Privacy Policy

Introduction

OculiRX ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our vision testing services. As a healthcare technology company, we comply with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable privacy laws.

Information We Collect

Personal Information

• Name and contact information (email, phone, address)
• Date of birth and age
• Payment information (processed securely through Stripe)
• Account credentials

Protected Health Information (PHI)

• Vision test results and acuity measurements
• Video recordings of your exam session (for doctor review and quality assurance)
• Prescription history
• Medical questionnaire responses (existing conditions, medications)
• Doctor notes and clinical assessments

Technical Information

• Device information (browser, screen size, camera resolution)
• IP address and general location
• Session data (distance tracking, anti-cheat metrics, timestamps)
• Cookies and usage analytics

How We Use Your Information

• To provide and improve our vision testing services
• To enable licensed eye care professionals to review your exam
• To issue and deliver your prescription
• To communicate with you about your exam and results
• To process payments
• To comply with legal and regulatory requirements
• To maintain the security and integrity of our platform
• To improve our technology and develop new features (using de-identified data)

How We Share Your Information

We do not sell your personal or health information. We may share your information with:

• Licensed Healthcare Providers: Optometrists and ophthalmologists who review your exam and issue prescriptions
• Service Providers: Cloud hosting (AWS), payment processing (Stripe), email services, and other vendors who help us operate our platform
• Your Eye Care Practice: If you were referred by or are connected to a specific practice
• Legal Requirements: When required by law, subpoena, or to protect our rights

Data Security

We implement robust security measures to protect your information:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• HIPAA-compliant cloud infrastructure
• Regular security audits and penetration testing
• Role-based access controls
• Audit logging of all data access
• Employee training on privacy and security

Data Retention

We retain your health records for at least 7 years as required by healthcare regulations. Video recordings are retained for 3 years for quality assurance purposes. You may request deletion of your account, but we must retain certain records as required by law.

Your Rights

You have the right to:

• Access your personal and health information
• Request correction of inaccurate information
• Request a copy of your records
• Know who has accessed your health information
• Request restrictions on certain uses of your information
• Opt out of marketing communications (though we send very few)

California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to delete personal information, and the right to opt out of the sale of personal information. Note: We do not sell personal information.

Children's Privacy

Our services are intended for adults aged 18-65. We do not knowingly collect information from children under 18. If you believe we have collected information from a minor, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us at: