Data Deletion Policy
1. Introduction
This policy outlines how users of the lumecoco platform (accessed via
lumecoco.com
) can request the deletion of personal data collected through Facebook Login. We are committed to protecting your privacy and complying with global data protection regulations, including the EU GDPR, CCPA, and other regional laws.2. Data Collected via Facebook Login
When you log in using your Facebook account, we collect the following minimal necessary information to provide our services:
- Basic Identity Data: Name, Facebook User ID, registered email address
- Technical Login Data: Login timestamps, device IP (for security verification only)
- Account Association Data: Platform user ID created via Facebook Login and binding relationships
3. Your Right to Data Deletion
You may request deletion of all or part of the above data at any time. Our processing 流程 follows these steps:
3.1 How to Submit a Deletion Request
Send an email to: service@lumecoco.com
- Subject Line: [Data Deletion Request] + Your Facebook User ID
- Include in the body:
- Full Facebook User ID (found in Facebook Settings > Account Information)
- Email address associated with your Facebook account
- Optional: Last login date or approximate registration time
3.2 Identity Verification
To protect account security:
- We will send a verification link to the email address used to submit the request
- Please click the link within 72 hours to confirm your identity
- Unverified requests will automatically expire
3.3 Processing Timeline
We will:
- Acknowledge receipt of valid requests within 3 business days
- Complete data deletion within 15 business days of verification
- Send a confirmation email with deletion results to your registered email
4. How We Execute Data Deletion
4.1 Storage & Deletion Standards
- Storage Location: Data is stored in ISO 27001-certified data centers in the USA (powered by Ueeshop SaaS infrastructure), no cross-border data transfer
- Deletion Methods:
- Primary Database: Permanent record deletion (irrecoverable) using secure erase protocols
- Backups: Automated purge of all backups within 30 days of deletion request
- Third Parties: Notify payment/logistics partners (e.g., Stripe, DHL) to delete associated data 同步
4.2 Special Cases
- Unsettled Orders: Data related to unpaid orders will be retained for 30 days after order completion (contact support for early deletion)
- Legal Retention: Tax-related transaction records are kept for 7 years as required by US tax law; other data is deleted immediately
5. Security & Accountability
5.1 Technical Safeguards
- Data Transfer: Encrypted via TLS 1.3, API keys rotated every 90 days
- Access Control: Role-based access (only authorized technicians can process deletions)
- Audit Logs: Deletion activities logged for 180 days (including timestamps, IPs, and data identifiers)
5.2 Compliance Framework
We adhere to:
- EU General Data Protection Regulation (GDPR) Article 17 (Right to Erasure)
- California Consumer Privacy Act (CCPA) Section 1798.105
- Japan's Act on the Protection of Personal Information
- Australia Privacy Act 1988 and other regional privacy laws
6. Policy Updates & Notifications
- Revised policies will be posted at lumecoco.com/privacy and notified via in-platform messages (for major changes, 30-day advance notice via Facebook Login prompt)
- Previous policy versions are available upon request to service@lumecoco.com
7. Contact Us
For questions about this policy or data deletion:
- Email: service@lumecoco.com
- Support Hours: 9:00-18:00 , weekdays
