Privacy Policy | 隐私政策
隐私政策 / Privacy Policy
morelove.me
版本 / Version: 2.0
生效日期 / Effective Date: 2026-04-01
最后更新 / Last Updated: 2026-04-01
中文版
1. 引言与数据控制者身份
morelove.me(以下简称"我们"、"本站"或"MoreLove")致力于保护您的个人数据隐私。本隐私政策依据以下法律法规制定:
- 马来西亚《2010年个人数据保护法》(PDPA,Act 709) 及其 2024 年修正案
- 马来西亚《2024年消费者保护(电子贸易交易)条例》
- 参考 欧盟《通用数据保护条例》(GDPR) 相关要求(适用于欧盟/欧洲经济区用户)
数据控制者信息:
| 项目 | 信息 |
|---|---|
| 公司名称 | MoreLove(morelove.me) |
| 注册地址 | [马来西亚公司注册后补充] |
| 数据保护联系邮箱 | privacy@morelove.me |
| 客服 WhatsApp | [待设置] |
| 隐私政策问题响应时间 | 收到请求后 21 个工作日内 |
使用我们的网站及服务,即表示您了解并同意本政策所述的数据处理方式。对于特定数据处理活动(如 AI 虚拟试穿),我们将在相关功能处单独征求您的明确同意。
2. PDPA 七大原则遵从声明
本政策严格遵循马来西亚 PDPA 的七大个人数据保护原则:
| 原则 | 我们的承诺 |
|---|---|
| ① 一般原则 | 未经您的同意,不处理您的个人数据;处理目的合法、明确 |
| ② 通知与选择原则 | 在收集数据前告知您收集目的,并提供选择权 |
| ③ 披露原则 | 仅在本政策声明的范围内向第三方披露数据 |
| ④ 安全原则 | 采取技术和管理措施防止数据泄露、篡改或未授权访问 |
| ⑤ 保留原则 | 数据保留不超过实现目的所需的时间 |
| ⑥ 数据完整性原则 | 确保数据准确、完整、不具误导性且保持最新 |
| ⑦ 访问原则 | 您有权访问和更正我们持有的您的个人数据 |
📋 2024 年修正案新增要求: 强制数据泄露通知、强制任命数据保护官(DPO)、数据可携带权、生物识别数据被纳入敏感数据范畴、违规罚款上限提高至 RM 1,000,000。
3. 数据收集范围
3.1 您主动提供的数据
| 数据类型 | 收集场景 | 收集目的 | 法律依据 |
|---|---|---|---|
| 姓名 | 注册/下单 | 订单处理、身份识别 | 合同履行 |
| 电话号码 | 注册/下单 | 订单通知、客服沟通 | 合同履行 |
| 电子邮箱 | 注册/下单/订阅 | 订单确认、营销通讯(需同意) | 合同履行/同意 |
| 收货地址 | 下单 | 订单配送 | 合同履行 |
| 账单地址 | 下单 | 支付处理和反欺诈 | 合同履行/法律义务 |
| 支付信息 | 结账 | 支付处理(经第三方网关处理) | 合同履行 |
| 账户密码 | 注册 | 账户安全(仅存储加密哈希值) | 合同履行 |
| 客服沟通记录 | 咨询/投诉 | 服务质量保障和争议解决 | 合法利益 |
| 商品评价 | 自愿提交 | 帮助其他顾客参考 | 同意 |
3.2 自动收集的数据
| 数据类型 | 收集方式 | 收集目的 | 法律依据 |
|---|---|---|---|
| IP 地址 | 服务器日志 | 安全防护、大致地理定位 | 合法利益 |
| 设备信息 | 浏览器标识 | 网站兼容性优化 | 合法利益 |
| 浏览行为 | Cookie/分析工具 | 网站优化、用户体验改善 | 同意(通过 Cookie) |
| 推荐来源 | HTTP Referrer | 营销效果分析 | 合法利益 |
| 购买历史 | 订单系统 | 个性化推荐、售后服务 | 合同履行/合法利益 |
3.3 AI 虚拟试穿功能数据(未来功能)🔬
⚠️ 此功能尚在规划阶段。上线前将发布单独的数据处理补充条款并征求您的明确单独同意。
| 数据类型 | 处理方式 | 存储时长 | 特别保障 |
|---|---|---|---|
| 上传的照片/图像 | 仅用于生成试穿效果 | 处理完成后 1 小时内自动删除 | 端到端加密传输 |
| 面部/身体特征数据 | 临时数字化处理,不提取可识别特征 | 实时处理,不存储 | 在隔离沙盒环境中处理 |
| 试穿效果图 | 仅展示给用户本人 | 会话结束后 24 小时内删除 | 不与第三方共享 |
AI 试穿功能的法律合规承诺:
- 明确同意: 每次使用试穿功能前,均需您点击确认同意,您可随时撤回
- 目的限制: 照片数据仅用于生成虚拟试穿效果,绝不用于 AI 模型训练、广告定向或任何其他目的
- 最小化处理: 不提取、不存储面部生物特征模板;不进行面部识别或身份关联
- 无第三方共享: 照片和处理结果不与任何第三方共享(包括供应商、广告商、关联公司)
- PDPA 合规: 2024 年修正案将生物识别数据纳入敏感个人数据,我们严格遵守更高的保护标准
- GDPR 合规: 对于欧盟用户,面部数据属于 GDPR 第 9 条特殊类别数据,我们以明确同意为处理基础,并已完成数据保护影响评估(DPIA)
