Legal

Privacy Policy

Effective Date: June 1, 2026  |  Last Updated: June 1, 2026

Introduction

Generic Contacts ("we," "us," or "our") operates genericcontacts.com and provides name-brand contact lenses at affordable prices. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or place an order with us.

Because we handle prescription (Rx) information, some of your data is considered Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA). This policy is supplemented by our HIPAA Notice of Privacy Practices, which provides additional detail on how we handle PHI.

By using our website or placing an order, you agree to the terms of this Privacy Policy.

Information We Collect

Information You Provide

  • Account information: Name, email address, password, phone number, and billing/shipping address when you create an account or place an order.
  • Order information: Products purchased, quantities, order history, and payment information (we do not store full card numbers — see Payment section).
  • Prescription information: Contact lens prescription details including sphere (SPH), cylinder (CYL), axis, base curve (BC), diameter (DIA), brand, prescriber name, and expiration date. You may enter this manually or upload a photo or PDF of your prescription.
  • Communications: Messages you send us via our contact form, email, or live chat.
  • Marketing preferences: Email subscription status and communication preferences.

Information Collected Automatically

  • Usage data: Pages visited, time spent on pages, links clicked, referring URLs, and browser/device type.
  • IP address and location: Approximate geographic location derived from your IP address.
  • Cookies and tracking technologies: See the Cookies section below.

Payment Information

Payment card details are processed by our PCI-DSS certified payment processor (Stripe). We do not store your full card number, CVV, or PIN on our servers. We retain a tokenized reference for saved payment methods.

Health Information (PHI)

HIPAA Notice

Your contact lens prescription is Protected Health Information (PHI) under HIPAA. We are required by law to maintain the privacy of your PHI and to provide you with notice of our legal duties and privacy practices. Please review our full HIPAA Notice of Privacy Practices for complete details.

We collect prescription information solely for the purpose of fulfilling your contact lens orders and verifying your prescription as required by federal law (the Fairness to Contact Lens Consumers Act, or FCLCA).

Your prescription data is:

  • Stored encrypted at rest using AES-256 encryption
  • Transmitted over encrypted connections (TLS 1.2 or higher)
  • Accessible only to staff with a legitimate need-to-know, as defined by their role
  • Subject to access audit logging
  • Never sold to third parties
  • Never used for marketing purposes

How We Use Your Information

We use the information we collect to:

  • Process and fulfill your orders, including verifying your prescription as required by law
  • Send order confirmations, shipping notifications, and receipts
  • Create and manage your account
  • Respond to your questions and customer service requests
  • Send marketing communications if you have opted in (you may opt out at any time)
  • Comply with legal obligations, including HIPAA, FCLCA, and applicable state laws
  • Detect and prevent fraud and unauthorized account access
  • Improve our website and customer experience through analytics

How We Share Your Information

We do not sell your personal information. We may share your information with:

Service Providers (Business Associates)

We work with third-party vendors who help us operate our business. Vendors who may access PHI are required to sign a Business Associate Agreement (BAA) and comply with HIPAA. These include:

  • Cloud hosting and infrastructure providers (encrypted storage of your data)
  • Payment processors (Stripe — for secure payment handling)
  • Shipping carriers (name and address only, for order delivery)
  • Email service providers (for transactional and marketing emails)
  • Customer support software (for managing support tickets)

Legal Requirements

We may disclose your information if required by law, court order, or government authority, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Business Transfers

If Generic Contacts is acquired by or merged with another company, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.

With Your Consent

We may share your information in other ways with your explicit consent.

Security

We implement industry-standard technical and organizational measures to protect your information, including:

  • AES-256 encryption for data at rest
  • TLS 1.2+ encryption for data in transit
  • Role-based access controls and least-privilege principles
  • Multi-factor authentication for staff access to sensitive systems
  • Regular security audits and vulnerability assessments
  • Audit logs for all access to PHI

Despite these measures, no system is completely secure. In the event of a data breach that affects your PHI, we will notify you as required by HIPAA's Breach Notification Rule and applicable state laws.

Cookies & Tracking Technologies

We use cookies and similar technologies to operate our website and improve your experience. You can control cookies through your browser settings.

Types of Cookies We Use

  • Strictly necessary: Required for the website to function — shopping cart, login session, security. Cannot be disabled.
  • Functional: Remember your preferences such as saved addresses and display settings.
  • Analytics: Help us understand how visitors use our site (e.g., Google Analytics). Data is aggregated and anonymized where possible.
  • Marketing: Used to show relevant ads and measure campaign effectiveness. Only set with your consent.

You can manage your cookie preferences using the Cookie Settings link in our website footer. Note that disabling cookies may affect site functionality.

Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate information.
  • Deletion: Request deletion of your personal information, subject to legal retention requirements.
  • Portability: Receive your information in a structured, machine-readable format.
  • Opt-out: Unsubscribe from marketing emails at any time via the link in any email we send.
  • PHI rights: You have additional rights regarding your health information under HIPAA — see our HIPAA Notice of Privacy Practices.

California residents have additional rights under the CCPA/CPRA, including the right to know, the right to delete, and the right to opt out of the sale of personal information (we do not sell personal information).

To exercise any of these rights, contact us at privacy@genericcontacts.com.

Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this policy, comply with our legal obligations, and resolve disputes. Specific retention periods:

  • Order records: 7 years (tax and business compliance)
  • Prescription records: As required by applicable state law (generally 3–7 years from date of last order)
  • Account data: For the life of your account, plus 2 years after account closure
  • Marketing data: Until you opt out or request deletion

When data is no longer needed, we securely delete or anonymize it.

Children's Privacy

Our website is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us immediately at privacy@genericcontacts.com.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and post the updated policy on this page with a new "Last Updated" date. We encourage you to review this policy periodically.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Generic Contacts — Privacy Office

Email: privacy@genericcontacts.com

Website: genericcontacts.com

For HIPAA-specific inquiries, see our Notice of Privacy Practices.