related vulnerabilities
• Presigned URLs: Identity documents are accessed via time-limited, unique URLs that expire after use
• Regular Security Audits: We conduct periodic security reviews and vulnerability assessments
• Fraud Detection: Automated systems monitor for suspicious activity

4.3 Data Retention

We retain your personal information for as long as necessary to:

• Maintain your account and deliver products
• Prevent fraud and duplicate registrations
• Comply with legal obligations
• Resolve disputes or enforce agreements

If you request account deletion, we will securely erase all personal data within 30 days, except where we are required by law to retain it. Backup copies may persist for up to 90 days for disaster recovery purposes.

4.4 Data Breach Notification

In the unlikely event of a data breach that compromises your personal information, we will:

• Notify you via WhatsApp and email within 14 days of discovery
• Provide details of the breach, data affected, and remediation steps
• Offer guidance on protecting yourself (e.g., monitoring your identity, resetting passwords elsewhere)
• Cooperate with Lebanese authorities as required

5. Data Sharing & Third Parties

5.1 We Do NOT Share Your Data With

• Advertising networks or data brokers
• Social media platforms
• Marketing agencies
• Analytics services (except anonymized, aggregated data)
• Any commercial third parties for profit

5.2 We MAY Share Your Data With

Your information may be shared in these limited cases:

Delivery Partners

To fulfill monthly product deliveries, we share the following with our delivery partners:

• Your name and phone number
• Delivery address and landmarks
• Product quantities and preferences

Note: Delivery partners are contractually bound to confidentiality and may only use this information for delivery purposes.

Legal Requirements

We may disclose personal information if required by:

• Lebanese law or court order
• Government agencies or judicial proceedings
• Prevention of harm or illegal activity
• Protection of our legal rights

When legally required to disclose information, we will attempt to notify you in advance, unless prohibited by law.

Service Providers

We may share limited information with service providers who assist us in operating the Service (e.g., cloud hosting providers, SMS delivery services). These providers:

• Are contractually bound to confidentiality
• May only access data necessary to provide their service
• Are prohibited from using data for their own purposes

5.3 SMS & OTP Delivery

Your phone number is transmitted to Vonage (formerly Nexmo) for WhatsApp OTP delivery. Vonage processes this information solely to deliver the OTP code. Review Vonage's privacy policy at https://www.vonage.com/en-us/legal/privacy-policy/.

5.4 No Data Sale or Monetization

We will never sell, rent, or monetize your personal data. Lesh Hek's mission is dignity-first service, not profit extraction from user information.

6. Push Notifications

6.1 Purpose

We send push notifications to keep you informed about:

• Order status updates (approved, processing, shipped, delivered)
• Product availability announcements
• Service maintenance or updates
• Delivery window reminders
• Important account or security notifications

6.2 Opt-Out

You can disable push notifications by:

• iOS: Settings → Notifications → Lesh Hek → Toggle notifications off
• Android: Settings → Apps → Lesh Hek → Notifications → Disable

Note: Disabling push notifications may prevent you from receiving critical order status updates. We recommend keeping them enabled for important delivery information.

6.3 FCM Token Storage

Your Firebase Cloud Messaging (FCM) token is stored securely to enable push notifications. This token is device-specific and does not contain personal information. If you uninstall the app or reset your device, the token becomes inactive.

7. Your Privacy Rights

We believe you have fundamental rights regarding your personal information. Even though Lebanon does not have a comprehensive data protection law, we grant you the following rights voluntarily:

7.1 Right of Access

You have the right to request a copy of all personal information we hold about you, including:

• Your registration details (name, phone, address)
• Household member information
• Order history and delivery records
• Identity documents on file
• Account activity logs

To request access, email privacy@leshhek.augminter.com with the subject "Data Access Request." We will respond within 14 days.

7.2 Right of Correction

You have the right to correct inaccurate or incomplete information. You can update most information directly in the app (name, address, household members). For sensitive data (identity documents), contact our support team at privacy@leshhek.augminter.com.

7.3 Right of Deletion

You have the right to request account deletion and complete removal of your personal data. Upon request, we will:

• Permanently delete your account and all personal information within 30 days
• Erase identity documents from our servers
• Remove you from mailing lists and communication systems
• Retain only anonymized data (e.g., "1 request deleted") for fraud prevention

Note: Deletion is permanent and cannot be reversed. You will not be able to recover your account or request past deliveries.

To request deletion, email privacy@leshhek.augminter.com with the subject "Account Deletion Request." We will confirm deletion completion within 30 days.

7.4 Right to Data Portability

You have the right to receive a copy of your personal data in a structured, commonly used, machine-readable format (e.g., CSV or JSON). To request this, email privacy@leshhek.augminter.com with the subject "Data Portability Request."

7.5 Right to Withdraw Consent

If you have provided consent for specific processing (e.g., push notifications, household data), you can withdraw it at any time by:

• Disabling push notifications in app settings
• Removing household members from your account
• Contacting us at privacy@leshhek.augminter.com

7.6 Right to Lodge a Complaint

If you believe we are violating your privacy rights, you can:

• Contact us at privacy@leshhek.augminter.com to resolve the issue
• Request a formal investigation if you are unsatisfied with our response
• Contact Lebanese authorities or international data protection authorities (if applicable to your jurisdiction)

7.7 How to Exercise Your Rights

To exercise any of the rights above, send an email to privacy@leshhek.augminter.com with:

• Your full name and registered phone number
• The specific right you wish to exercise (e.g., "Data Access Request")
• Any additional details (e.g., date range for activity logs)

We will respond within 14 days with confirmation and next steps. If your request is complex, we may ask clarifying questions.