- 数据保护影响评估(DPIA): 上线前将完成并记录完整的 DPIA
4. 数据使用目的
| 使用目的 | 涉及数据 | 法律依据 | 您的选择权 |
|---|---|---|---|
| 订单处理与配送 | 姓名、地址、电话、支付信息 | 合同履行 | 必要,不可选退 |
| 客户服务 | 姓名、联系方式、沟通记录 | 合同履行/合法利益 | 必要,不可选退 |
| 账户管理 | 注册信息 | 合同履行 | 可注销账户 |
| 营销通讯 | 邮箱、姓名 | 明确同意 | ✅ 可随时退订 |
| 个性化推荐 | 浏览历史、购买记录 | 合法利益/同意 | ✅ 可关闭推荐 |
| 网站分析优化 | 匿名化浏览数据 | 同意(Cookie) | ✅ 可通过 Cookie 设置管理 |
| 安全与反欺诈 | IP、设备信息、交易模式 | 合法利益/法律义务 | 必要,不可选退 |
| 法律合规 | 交易记录、税务信息 | 法律义务 | 必要,不可选退 |
| AI 虚拟试穿 | 照片、面部特征数据 | 明确单独同意 | ✅ 可随时撤回 |
| 联盟营销管理 | 推荐链接、佣金记录 | 合同履行/合法利益 | 适用于联盟伙伴 |
5. 第三方数据共享
我们不会出售您的个人数据。以下情况下,我们可能与第三方共享必要数据:
| 第三方 | 类型 | 共享数据 | 共享目的 | 数据存储地 |
|---|---|---|---|---|
| Shopify | 电商平台 | 订单、账户、浏览数据 | 网站托管和运营 | 加拿大/美国 |
| Stripe | 支付网关 | 交易信息(由 Stripe 直接处理) | 安全支付处理 | 全球(PCI-DSS 合规) |
| CJ Dropshipping | 供应链 | 姓名、电话、收货地址 | 订单履行和配送 | 中国 |
| DSers | 订单管理 | 订单数据 | Dropship 订单同步 | 中国/美国 |
| Google Analytics | 数据分析 | 匿名化浏览行为(通过 Cookie) | 网站流量分析 | 美国 |
| GoAffPro | 联盟营销 | 推荐链接数据、订单佣金数据 | 联盟计划管理 | 美国 |
| 邮件服务商 | 营销工具 | 邮箱、姓名(经同意) | 发送营销邮件 | 美国 |
| 物流服务商 | 配送 | 姓名、电话、收货地址 | 包裹配送 | 多国 |
| 政府/执法机构 | 法律要求 | 依法律要求的必要数据 | 法律合规 | 马来西亚 |
跨境数据传输保障:
根据 PDPA 2024 修正案,跨境数据传输需确保接收方提供"实质相似"的数据保护水平。我们通过以下方式保障您的数据安全:
- 与所有第三方签订 数据处理协议(DPA)
- 要求第三方遵守 与 PDPA 同等或更高 的数据保护标准
- 对于欧盟用户,采用 标准合同条款(SCCs) 作为跨境传输的合规机制
- 定期审计第三方的数据安全措施
6. Cookie 政策
6.1 我们使用的 Cookie 类型
| Cookie 类型 | 用途 | 存续时间 | 可否关闭 |
|---|---|---|---|
| 必要性 Cookie | 购物车、用户登录、安全防护、CSRF 保护 | 会话/最长 1 年 | ❌ 不可关闭 |
| 功能性 Cookie | 语言偏好、最近浏览、收货地址记忆 | 最长 1 年 | ✅ 可关闭 |
| 分析性 Cookie | Google Analytics 流量分析、热图追踪 | 26 个月 | ✅ 可关闭 |
| 营销 Cookie | 社交媒体插件、再营销广告追踪 | 最长 2 年 | ✅ 可关闭 |
6.2 具体 Cookie 清单
| Cookie 名称 | 提供方 | 类型 | 存续时间 | 目的 |
|---|---|---|---|---|
_shopify_s |
Shopify | 必要 | 30 分钟 | 会话管理 |
_shopify_y |
Shopify | 必要 | 1 年 | 用户识别 |
cart |
Shopify | 必要 | 2 周 | 购物车数据 |
_ga |
分析 | 2 年 | Google Analytics 用户区分 | |
_gid |
分析 | 24 小时 | Google Analytics 用户区分 | |
_fbp |
Meta/Facebook | 营销 | 3 个月 | Facebook 广告追踪 |
6.3 Cookie 管理
- 首次访问: 您将看到 Cookie 同意横幅,可选择接受或拒绝非必要 Cookie
- 随时管理: 通过网站底部的"Cookie 设置"链接随时更改偏好
- 浏览器设置: 您也可以通过浏览器设置管理或删除 Cookie
- Google Analytics 退出: 可安装 Google Analytics Opt-out Browser Add-on
7. 数据保留期限
| 数据类型 | 保留期限 | 说明 |
|---|---|---|
| 账户注册数据 | 账户存续期间 + 注销后 12 个月 | 12 个月后永久删除 |
| 订单和交易数据 | 订单完成后 7 年 | 马来西亚税务法要求 |
