πŸ”’ HIPAA Secureβœ‰οΈ support@genericcontacts.com

Privacy Policy

Effective Date: January 1, 2024 Β· Last Updated: January 1, 2024

Contents
πŸ”’
HIPAA Notice
For prescription privacy, see our full HIPAA Notice.
View HIPAA Notice
Summary: We collect information you provide when you shop, create an account, or upload a prescription. We use it to fulfill your orders and improve our service. We do not sell your personal information. Your prescription data is protected health information (PHI) governed by our HIPAA Privacy Notice and encrypted with AES-256.

1. Overview

GenericContacts.com ("Company," "we," "us," or "our") operates as an online contact lens retailer. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website at www.genericcontacts.com (the "Site") or make a purchase from us.

This Policy applies to all users of the Site. If you are a resident of California, please also review Section 10 for your additional rights under the California Consumer Privacy Act (CCPA/CPRA).

Important: Prescription information you provide constitutes Protected Health Information (PHI) under HIPAA and is governed primarily by our HIPAA Privacy Notice. This Policy covers our broader data practices.

2. Information We Collect

Information You Provide Directly

CategoryExamples
Account DataName, email address, password (hashed), date of birth
Order DataShipping address, billing address, order history, product selections
Prescription Data (PHI)Contact lens prescription values, prescribing doctor information
Payment DataCredit/debit card info (tokenized via Stripe β€” we never store raw card numbers), FSA/HSA card details
CommunicationsMessages you send via contact form, live chat, or email support

Information Collected Automatically

CategoryDetails
Log DataIP address, browser type, pages visited, time and date, referring URL
Device DataDevice type, operating system, screen resolution
Cookies & PixelsSession cookies, analytics cookies, marketing pixels (see Section 5)
Shopping BehaviorItems viewed, cart contents, search queries on our Site

Information From Third Parties

We may receive limited information from payment processors (Stripe), shipping carriers, and analytics providers. We do not purchase personal data from data brokers.

3. How We Use Your Information

We use your information for the following purposes:

  • Order Fulfillment: Processing purchases, verifying prescriptions (as required by the Fairness to Contact Lens Consumers Act), shipping products, and managing returns.
  • Account Management: Creating and maintaining your account, authenticating logins, and managing your saved prescriptions and addresses.
  • Customer Support: Responding to questions, resolving disputes, and providing assistance with orders and prescriptions.
  • Communications: Sending order confirmations, shipping updates, and service notifications. With your consent, we may send promotional emails and SMS messages (opt-out available at any time).
  • Site Improvement: Analyzing usage patterns to improve navigation, product selection, and performance.
  • Fraud Prevention & Security: Detecting and preventing fraudulent transactions, unauthorized access, and other illegal activities.
  • Legal Compliance: Complying with applicable laws, regulations, court orders, and government requests.
  • Marketing: Showing you relevant products or offers β€” only with your consent where required by law.

We rely on one or more of the following legal bases: contract performance (order fulfillment), legal obligation, legitimate interests, or your consent.

4. Sharing Your Information

We do not sell your personal information. We share it only in the following circumstances:

  • Service Providers (Business Associates): We share information with trusted vendors who help us operate β€” including cloud hosting (AWS), payment processing (Stripe), shipping carriers (UPS, USPS, FedEx), email delivery, and customer support platforms. All vendors handling PHI sign Business Associate Agreements (BAAs) and are bound by HIPAA requirements.
  • Prescription Verification: We may share your name and prescription details with your prescribing eye care professional to verify the accuracy of your Rx, as required by federal law.
  • Legal Requirements: We may disclose information when required by law, subpoena, court order, or to protect the rights, property, or safety of our company, customers, or others.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you by email and/or prominent notice on our Site before any transfer.
  • Consent: With your explicit consent for any other purpose not listed here.

We never share PHI for marketing purposes and never permit third parties to use your data for their own marketing without your explicit consent.

