Data deletion instructions

SheaXpress Data Deletion Instructions

Purpose: This page outlines how customers, subscribers, and app users can request deletion of their personal data collected by SheaXpress through our website, ecommerce store, and integrated apps.

Scope: Applies to data we control directly (e.g., Shopify orders and accounts, newsletter sign-ups, customer service records) and, where applicable, data shared with integrated processors (e.g., e-commerce, email marketing, analytics, and social/ads platforms).

Last updated: October 15, 2025

1) How to Submit a Data Deletion Request

Choose one of the following channels. Using the web form is fastest.

Option A: Web Form (Preferred)
Submit a request via our Privacy Request Form.

Option B: Email
Email privacy@sheaexpress.com with subject line “Data Deletion Request” and include:

  • Full name
  • Email address used with SheaXpress
  • Phone number (if on file)
  • Country/State of residence
  • Shopify account email (if different)
  • Order number(s), if known
  • A clear statement: “I am requesting deletion of my personal data.”

Option C: In-App (if you used a SheaXpress app/integration to sign in)
From your logged-in session select Account → Privacy → Delete My Data, or if not available, use Option A or B.

If you are submitting on behalf of someone else (authorized agent), attach proof of authorization.

2) Identity Verification

To protect your data, we verify requests. We may:

  • Validate the request via a link sent to the email on file;
  • Request two pieces of information we already hold (e.g., last order number and shipping ZIP/postal code);
  • For agent requests, require signed authorization and government-issued ID (redact sensitive numbers).

If we cannot verify identity within 15 days, we will notify you and close the request until verification is completed.

3) What We Delete

Upon a verified, eligible request, we will delete or irreversibly de-identify:

  • Customer account data: profile details, saved addresses, wish lists.
  • Marketing data: newsletter subscriptions, campaign engagement profiles.
  • Support interactions: emails, chats, tickets (unless needed for legal reasons);
  • App data: tokens and identifiers tied to SheaXpress apps/integrations.

Typical Systems Impacted

  • Ecommerce platform (e.g., Shopify customer profile and related artifacts);
  • Email/SMS marketing platforms (e.g., subscriber profile and engagement history);
  • CRM/help desk.
  • First-party analytics tied to your identifiers.
  • Social/ads custom audiences we control (we remove your identifiers from our lists).

4) What We May Retain (Legal/Operational Exceptions)

We may retain limited records as permitted or required by law, including:

  • Transaction records needed for tax, accounting, auditing, chargeback, fraud prevention, and security.
  • Records required to honor warranties, product safety, recalls, or regulatory obligations.
  • Aggregated or de-identified data that does not identify you.

Retention in these categories follows statutory periods (for example, typical tax records for 7 years in many jurisdictions). These records are access-restricted and not used for marketing.

5) Timelines and Notifications

  • Acknowledgment: within 5 business days.
  • Completion: within 30 days of verification; extensions up to 60–90 days may apply for complex, multi-system requests.
  • We will provide completion confirmation or an explanation if an exception applies.

6) Integrated Processors and Third Parties

SheaXpress uses reputable processors to operate our store and communications. When your deletion request is completed in our systems, we also propagate deletion or suppression to integrated processors where SheaXpress is the controller and where deletion is technically and contractually supported.

Examples of processor categories:

  • Ecommerce/Payments: online store, checkout, and payment gateways.
  • Marketing/CRM: email/SMS platforms, customer service tools.
  • Analytics/Ads: measurement tools, custom audience lists we upload.
  • Logistics: fulfillment and shipping platforms.

Note: If you created accounts directly with a third party (e.g., a social network or payment provider), you must submit deletion requests to those providers separately per their policies. We will remove any tokens/links we hold.

7) Regional Privacy Rights

We honor applicable privacy laws, including:

  • GDPR/UK GDPR (EEA/UK residents): Right of access, deletion, restriction, portability, and objection to processing/marketing.
  • CCPA/CPRA (California residents): Right to know, delete, correct, and opt out of sale/share of personal information.
  • Other state or national frameworks as applicable (e.g., Colorado, Virginia).

To exercise these rights, use the channels in Section 1. For California “Do Not Sell or Share” requests, refer to our Privacy Policy.

8) Appeals Process (Where required)

If you believe your request was improperly denied or partially fulfilled, you may submit an appeal within 30 days of our response by emailing privacy@sheaexpress.com with subject “Privacy Appeal” and your case reference ID. We will review and respond within 45 days.

9) Data Deletion for Facebook/Instagram/TikTok App Logins

If you used a SheaXpress app or social login:

  1. Revoke SheaXpress access in your social account settings.
  2. Submit a SheaXpress deletion request (Section 1) so we remove related tokens/identifiers and app-stored data.
  3. For any data the social platform controls, submit a request directly to that platform.

10) Business Customer or Partner Requests

If you are a merchant, salon, wholesaler, or partner and need deletion for a user or test account in a sandbox or integration:

  • Email privacy@sheaexpress.com with “B2B Data Deletion” in the subject.
  • Include the environment (production/sandbox), organization name, and unique IDs.

11) Contact

SheaXpress Privacy Office
Email: privacy@sheaexpress.com
Mailing: SheaXpress, 2032 Downshire Court, Waldorf Maryland 20603, United States
If unresolved, you may contact your local supervisory authority or state attorney general, as applicable.

12) Developer Callback (Optional)

If your integration requires a confirmation for compliance audits, include a callback URL in your request. We can return a signed JSON confirmation with request ID, timestamp, scope, and completion status once processing is finalized.

{
  "request_id": "SX-DEL-2025-000123",
  "status": "completed",
  "completed_at": "2025-10-28T14:32:07Z",
  "scope": ["customer_profile", "marketing_profile", "app_tokens"],
  "exceptions": []
}

Summary

  • Use the Privacy Request Form or email privacy@sheaexpress.com.
  • We verify identity, then delete or deidentify eligible data across our systems and integrated processors.
  • Legal exceptions apply for security, fraud, tax, warranty, and compliance.
  • Standard completion target: 30 days after verification.