Privacy Policy
Last Updated: July 12, 2026
Welcome to Lemah ("we," "our," or "us"). We are committed to protecting the privacy and security of our users (referred to as "Merchants" or "Agencies") and their end-customers ("End-Users"). This Privacy Policy explains how Lemah.app collects, processes, stores, and handles data when integrated with Meta Platforms (including Instagram Graph API, Facebook Messenger API, and WhatsApp Business API), Shopify, WooCommerce, and other communication channels.
1. Information We Collect
To provide automated customer messaging, order syncs, and multi-tenant inbox sorting, Lemah processes the following information:
A. Information Provided Directly by Merchants
- Account Registration Data: Name, business email, phone number, and billing parameters managed securely through Stripe.
- Integration Context Data: Store information, product catalogues, and FAQ documentation uploaded to the Lemah Knowledge Lab to train custom routing pathways.
B. Information Processed via Third-Party Integrations (Meta Graph APIs)
When a Merchant connects an Instagram Page, Facebook Messenger Page, or WhatsApp Business account, Lemah acts as a data processor. We collect:
- Scoped User Identifiers (PSIDs / IGSIDs): Unique numeric identifiers assigned by Meta to map individual end-user chats cleanly without tracking real-world identities.
- Messaging Metadata: Incoming and outgoing message strings, media attachments, time-stamps, and webhook payloads sent by Meta to our FastAPI orchestration gateway.
- Public Profile Data: Basic username fields or profile pictures shared natively by the platform during an incoming messaging event to facilitate community management layouts.
2. How We Use the Data
Lemah utilizes the processed metadata strictly to power your digital commerce infrastructure:
- Automated Conversational Responses: Evaluating incoming customer strings against Tier 1 (Static Matching Rules) and Tier 2 (AI Auto-Pilot pipelines) to instantly return automated replies to end-users.
- Multi-Tenant Organization: Distributing chat windows accurately to your agency or community manager dashboards on the interface.
- Operational Monitoring: Debugging webhook latencies, preventing infinite message loop bugs, and calculating exact active node channel licenses for invoicing.
Lemah does not sell, lease, or distribute end-user message transcripts to outside brokers. We explicitly confirm that user conversation logs processed via the Meta Graph API are never utilized to train public, baseline Artificial Intelligence foundational models.
3. Data Storage, Security, and Retention
- Encryption Parameters: All data payloads are encrypted at rest and in transit utilizing industry-standard TLS 1.3 cryptographic secure wrappers before hitting our relational databases.
- Data Minimization Framework: Message logs and transactional webhook strings are automatically pruned or fully anonymized after 30 days of inactivity unless a Merchant's configuration rules require extended retention for CRM history synchronization.
4. User Data Deletion and Control Rights
Under local protection regulations and Meta Platform terms, both Merchants and End-Users hold absolute control over their digital footprint.
How to Invoke Your Data Deletion Rights:
Users can completely purge their records from the Lemah network at any moment using our manual or automated deletion pathways:
Navigating to the Settings panel and deleting a connected Facebook/Instagram channel instantly deletes all corresponding access tokens and triggers a backend purge cascade.
Any individual can initiate a total database erasure by sending an email request to compliance@lemah.app. Our automated pipeline will execute a complete hard purge within 48 hours.
5. Contact Information
For privacy inquiries, security reporting, or data compliance escalations, please contact our Data Security Desk:
- compliance@lemah.app