Zecto Communications ("Zecto," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Communication Platform as a Service ("the Service"). By using the Service, you consent to the data practices described in this policy.

1. Information We Collect
   1.1 Account Information
   When you register for an account, we collect information such as your name, email address, phone number, company name, billing address, and payment information.
   1.2 Identity and Legal Documentation
   As required by the Pakistan Telecommunication Authority (PTA) and other regulatory bodies, we collect the following documentation for verification and compliance purposes:

• National Identity Card (CNIC or National ID)

• Company registration documents and legal documentation

• In certain cases, judicial stamp paper or other legal instruments

• Business licenses and certificates as applicable

This information is collected solely for service provision and regulatory compliance. All identity and legal documentation is stored securely in our systems and is subject to strict access controls.

1.3 Usage Data
We collect information about how you use the Service, including API calls, message volumes, delivery reports, call logs, and feature usage statistics.
1.4 Communications Data
We process communications data that you send through our platform, including SMS content, voice recordings, WhatsApp messages, email content, and recipient information. This data is processed to deliver your communications and provide the Service.
1.5 Technical Information
We automatically collect technical information such as IP addresses, browser type, device information, operating system, and access times when you interact with our platform.
1.6 Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance user experience, analyze usage patterns, and improve our Service. You can control cookie preferences through your browser settings.

2. How We Use Your Information
2.1 We use the collected information to:

• Provide, operate, and maintain the Service

• Verify your identity and prevent fraud

• Comply with regulatory requirements set by the Pakistan Telecommunication Authority (PTA)

• Process and deliver your communications

• Process payments and manage billing

• Provide customer support and respond to inquiries

• Monitor and analyze usage patterns to improve the Service

• Detect, prevent, and address technical issues and security threats

• Comply with legal obligations and regulatory requirements

• Send administrative information, updates, and service notifications

• Enforce our Terms of Service and other agreements

2.2 Your identity documents and legal documentation are used exclusively for:

• Account verification and onboarding

• Regulatory compliance with PTA requirements

• Fraud prevention and security purposes

• Legal and regulatory reporting obligations

2.3 We do not use your communications content, identity documents, or legal documentation for marketing purposes or share them with third parties for their marketing purposes.

3. How We Share Your Information
3.1 Service Providers
We share information with third-party service providers who perform services on our behalf, including payment processors, cloud hosting providers, and telecommunications carriers. These providers are contractually obligated to protect your information.
3.2 Telecommunications Partners
We share necessary information with telecommunications providers (Jazz, Telenor, Ufone, Zong, and others) to deliver SMS and voice services. This sharing is essential for service delivery.
3.3 Legal Requirements
We may disclose your information when required by law, court order, or governmental request, or to:

• Comply with legal processes and regulatory requirements

• Enforce our Terms of Service

• Protect the rights, property, or safety of Zecto, our users, or the public

• Cooperate with Pakistan Telecommunication Authority (PTA) investigations and audits

• Respond to law enforcement requests

• Fulfill regulatory reporting obligations

3.4 Business Transfers
If Zecto is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.
3.5 With Your Consent
We may share your information with third parties when you explicitly consent to such sharing.
3.6 We will never share your identity documents or legal documentation with third parties except when required by law, regulatory authorities, or with your explicit consent.

4. Data Retention
4.1 We retain your account information for as long as your account is active or as needed to provide the Service.
4.2 Communications data is retained according to the following schedule:

• SMS delivery logs: 90 days

• Voice call records: 90 days

• Email logs: 90 days

• WhatsApp message logs: 90 days

4.3 Identity documents and legal documentation (National ID, company documents, judicial stamp papers) are retained as follows:

• While your account is active: Stored securely for regulatory compliance

• Upon account deletion request: Retained for 30 days following account deletion to meet regulatory compliance requirements

• After 30-day period: Permanently deleted from our systems

4.4 Billing and payment information is retained for 7 years to comply with financial record-keeping requirements.
4.5 We may retain certain information for longer periods when required by law, regulatory directive, or for legitimate business purposes such as fraud prevention and regulatory compliance.
4.6 You may request deletion of your data by contacting us. Please note that due to regulatory requirements, some information including identity documents will be retained for 30 days after account deletion before being permanently removed from our systems.

5. Data Security
5.1 We implement industry-standard security measures to protect your information, including:

• Encryption of data in transit using TLS/SSL

• Encryption of sensitive data at rest, including all identity documents and legal documentation

• Regular security assessments and vulnerability testing

• Access controls and authentication mechanisms

• Restricted access to identity documents and legal documentation (accessible only to authorized personnel)

• Employee training on data security and privacy

• Monitoring and logging of system access

• Secure document storage with multi-factor authentication requirements

5.2 Identity documents and legal documentation are subject to enhanced security measures:

• Stored in encrypted, access-controlled systems

• Access logged and monitored

• Regular security audits

• Segregated storage from general user data

5.3 While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.
5.4 You are responsible for maintaining the security of your account credentials and should notify us immediately of any unauthorized access.

6. Your Rights and Choices
6.1 Access and Correction
You have the right to access and update your account information at any time through your account dashboard or by contacting us. For access to your identity documents and legal documentation, please contact our Data Protection Officer.
6.2 Data Portability
You may request a copy of your data in a structured, commonly used format by contacting us. This includes your identity documents and legal documentation.
6.3 Deletion
You may request deletion of your account and associated data, subject to our legal retention obligations. Please note:

• Identity documents and legal documentation will be retained for 30 days after account deletion as required by regulatory compliance

• After the 30-day period, all such documents will be permanently deleted from our systems

• Some information may be retained in backup systems for a limited period

• Certain records may be retained longer if required by law or regulatory directive

6.4 Opt-Out
You may opt out of non-essential communications from us by following the unsubscribe instructions in our emails or contacting us directly.
6.5 Cookie Preferences
You can control cookie settings through your browser preferences. Note that disabling cookies may affect the functionality of the Service.

7. International Data Transfers
7.1 Your information, including identity documents and legal documentation, is primarily stored and processed in Pakistan.
7.2 If we transfer data outside Pakistan, we ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable laws.
7.3 Identity documents and legal documentation are not transferred outside Pakistan without explicit regulatory approval or legal requirement.

8. Third-Party Links and Services
8.1 Our Service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties.
8.2 We encourage you to review the privacy policies of any third-party services you access through our platform.

9. Children's Privacy
9.1 The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children.
9.2 If we become aware that we have collected information from a child under 18, we will take steps to delete such information promptly.

10. Regulatory Compliance
10.1 Zecto complies with regulations issued by the Pakistan Telecommunication Authority (PTA) and other applicable regulatory bodies.
10.2 The collection of identity documents and legal documentation is mandated by PTA regulations and is necessary for:

• Service activation and provisioning

• Prevention of fraud and misuse

• Compliance with national security requirements

• Regulatory audits and inspections

10.3 We maintain records and provide information to regulatory authorities as required by law.
10.4 Our License Number: CVAS Pakistan/2083/2025

11. Changes to This Privacy Policy
11.1 We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or regulatory directives.
11.2 We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date.
11.3 We may also notify you via email or through the Service for significant changes.
11.4 Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

12. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Zecto Communications
Email: legal@depts.zecto.io

For specific inquiries about your identity documents or legal documentation, please contact our Data Protection Officer directly.

For complaints or concerns about our privacy practices, you may also contact the Pakistan Telecommunication Authority (PTA) or other relevant regulatory authorities.

By using Zecto's services, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein, including the collection and retention of identity documents and legal documentation as required by regulatory authorities.