| 支付卡信息 | 不存储 | 由 Stripe 等 PCI-DSS 合规网关处理 |
| 客服沟通记录 | 3 年 | 用于服务质量审查和争议解决 |
| 营销偏好数据 | 直至您 撤回同意 | 撤回后 30 天内删除 |
| 网站分析数据 | 匿名化后 26 个月 | Google Analytics 默认保留期 |
| 服务器日志(含 IP) | 90 天 | 安全监控后自动清除 |
| AI 试穿照片 | 处理后 1 小时内 | 自动删除,不进行长期存储 |
| AI 试穿效果图 | 会话结束后 24 小时内 | 自动删除 |
| Cookie 数据 | 视 Cookie 类型:30 分钟至 2 年 | 用户可随时清除 |
| 联盟营销数据 | 联盟关系存续期间 + 2 年 | 佣金结算和审计需要 |
🗑️ 数据删除: 超过保留期限的数据将被安全删除或不可逆匿名化。您可随时请求删除您的个人数据(法律要求保留的除外)。
8. 您的权利
根据马来西亚 PDPA 及 2024 年修正案,您享有以下权利:
| 权利 | 说明 | 如何行使 |
|---|---|---|
| 访问权 | 请求访问我们持有的您的个人数据 | 邮件至 privacy@morelove.me |
| 更正权 | 要求更正不准确或不完整的数据 | 账户设置或邮件请求 |
| 撤回同意权 | 随时撤回您对数据处理的同意 | 退订链接或邮件请求 |
| 限制处理权 | 要求限制对您数据的特定处理 | 邮件至 privacy@morelove.me |
| 删除权 | 要求删除您的个人数据 | 邮件至 privacy@morelove.me |
| 数据可携带权 ✨ | 要求将您的数据转移至另一服务商(2024 修正案新增) | 邮件至 privacy@morelove.me |
| 反对自动化决策权 | 反对仅基于自动化处理做出的对您产生重大影响的决策 | 邮件至 privacy@morelove.me |
| 投诉权 | 向马来西亚个人数据保护专员公署投诉 | 见下方投诉途径 |
行使权利的流程:
- 发送邮件至 privacy@morelove.me,说明您要行使的权利
- 我们可能需要验证您的身份(防止未授权访问)
- 我们将在 21 个工作日内 回复您的请求
- 对于复杂请求,可能需要额外时间,但我们会及时告知进展
对于欧盟/欧洲经济区用户的额外权利(GDPR):
- 被遗忘权(Right to Erasure): 在特定条件下请求删除个人数据
- 数据可携带权: 以结构化、常用、机器可读的格式接收数据
- 向监管机构投诉的权利: 您有权向所在国的数据保护监管机构投诉
9. 未成年人保护
- 我们的服务面向 18 岁及以上 的用户
- 我们不会故意收集 18 岁以下未成年人的个人数据
- 如我们发现意外收集了未成年人的数据,将立即删除
- 如果您是家长/监护人,发现您的未成年子女向我们提供了个人数据,请立即联系 privacy@morelove.me,我们将在 48 小时内 采取删除措施
- 对于 AI 试穿功能,我们将实施年龄验证机制,禁止未成年人使用
10. 数据安全措施
我们采取多层次安全措施保护您的个人数据:
技术措施:
- 🔒 全站 SSL/TLS 加密(HTTPS)传输所有数据
- 支付信息由 PCI-DSS Level 1 合规 的第三方支付网关(Stripe)处理
- 密码以 bcrypt 单向哈希 存储,无法被反向解密
- 数据库访问采用 最小权限原则 和 加密存储
- AI 试穿功能的照片数据采用 端到端加密,在 隔离沙盒环境 中处理
管理措施:
- 员工签署 保密协议 并接受数据保护培训
- 数据访问权限严格控制,仅授权人员可访问
- 定期进行安全审计和漏洞扫描
- 数据泄露应急响应计划已建立并定期演练
数据泄露通知(2024 修正案要求):
- 如发生数据泄露,我们将 尽快 通知马来西亚个人数据保护专员
- 如泄露可能对您造成严重影响,我们也会及时通知您
- 通知内容包括:泄露性质、影响范围、已采取的补救措施
11. 政策变更通知机制
- 我们可能不时更新本隐私政策
- 重大变更: 通过网站横幅公告 + 注册邮箱邮件通知,提前 30 天 告知
- 非重大变更: 更新网站上的政策页面和"最后更新"日期
- 重大变更包括:数据收集范围扩大、新增第三方数据共享、更改数据保留期限等
- 变更生效后继续使用我们的服务,即视为您接受更新后的政策
- 如您不同意更新后的政策,可联系我们注销账户并删除数据
12. 投诉途径
如果您对我们的数据处理方式有疑虑或投诉:
第一步:联系我们
- 📧 邮箱:privacy@morelove.me
- 响应时间:21 个工作日内
第二步:向监管机构投诉
- 马来西亚个人数据保护专员公署(JPDP / PDPC)
- 地址:Level 8, Galeria PjH, Jalan P4W, Persiaran Perdana, Precinct 4, Federal Government Administration Centre, 62100 Putrajaya, Malaysia
