Privacy Policy for Luke App

1. Introduction

Luke App (“we”, “our app”) uses the Facebook Graph API exclusively to retrieve aggregate rating data (total star rating, number of ratings) from Facebook Pages you manage. We do not collect or store review text or reviewer names.
This policy explains what data we collect, how we use it, your rights, and how to contact us.

2. Controller Information

App name: Luke App
Developer / Operator email: lucdkny@gmail.com

3. Data Collected

a. From Facebook API

  • Your Page ID and Page Access Token (only for Pages you administer)
  • Aggregate rating data: average star rating and number of reviews (via Graph API endpoints such as fields=overall_star_rating and rating_count)
  • Metadata needed for authentication (e.g. OAuth token timestamps, token scopes)

No personal data—such as reviewer names, review text, user profiles, IDs—is collected.

b. Additional data

  • Basic usage logs (timestamps, IP addresses for debugging) — stored in encrypted format and deleted after 90 days.
    We do not collect tracking cookies, email addresses (except your developer email listed above), or analytics unless you explicitly enable them.

4. Purpose of Use

Data is used solely to display aggregate review metrics (average rating and total count) on your internal dashboard. We do not use data for advertising, profiling, or sharing with third parties.

5. Data Sharing and Disclosure

  • We do not sell or rent your data.
  • We do not share your tokens or rating data with third parties.
  • Data is only accessible to you (the admin) and to team members explicitly added in Facebook App Dashboard under Roles (e.g. administrators, developers, testers).

6. Data Retention and Deletion

  • Page Access Tokens: Stored for no longer than 90 days. You can request immediate deletion at any time.
  • Aggregate Rating Data: Stored for up to 90 days for caching and performance, then refreshed or deleted.
  • Logs: Encrypted and auto-deleted after 90 days.

If you request deletion of “all user‑related data”, we will confirm in writing within 30 days that the tokens and logs have been removed.

7. Your Rights (GDPR, CCPA, etc.)

You have the right to:

  • Access your data
  • Withdraw consent and request deletion
  • Request changes or export
    To exercise these rights, contact us at lucdkny@gmail.com. We will respond within 30 days.

8. Children

Luke App is not intended for children under 16. We do not knowingly collect any data from minors.

9. Security

We use standard industry security measures: HTTPS encryption, token encryption at rest, minimal access token scope, and secure server configuration. We regularly audit access and review logs for anomalies.

10. Third‑Party Links

Our app does not contain links to third-party websites. If third-party links are introduced later, they will be clearly indicated and subject to our review. We are not responsible for the privacy practices of external sites.

11. Changes to This Policy

Last updated: August 2, 2025
We reserve the right to modify this policy. If we make material changes, we will notify you via email at least 30 days before they become effective.

12. Contact Us

If you have any questions or wish to request data, corrections, or deletions, please contact:
Email: lucdkny@gmail.com

Thank you for trusting Luke App.