Privacy Policy
Last updated: June 21, 2026
GenericContacts.com ("we," "our," "us") is committed to protecting your privacy and the security of your personal and health information. This Privacy Policy explains how we collect, use, and safeguard your information.
1. Information We Collect
Account Information: Name, email address, and password when you create an account.
Order Information: Shipping address, order history, and payment information (processed securely by our payment processor — we do not store full card numbers).
Protected Health Information (PHI): Contact lens prescriptions, including your name, prescriber information, lens parameters (sphere, cylinder, axis, base curve, diameter), and prescription expiration date. This information is classified as PHI under HIPAA and is subject to additional protections.
Usage Data: IP address, browser type, pages visited, and other analytics data collected automatically.
2. How We Use Your Information
- Processing and fulfilling your contact lens orders
- Verifying your prescription with a licensed optician
- Sending order confirmations, shipping notifications, and account communications
- Improving our website and services
- Complying with legal obligations, including federal and state law
We do not sell your personal information or PHI to third parties.
3. Protected Health Information (PHI)
Your prescription information is PHI under the Health Insurance Portability and Accountability Act (HIPAA). We handle your PHI in accordance with HIPAA regulations and our Notice of Privacy Practices. Key protections include:
- Prescription files are encrypted in transit (TLS) and at rest (AES-256)
- PHI is stored on AWS S3 with a signed Business Associate Agreement (BAA)
- Access to PHI is limited to authorized staff on a need-to-know basis
- All staff PHI access is logged in a HIPAA audit trail
- PHI is retained for a minimum of 6 years as required by HIPAA
4. Sharing Your Information
We may share your information with:
- Service Providers: AWS (prescription storage), email providers, and payment processors who have signed appropriate data protection agreements
- Legal Requirements: When required by law, court order, or government authority
- Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to you)
We do not share your PHI with marketing companies, data brokers, or advertisers.
5. Cookies and Tracking
We use cookies to maintain your shopping cart, remember your login session, and analyze website traffic. We use Google Analytics to understand how visitors use our site. You can disable cookies in your browser settings, though some site features may not function properly.
6. Data Security
We implement industry-standard security measures including TLS encryption for all data transmission, AES-256 encryption for stored PHI, access controls and authentication, and regular security audits. However, no method of transmission over the internet is 100% secure.
7. Your Rights
You have the right to:
- Access the personal information we hold about you
- Request correction of inaccurate information
- Request deletion of your account and non-PHI data
- Opt out of marketing communications at any time
- Request a copy of your PHI (subject to HIPAA procedures)
To exercise these rights, contact us at privacy@genericcontacts.com.
8. Children's Privacy
Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children.
9. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes by posting the new policy on this page with an updated date.
10. Contact Us
Privacy questions or concerns:
Email: privacy@genericcontacts.com
For HIPAA-specific rights, see our Notice of Privacy Practices.