- 电话:03-8000 8000(MyGCC)/ 03-7456 3888(JPDP 热线)
- 邮箱:aduan@pdp.gov.my
- 网站:https://www.pdp.gov.my
第三步(适用于欧盟用户):向所在国数据保护监管机构投诉
13. 联系我们
如有任何隐私相关问题或请求:
| 渠道 | 信息 |
|---|---|
| 隐私事务邮箱 | privacy@morelove.me |
| 客服邮箱 | support@morelove.me |
| [待设置] | |
| 网站 | morelove.me |
| 邮寄地址 | [马来西亚公司注册后补充] |
English Version
1. Introduction & Data Controller Identity
morelove.me ("we," "us," "our," or "MoreLove") is committed to protecting the privacy of your personal data. This Privacy Policy is established in accordance with:
- Malaysian Personal Data Protection Act 2010 (PDPA, Act 709) and its 2024 Amendment
- Malaysian Consumer Protection (Electronic Trade Transaction) Regulations 2024
- EU General Data Protection Regulation (GDPR) references (applicable to EU/EEA users)
Data Controller Information:
| Item | Details |
|---|---|
| Company Name | MoreLove (morelove.me) |
| Registered Address | [To be updated upon company registration in Malaysia] |
| Data Protection Email | privacy@morelove.me |
| Customer Service WhatsApp | [To be set up] |
| Privacy Request Response Time | Within 21 business days of receiving your request |
By using our website and services, you acknowledge and agree to the data processing practices described in this policy. For specific data processing activities (such as AI virtual try-on), we will seek your separate explicit consent at the point of use.
2. PDPA Seven Principles Compliance
This policy strictly adheres to the seven personal data protection principles under Malaysia's PDPA:
| Principle | Our Commitment |
|---|---|
| ① General Principle | We will not process your personal data without your consent; processing purposes are lawful and specific |
| ② Notice & Choice Principle | We inform you of collection purposes before gathering data and provide you with choices |
| ③ Disclosure Principle | Data is only disclosed to third parties within the scope stated in this policy |
| ④ Security Principle | Technical and administrative measures are implemented to prevent data breaches, tampering, or unauthorized access |
| ⑤ Retention Principle | Data is not retained beyond the period necessary to fulfil its purpose |
| ⑥ Data Integrity Principle | We ensure data is accurate, complete, not misleading, and kept up to date |
| ⑦ Access Principle | You have the right to access and correct personal data we hold about you |
📋 2024 Amendment Updates: Mandatory data breach notification, mandatory Data Protection Officer (DPO) appointment, right to data portability, biometric data classified as sensitive personal data, maximum penalties increased to RM 1,000,000.
3. Data We Collect
3.1 Data You Provide
| Data Type | Collection Context | Purpose | Legal Basis |
|---|---|---|---|
| Name | Registration/Purchase | Order processing, identity verification | Contract performance |
| Phone Number | Registration/Purchase | Order notifications, customer service | Contract performance |
| Email Address | Registration/Purchase/Subscribe | Order confirmation, marketing (with consent) | Contract/Consent |
| Shipping Address | Purchase | Order delivery | Contract performance |
| Billing Address | Purchase | Payment processing, fraud prevention | Contract/Legal obligation |
| Payment Information | Checkout | Payment processing (via third-party gateway) | Contract performance |
| Account Password | Registration | Account security (only encrypted hash stored) | Contract performance |
| Customer Service Records | Enquiries/Complaints | Service quality assurance, dispute resolution | Legitimate interest |
| Product Reviews | Voluntary submission | Help other customers make informed decisions | Consent |
3.2 Data Collected Automatically
| Data Type | Collection Method | Purpose | Legal Basis |
|---|---|---|---|
| IP Address | Server logs | Security, approximate geolocation | Legitimate interest |
| Device Information | Browser identification | Website compatibility optimization | Legitimate interest |
| Browsing Behavior | Cookies/Analytics | Website optimization, UX improvement | Consent (via cookies) |
| Referral Source | HTTP Referrer | Marketing effectiveness analysis | Legitimate interest |
| Purchase History | Order system | Personalized recommendations, after-sales service | Contract/Legitimate interest |
3.3 AI Virtual Try-On Data (Future Feature) 🔬
⚠️ This feature is currently in the planning stage. A separate Data Processing Addendum will be published and your explicit, separate consent will be obtained before launch.
