Privacy Policy

Last updated: June 26, 2026

1. Introduction

LeFast ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our WhatsApp Gateway API platform, website, and related services (collectively, the "Service").

By accessing or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.


2. Information We Collect

2.1 Personal Information

When you register for an account, we collect:

  • Full name or username
  • Email address
  • Phone number (optional)
  • Account credentials (password, stored encrypted)

2.2 Payment Information

When you subscribe to a paid plan, payment processing is handled securely by our third-party payment processor Midtrans. We do not store full credit card numbers or banking details on our servers. Midtrans may collect billing information such as:

  • Credit/debit card details (processed via PCI DSS compliant systems)
  • Bank transfer references
  • Billing address

2.3 Usage Data

We automatically collect certain information when you use the Service:

  • API request logs (endpoint, timestamp, IP address, status codes)
  • Message delivery statistics (sent, delivered, read, failed counts)
  • Device connection status and history
  • Browser type, operating system, and device information
  • Pages visited and features used within our dashboard

2.4 WhatsApp Message Data

When you use the Service to send or receive WhatsApp messages, the following data passes through our system:

  • Message content (text, images, videos, documents, audio)
  • Recipient phone numbers
  • Message metadata (timestamps, delivery status, message IDs)
  • Webhook payloads (if configured)

Important: We do not store message content permanently unless necessary for delivery logs or as required by applicable law. Message logs may be retained for a limited period (typically 30 days) for troubleshooting and analytics purposes.


3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Delivery: To process and deliver WhatsApp messages, manage devices, and maintain your account.
  • Billing: To process subscription payments, generate invoices, and manage renewals.
  • Support: To respond to your inquiries, troubleshoot issues, and provide customer support.
  • Improvement: To analyze usage patterns, optimize performance, and develop new features.
  • Security: To detect and prevent fraud, abuse, unauthorized access, and violations of our Terms of Service.
  • Compliance: To comply with legal obligations, court orders, and regulatory requirements.

4. Data Sharing and Disclosure

We may share your information in the following circumstances:

4.1 Service Providers

We engage trusted third-party service providers to perform functions on our behalf:

  • Midtrans — Payment processing and fraud detection
  • Redis — In-memory data caching for message queue processing
  • Cloud Infrastructure Providers — Server hosting and data storage

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal requests by public authorities (e.g., a court order or government agency).

4.3 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Service of any change in ownership.

4.4 With Your Consent

We may share your information for any other purpose with your explicit consent.


5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you the Service. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

  • Account data: Retained until account deletion request is processed.
  • Message logs: Retained for up to 30 days unless otherwise required.
  • API logs: Retained for up to 90 days for security auditing.
  • Invoice records: Retained for 5 years as required by tax regulations.

6. Data Security

We implement appropriate technical and organizational security measures to protect your data, including:

  • Encryption of data in transit using TLS 1.3
  • Encrypted storage of sensitive data at rest
  • API key authentication for all API requests
  • IP whitelisting support for enhanced access control
  • Regular security audits and vulnerability assessments
  • Access controls and employee training on data protection

However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.


7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data (subject to legal retention requirements).
  • Portability: Request transfer of your data to another service provider.
  • Objection: Object to processing of your personal data for certain purposes.
  • Withdraw Consent: Withdraw consent at any time where we relied on your consent to process data.

To exercise any of these rights, please contact us at support@lefast.example.com.


8. Cookies and Tracking

We use essential cookies to maintain your session and authenticate your access to the dashboard. We may also use analytics cookies to understand how you interact with our website. You can control cookie preferences through your browser settings.

We do not use cookies for advertising or tracking across third-party websites.


9. Third-Party Links

The Service may contain links to third-party websites or services that are not owned or controlled by us. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites.


10. Children's Privacy

The Service is not intended for individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will take steps to delete it.


11. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.


12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date at the top. We may also notify you via email for significant changes.


13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us: