Lumo

Browse Lumo

← Back to Shop
Privacy Policy

Last updated: January 12, 2025

Introduction

Welcome to Lumo ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

By using our services, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Personal Information

We collect the following personal information when you create an account:

  • Name: Your full name for account identification
  • Email Address: For account login, order confirmations, and communications
  • Phone Number: For account verification and order updates (SMS)
  • Password: Securely hashed and stored for account access

Order Information

When you place an order, we collect:

  • Shipping address
  • Billing information
  • Payment method details (processed securely by our payment provider)
  • Order history and preferences

Automatically Collected Information

  • IP address and location data
  • Browser type and version
  • Device information
  • Pages visited and time spent on site
  • Cookies and similar tracking technologies

How We Use Your Information

We use your information for the following purposes:

  • Account Management: To create and maintain your account
  • Order Processing: To process and fulfill your orders
  • Communication: To send order confirmations, shipping updates, and customer service messages
  • Verification: To verify your email and phone number for security
  • Security: To prevent fraud and protect against unauthorized access
  • Improvement: To analyze usage and improve our services
  • Marketing: To send promotional offers (with your consent)
  • Compliance: To comply with legal obligations

Email and Phone Verification

We require both email and phone verification to ensure account security and prevent fraudulent activity. Your email and phone number are verified through:

  • Email: Verification link sent to your email address
  • Phone (SMS): 6-digit one-time password (OTP) sent via SMS

These verification codes expire after 5 minutes for security reasons. Your phone number is stored in normalized E.164 international format.

Data Security

We implement industry-standard security measures to protect your information:

  • Passwords are hashed using bcrypt encryption
  • SSL/TLS encryption for data transmission
  • Rate limiting to prevent brute-force attacks
  • Secure authentication via Supabase Auth
  • Regular security audits and updates
  • Email validation to block disposable addresses
  • Phone number uniqueness enforcement

Uniqueness Requirements

To prevent abuse and ensure account security:

  • Each email address can only be used for one account
  • Each phone number can only be used for one account
  • We check for duplicate accounts during signup
  • Attempts to create duplicate accounts will be blocked with a clear error message

Sharing Your Information

We do not sell your personal information. We may share your information with:

  • Service Providers: Payment processors, shipping carriers, SMS providers
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In the event of a merger, acquisition, or sale

Your Rights (GDPR Compliance)

If you are in the European Economic Area (EEA), you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restriction: Request restriction of processing
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to processing of your data
  • Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, please contact us at privacy@lumo.shop

Data Retention

We retain your information:

  • Account Data: As long as your account is active
  • Order Data: For 7 years for tax and legal compliance
  • OTP Codes: Automatically deleted after 24 hours
  • Rate Limit Data: Automatically deleted after 7 days

Cookies

We use cookies and similar technologies to:

  • Maintain your logged-in session
  • Remember your preferences
  • Analyze site traffic and usage
  • Improve user experience

You can control cookies through your browser settings.

Third-Party Services

We use the following third-party services:

  • Supabase: Authentication and database hosting
  • Vercel: Website hosting and deployment
  • SMS Provider: Twilio/MessageBird for phone verification
  • Payment Processor: For secure payment processing

These services have their own privacy policies and we recommend reviewing them.

Children's Privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically.

Contact Us

If you have any questions about this Privacy Policy, please contact us:

    Need help?