| Data Type | Processing Method | Retention Period | Special Safeguards |
|---|---|---|---|
| Uploaded photos/images | Used solely to generate try-on results | Automatically deleted within 1 hour of processing | End-to-end encrypted transmission |
| Facial/body feature data | Temporary digital processing, no identifiable features extracted | Real-time processing only, not stored | Processed in an isolated sandbox environment |
| Try-on result images | Displayed only to the user | Deleted within 24 hours after session ends | Not shared with any third party |
AI Try-On Legal Compliance Commitments:
- Explicit Consent: Requires your click-to-confirm consent before each use; you may withdraw consent at any time
- Purpose Limitation: Photo data is used solely for generating virtual try-on results—never for AI model training, ad targeting, or any other purpose
- Data Minimization: No facial biometric templates are extracted or stored; no facial recognition or identity matching is performed
- No Third-Party Sharing: Photos and results are not shared with any third party (including suppliers, advertisers, or affiliates)
- PDPA Compliance: The 2024 Amendment classifies biometric data as sensitive personal data; we adhere to the higher protection standards
- GDPR Compliance: For EU users, facial data falls under GDPR Article 9 special category data; we use explicit consent as the processing basis and have completed a Data Protection Impact Assessment (DPIA)
- DPIA: A full Data Protection Impact Assessment will be completed and documented before launch
4. How We Use Your Data
| Purpose | Data Involved | Legal Basis | Your Choice |
|---|---|---|---|
| Order Processing & Delivery | Name, address, phone, payment info | Contract performance | Required, cannot opt out |
| Customer Service | Name, contact details, communications | Contract/Legitimate interest | Required, cannot opt out |
| Account Management | Registration details | Contract performance | May delete account |
| Marketing Communications | Email, name | Explicit consent | ✅ May unsubscribe anytime |
| Personalized Recommendations | Browsing/purchase history | Legitimate interest/Consent | ✅ May disable recommendations |
| Website Analytics | Anonymized browsing data | Consent (cookies) | ✅ Manageable via cookie settings |
| Security & Anti-Fraud | IP, device info, transaction patterns | Legitimate interest/Legal obligation | Required, cannot opt out |
| Legal Compliance | Transaction records, tax information | Legal obligation | Required, cannot opt out |
| AI Virtual Try-On | Photos, facial feature data | Explicit separate consent | ✅ May withdraw anytime |
| Affiliate Program Management | Referral links, commission records | Contract/Legitimate interest | Applies to affiliate partners |
5. Third-Party Data Sharing
We do not sell your personal data. We may share necessary data with third parties in the following circumstances:
| Third Party | Type | Data Shared | Purpose | Data Location |
|---|---|---|---|---|
| Shopify | E-commerce platform | Orders, accounts, browsing data | Website hosting & operations | Canada/USA |
| Stripe | Payment gateway | Transaction info (processed directly by Stripe) | Secure payment processing | Global (PCI-DSS compliant) |
| CJ Dropshipping | Supply chain | Name, phone, shipping address | Order fulfillment & delivery | China |
| DSers | Order management | Order data | Dropship order sync | China/USA |
| Google Analytics | Data analytics | Anonymized browsing behavior (via cookies) | Website traffic analysis | USA |
| GoAffPro | Affiliate marketing | Referral link data, order commission data | Affiliate program management | USA |