5. Cookies & Tracking Technologies

We use cookies and similar technologies to operate and improve the Site. Here's what we use:

TypePurposeCan Opt Out?
EssentialShopping cart, login sessions, securityNo (required for Site to function)
AnalyticsUnderstanding traffic patterns (Google Analytics)Yes β€” browser settings or opt-out link
FunctionalRemembering preferences (currency, saved filters)Yes
MarketingRetargeting ads on third-party platformsYes β€” via cookie banner or "Do Not Sell" link

You can control cookies through your browser settings. Disabling non-essential cookies will not impact your ability to shop or upload prescriptions.

6. Your Rights & Choices

Access, Correction & Deletion

You may request access to, correction of, or deletion of your personal information at any time by contacting us at privacy@genericcontacts.com or through your Account settings. We will respond within 30 days.

Marketing Opt-Out

You can unsubscribe from marketing emails at any time via the "Unsubscribe" link in any email, or by contacting us. Note that transactional emails (order confirmations, shipping updates) cannot be opted out of while you have an active account.

Do Not Track

Our Site does not currently respond to Do Not Track signals from browsers. You may opt out of analytics tracking via Google Analytics Opt-out Browser Add-on.

Prescription Data Rights

Your rights regarding your prescription (PHI) are described in detail in our HIPAA Privacy Notice, including your right to access, amend, and restrict use of your Rx data.

7. Data Security

We implement industry-standard security measures to protect your information:

  • AES-256 encryption for all data at rest, including prescription files
  • TLS 1.3 encryption for all data in transit
  • Multi-factor authentication for employee access to customer data
  • Role-based access controls β€” only personnel who need data to fulfill orders can access it
  • Annual third-party security audits and HIPAA risk assessments
  • Payment card data is tokenized by Stripe; we never store raw card numbers on our servers
  • All employees with data access receive annual HIPAA and security training

No system is 100% secure. In the event of a data breach affecting your information, we will notify you as required by applicable law and our HIPAA obligations.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Policy and comply with legal obligations:

  • Account & Order Data: Retained for 7 years after your last transaction, for tax and legal compliance.
  • Prescription Records (PHI): Retained for 6 years from the date of last use, per HIPAA requirements.
  • Marketing Data: Retained until you opt out, then deleted within 30 days.
  • Log Files: Automatically deleted or anonymized after 12 months.

You may request deletion of your account at any time. We will honor such requests subject to our legal retention obligations.

9. Children's Privacy

Our Site is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us immediately at privacy@genericcontacts.com and we will delete it promptly.

Users between 13 and 17 must have parental consent to create an account and place orders on our Site.

10. California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to Know: You may request information about the categories of personal information we collect and how we use and share it.
  • Right to Delete: You may request deletion of personal information we have collected from you, subject to certain exceptions.
  • Right to Correct: You may request correction of inaccurate personal information.
  • Right to Opt Out of Sale/Sharing: We do not sell or share personal information for cross-context behavioral advertising in the traditional sense. To the extent any sharing constitutes a "sale" under CCPA, you may opt out via our "Do Not Sell or Share My Personal Information" link in the footer.
  • Right to Limit Use of Sensitive Personal Information: You may limit our use of your sensitive personal information (including health/prescription data) to what is necessary for providing our services.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.

To exercise your California rights, contact us at privacy@genericcontacts.com or call support@genericcontacts.com. We will verify your identity before processing your request. You may also designate an authorized agent to submit requests on your behalf.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (if you have an account) and/or by posting a prominent notice on the Site before the changes take effect. The "Last Updated" date at the top of this page reflects the most recent revision. Your continued use of the Site after changes become effective constitutes your acceptance of the updated Policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

GenericContacts.com Privacy Officer
Email: privacy@genericcontacts.com
Phone: support@genericcontacts.com
Hours: Mon–Fri, 9am–5pm ET

For prescription-specific privacy requests, please reference our HIPAA Privacy Notice. You also have the right to file a complaint with the U.S. Federal Trade Commission (FTC) at ftc.gov or, for HIPAA matters, with the HHS Office for Civil Rights at hhs.gov/ocr.

This Privacy Policy is effective as of January 1, 2024. GenericContacts.com complies with applicable Federal and state privacy laws and does not discriminate on the basis of race, color, national origin, age, disability, or sex.