8. Children's Privacy

8.1 Age Requirements

The Lesh Hek app is designed for women and girls ages 9 and older who menstruate or may menstruate. We recognize that menstruation begins at different ages and is a normal biological process.

8.2 Under 13 Years Old

For girls under 13 years old, we follow enhanced privacy protections:

• Parental Involvement: A parent or legal guardian should be aware that their daughter is using the app and receiving menstrual products
• Minimal Data Collection: We collect only essential information (name, age, phone, delivery address)
• No Advertising: We do not display or target ads to users under 13
• No Third-Party Sharing: We do not share data with third parties except for delivery fulfillment
• Easy Deletion: Guardians can request account deletion at any time

8.3 13-17 Years Old

For teenagers ages 13-17:

• Direct Access: Teens can register and manage their own accounts
• Privacy Standard: Same privacy protections as adults apply
• Parental Requests: Parents may request account information or deletion by contacting privacy@leshhek.augminter.com with proof of guardianship

8.4 No COPPA Violation

Although COPPA (Children's Online Privacy Protection Act) applies only to U.S. operators and users, we voluntarily comply with its principles:

• We do not knowingly collect personal information from children without notice
• We do not use children's data for targeted advertising
• We provide parents with access to their children's data and deletion options
• We maintain a child-safe, dignity-respecting environment

8.5 Safeguarding

If we have reasonable belief that a minor is in danger (e.g., signs of abuse, exploitation), we may:

• Alert relevant authorities in Lebanon
• Temporarily restrict account access for safety
• Share minimal information with child protection services

9. Changes to This Privacy Policy

9.1 Policy Updates

Lesh Hek may update this Privacy Policy as our service evolves, legal requirements change, or we implement new privacy protections. We are committed to transparency and will notify you of material changes.

9.2 How We Notify You

When we make significant changes to this policy, we will:

• Post the updated policy on our app and website with a new "Last Updated" date
• Send a push notification or WhatsApp message to active users
• Ask you to acknowledge the updated policy when you next log in

9.3 Your Choice

If you disagree with changes to this policy, you have the right to:

• Request account deletion before the new policy takes effect
• Stop using the service
• Contact us to discuss your concerns at privacy@leshhek.augminter.com

9.4 Policy History

• April 2026: Initial Privacy Policy published

10. Contact Us

10.1 Privacy Questions & Requests

For any questions about this Privacy Policy or to exercise your privacy rights, contact:

Email: privacy@leshhek.augminter.com
Response Time: We aim to respond within 14 days
What to Include: Your full name, registered phone number, and specific request

10.2 Data Protection Officer

Although Lebanon does not require a Data Protection Officer, Lesh Hek has designated a privacy officer responsible for:

• Overseeing privacy compliance
• Responding to data subject requests
• Investigating data breaches
• Conducting privacy impact assessments

Contact the privacy officer at privacy@leshhek.augminter.com.

10.3 General Inquiries

For non-privacy related questions (app bugs, delivery issues, product information), contact:

Website: https://leshhek.augminter.com
In-App Support: Help section within the Lesh Hek app

10.4 External Authorities

If you believe Lesh Hek is violating your privacy rights and we cannot resolve it internally, you may lodge a complaint with:

• Lebanese regulatory or government authorities (if applicable)
• International data protection authorities in your jurisdiction
• Consumer protection agencies

11. Additional Information

11.1 No Cookies (Except Analytics)

The Lesh Hek mobile app does not use tracking cookies. The website may use minimal cookies for:

• Session management (remembering if you are logged in)
• Basic analytics (page views, user flow) — anonymized only
• Security (CSRF protection)

We do not use cookies for advertising, user profiling, or third-party tracking.

11.2 External Links

This policy applies only to Lesh Hek services. If you click external links (e.g., to SMS provider sites), those third-party services have their own privacy policies. We are not responsible for their privacy practices.

11.3 Offline Data & Local Storage

The Lesh Hek app may store limited information locally on your device (e.g., cached app data, draft forms). This local data:

• Is not encrypted by Lesh Hek (encrypted by your device's OS)
• Is deleted when you uninstall the app
• Is not accessible by Lesh Hek servers

11.4 Compliance Framework

Although Lebanon does not have a comprehensive data protection law, Lesh Hek voluntarily complies with:

• GDPR Principles: Lawfulness, fairness, transparency, data minimization, integrity, confidentiality
• CCPA/CPRA Principles: Consumer rights to know, delete, correct, and opt-out
• LGPD Principles: Consent, transparency, security
• PIPEDA Principles: Accuracy, limiting use, purpose specification

You receive the same protections as users in GDPR, CCPA, and LGPD jurisdictions.

11.5 User Consent & Explicit Agreement

By creating a Lesh Hek account, you:

• Acknowledge you have read and agree to this Privacy Policy
• Consent to the collection and processing of your personal data as described
• Acknowledge you are eligible to use the service (age 9+ and/or resident of Lebanon)
• Agree to provide accurate information

You can withdraw consent for specific processing at any time (e.g., opt out of push notifications, remove household members).

12. Closing Statement

Lesh Hek's mission is to provide menstrual products with dignity. Your privacy and security are essential to that mission. We commit to:

• Collecting only data necessary for service delivery
• Protecting your data with industry-standard security
• Never selling or exploiting your personal information
• Giving you control over your data
• Being transparent about our practices
• Evolving our privacy protections as technology and regulations change

Thank you for trusting Lesh Hek with your information.

Bleeding is not a choice. Dignity is our standard.