| Email Service Provider | Marketing tool | Email, name (with consent) | Marketing emails | USA |
| Logistics Providers | Delivery | Name, phone, shipping address | Package delivery | Multiple countries |
| Government/Law Enforcement | Legal requirement | Data required by law | Legal compliance | Malaysia |
Cross-Border Data Transfer Safeguards:
Under the PDPA 2024 Amendment, cross-border data transfers must ensure the recipient provides "substantially similar" data protection. We safeguard your data through:
- Signing Data Processing Agreements (DPAs) with all third parties
- Requiring third parties to comply with data protection standards equivalent to or higher than the PDPA
- For EU users, implementing Standard Contractual Clauses (SCCs) as the cross-border transfer compliance mechanism
- Regular auditing of third-party data security measures
6. Cookie Policy
6.1 Types of Cookies We Use
| Cookie Type | Purpose | Duration | Can Be Disabled? |
|---|---|---|---|
| Essential Cookies | Shopping cart, login, security, CSRF protection | Session / up to 1 year | ❌ Cannot be disabled |
| Functional Cookies | Language preferences, recently viewed, saved addresses | Up to 1 year | ✅ Can be disabled |
| Analytics Cookies | Google Analytics traffic analysis, heatmap tracking | 26 months | ✅ Can be disabled |
| Marketing Cookies | Social media plugins, remarketing ad tracking | Up to 2 years | ✅ Can be disabled |
6.2 Specific Cookie List
| Cookie Name | Provider | Type | Duration | Purpose |
|---|---|---|---|---|
_shopify_s |
Shopify | Essential | 30 minutes | Session management |
_shopify_y |
Shopify | Essential | 1 year | User identification |
cart |
Shopify | Essential | 2 weeks | Shopping cart data |
_ga |
Analytics | 2 years | Google Analytics user differentiation | |
_gid |
Analytics | 24 hours | Google Analytics user differentiation | |
_fbp |
Meta/Facebook | Marketing | 3 months | Facebook ad tracking |
6.3 Cookie Management
- First Visit: You'll see a cookie consent banner where you can accept or decline non-essential cookies
- Anytime Management: Change your preferences via the "Cookie Settings" link in the website footer
- Browser Settings: You may also manage or delete cookies through your browser settings
- Google Analytics Opt-out: Install the Google Analytics Opt-out Browser Add-on
7. Data Retention Periods
| Data Type | Retention Period | Notes |
|---|---|---|
| Account Registration Data | Account active period + 12 months after deletion | Permanently deleted after 12 months |
| Order & Transaction Data | 7 years from order completion | Required by Malaysian tax law |
| Payment Card Information | Not stored | Processed by PCI-DSS compliant gateways (Stripe) |
| Customer Service Records | 3 years | For service quality review and dispute resolution |
| Marketing Preference Data | Until you withdraw consent | Deleted within 30 days of withdrawal |
| Website Analytics Data | 26 months after anonymization | Google Analytics default retention period |
| Server Logs (incl. IP) | 90 days | Auto-purged after security monitoring |
| AI Try-On Photos | Within 1 hour after processing | Automatically deleted, no long-term storage |
| AI Try-On Result Images | Within 24 hours after session ends | Automatically deleted |
| Cookie Data | Varies: 30 minutes to 2 years | Users may clear at any time |
| Affiliate Marketing Data | Affiliate relationship period + 2 years | Required for commission settlement and audit |
🗑️ Data Deletion: Data exceeding retention periods is securely deleted or irreversibly anonymized. You may request deletion of your personal data at any time (except data required by law).
