Introduction
Generic Contacts ("we," "us," or "our") operates genericcontacts.com and provides name-brand contact lenses at affordable prices. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or place an order with us.
Because we handle prescription (Rx) information, some of your data is considered Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA). This policy is supplemented by our HIPAA Notice of Privacy Practices, which provides additional detail on how we handle PHI.
By using our website or placing an order, you agree to the terms of this Privacy Policy.
Information We Collect
Information You Provide
- Account information: Name, email address, password, phone number, and billing/shipping address when you create an account or place an order.
- Order information: Products purchased, quantities, order history, and payment information (we do not store full card numbers — see Payment section).
- Prescription information: Contact lens prescription details including sphere (SPH), cylinder (CYL), axis, base curve (BC), diameter (DIA), brand, prescriber name, and expiration date. You may enter this manually or upload a photo or PDF of your prescription.
- Communications: Messages you send us via our contact form, email, or live chat.
- Marketing preferences: Email subscription status and communication preferences.
Information Collected Automatically
- Usage data: Pages visited, time spent on pages, links clicked, referring URLs, and browser/device type.
- IP address and location: Approximate geographic location derived from your IP address.
- Cookies and tracking technologies: See the Cookies section below.
Payment Information
Payment card details are processed by our PCI-DSS certified payment processor (Stripe). We do not store your full card number, CVV, or PIN on our servers. We retain a tokenized reference for saved payment methods.
Health Information (PHI)
Your contact lens prescription is Protected Health Information (PHI) under HIPAA. We are required by law to maintain the privacy of your PHI and to provide you with notice of our legal duties and privacy practices. Please review our full HIPAA Notice of Privacy Practices for complete details.
We collect prescription information solely for the purpose of fulfilling your contact lens orders and verifying your prescription as required by federal law (the Fairness to Contact Lens Consumers Act, or FCLCA).
Your prescription data is:
- Stored encrypted at rest using AES-256 encryption
- Transmitted over encrypted connections (TLS 1.2 or higher)
- Accessible only to staff with a legitimate need-to-know, as defined by their role
- Subject to access audit logging
- Never sold to third parties
- Never used for marketing purposes
How We Use Your Information
We use the information we collect to:
- Process and fulfill your orders, including verifying your prescription as required by law
- Send order confirmations, shipping notifications, and receipts
- Create and manage your account
- Respond to your questions and customer service requests
- Send marketing communications if you have opted in (you may opt out at any time)
- Comply with legal obligations, including HIPAA, FCLCA, and applicable state laws
- Detect and prevent fraud and unauthorized account access
- Improve our website and customer experience through analytics
Security
We implement industry-standard technical and organizational measures to protect your information, including:
- AES-256 encryption for data at rest
- TLS 1.2+ encryption for data in transit
- Role-based access controls and least-privilege principles
- Multi-factor authentication for staff access to sensitive systems
- Regular security audits and vulnerability assessments
- Audit logs for all access to PHI
Despite these measures, no system is completely secure. In the event of a data breach that affects your PHI, we will notify you as required by HIPAA's Breach Notification Rule and applicable state laws.
Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you.
- Correction: Request correction of inaccurate information.
- Deletion: Request deletion of your personal information, subject to legal retention requirements.
- Portability: Receive your information in a structured, machine-readable format.
- Opt-out: Unsubscribe from marketing emails at any time via the link in any email we send.
- PHI rights: You have additional rights regarding your health information under HIPAA — see our HIPAA Notice of Privacy Practices.
California residents have additional rights under the CCPA/CPRA, including the right to know, the right to delete, and the right to opt out of the sale of personal information (we do not sell personal information).
To exercise any of these rights, contact us at privacy@genericcontacts.com.
Data Retention
We retain your personal information for as long as necessary to fulfill the purposes described in this policy, comply with our legal obligations, and resolve disputes. Specific retention periods:
- Order records: 7 years (tax and business compliance)
- Prescription records: As required by applicable state law (generally 3–7 years from date of last order)
- Account data: For the life of your account, plus 2 years after account closure
- Marketing data: Until you opt out or request deletion
When data is no longer needed, we securely delete or anonymize it.
Children's Privacy
Our website is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us immediately at privacy@genericcontacts.com.
Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and post the updated policy on this page with a new "Last Updated" date. We encourage you to review this policy periodically.
Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
Generic Contacts — Privacy Office
Email: privacy@genericcontacts.com
Website: genericcontacts.com
For HIPAA-specific inquiries, see our Notice of Privacy Practices.