8. Your Rights
Under the Malaysian PDPA and its 2024 Amendment, you have the following rights:
| Right | Description | How to Exercise |
|---|---|---|
| Right of Access | Request access to personal data we hold about you | Email privacy@morelove.me |
| Right of Correction | Request correction of inaccurate or incomplete data | Account settings or email request |
| Right to Withdraw Consent | Withdraw consent to data processing at any time | Unsubscribe link or email request |
| Right to Restrict Processing | Request restriction of specific data processing | Email privacy@morelove.me |
| Right to Deletion | Request deletion of your personal data | Email privacy@morelove.me |
| Right to Data Portability ✨ | Request transfer of your data to another provider (new under 2024 Amendment) | Email privacy@morelove.me |
| Right to Object to Automated Decisions | Object to decisions made solely by automated processing with significant impact | Email privacy@morelove.me |
| Right to Complain | File a complaint with the Malaysian PDPC | See complaint channels below |
Process for Exercising Your Rights:
- Send an email to privacy@morelove.me specifying the right you wish to exercise
- We may need to verify your identity (to prevent unauthorized access)
- We will respond within 21 business days
- Complex requests may require additional time; we will keep you informed of progress
Additional Rights for EU/EEA Users (GDPR):
- Right to Erasure ("Right to be Forgotten"): Request deletion of personal data under specific conditions
- Data Portability: Receive your data in a structured, commonly used, machine-readable format
- Right to Lodge a Complaint: You have the right to complain to the data protection supervisory authority in your country
9. Protection of Minors
- Our services are intended for users aged 18 and above
- We do not knowingly collect personal data from anyone under 18
- If we discover we have inadvertently collected data from a minor, we will delete it immediately
- If you are a parent/guardian who discovers your minor child has provided personal data to us, please contact privacy@morelove.me immediately — we will take deletion measures within 48 hours
- For the AI virtual try-on feature, we will implement age verification mechanisms to prevent use by minors
10. Data Security Measures
We implement multi-layered security measures to protect your personal data:
Technical Measures:
- 🔒 Full-site SSL/TLS encryption (HTTPS) for all data in transit
- Payment information processed by PCI-DSS Level 1 compliant third-party gateways (Stripe)
- Passwords stored using bcrypt one-way hashing (cannot be reversed)
- Database access follows least privilege principle with encrypted storage
- AI try-on photo data uses end-to-end encryption, processed in isolated sandbox environments
Administrative Measures:
- Employees sign confidentiality agreements and receive data protection training
- Data access is strictly controlled; only authorized personnel may access data
- Regular security audits and vulnerability scanning
- Data breach emergency response plan established and regularly tested
Data Breach Notification (2024 Amendment Requirement):
- In the event of a data breach, we will notify the Malaysian PDPC as soon as practicable
- If the breach is likely to cause serious harm to you, we will also notify you promptly
- Notification will include: nature of the breach, scope of impact, and remedial measures taken
11. Policy Change Notification
- We may update this Privacy Policy from time to time
- Material Changes: Notified via website banner + email to registered accounts, 30 days in advance
- Non-Material Changes: Updated policy page and "Last Updated" date on our website
- Material changes include: expanded data collection scope, new third-party data sharing, changes to data retention periods
- Continued use of our services after changes take effect constitutes acceptance of the updated policy
- If you disagree with the updated policy, you may contact us to delete your account and data
12. Complaint Channels
If you have concerns or complaints about our data processing practices:
Step 1: Contact Us
- 📧 Email: privacy@morelove.me
- Response time: Within 21 business days
Step 2: Complain to Regulatory Authority
- Malaysian Personal Data Protection Commissioner (JPDP / PDPC)
- Address: Level 8, Galeria PjH, Jalan P4W, Persiaran Perdana, Precinct 4, Federal Government Administration Centre, 62100 Putrajaya, Malaysia
- Phone: 03-8000 8000 (MyGCC) / 03-7456 3888 (JPDP Hotline)
- Email: aduan@pdp.gov.my
- Website: https://www.pdp.gov.my
Step 3 (For EU Users): Complain to your national Data Protection Supervisory Authority
13. Contact Us
For any privacy-related questions or requests:
| Channel | Details |
|---|---|
| Privacy Matters | privacy@morelove.me |
| Customer Service | support@morelove.me |
| [To be set up] | |
| Website | morelove.me |
| Mailing Address | [To be updated upon company registration in Malaysia] |
本政策同时提供中文和英文版本。如两个版本之间存在不一致,以英文版本为准。
This policy is provided in both Chinese and English. In the event of any inconsistency between the two versions, the English version shall prevail.
MoreLove.me | 版本 2.0 | 最后更新 2026-04-01