Privacy Policy

Introduction

EyewebSafety (“Eyeweb,” “we,” “our,” or “us”) respects and protects the privacy of every visitor, customer, and business partner.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information in alignment with:

  • AICPA SOC 2 Trust Services Criteria for Privacy
  • Health Insurance Portability and Accountability Act (HIPAA) when we handle Protected Health Information (PHI)

By using our website or services, you consent to the practices described in this policy.


Information We Collect

We collect only the information necessary to provide our services, improve your experience, and meet our legal and regulatory obligations.


Personal & Health-Related Information

  • Name, billing and shipping addresses, email, phone number.
  • Eyeglass prescription details and the name/phone number of your eye-care provider.
  • Any photos or documents you provide in connection with your order.
  • Other information you choose to share through customer service channels.

Automatically Collected Data

  • We use cookies and related technologies to maintain secure sessions, remember preferences, and enhance your shopping experience.
  • We do not install spyware or collect hidden personal data.

Cookies and Similar Technologies

  • Cookies help maintain secure sessions, remember preferences, and improve shopping experiences.
  • We do not install spyware or collect hidden personal data.
  • For more information, see our Cookie & Technology Notice.

Purpose and Use of Your Information

Your information is used strictly for legitimate business purposes, consistent with SOC 2 Privacy TSC principles of notice, choice & consent, collection, use, retention, access, and disclosure:

  • Order Fulfillment & Services: To verify prescriptions, manufacture and ship eyewear, and provide customer support.
  • Account & Communication: To send confirmations, respond to inquiries, and provide updates you request.
  • Improvement & Analytics: To analyze website traffic and enhance our services while using aggregated or de-identified data whenever possible.
  • Legal & Compliance: To meet HIPAA obligations for PHI, and to demonstrate compliance with SOC 2 Privacy controls.

Sharing and Disclosure

  • We do not sell, rent, or trade your personal information.
  • We may share data with carefully selected service providers (e.g., payment processors, analytics platforms) strictly for the purposes listed above and only under contracts that require equivalent privacy and security safeguards.
  • We may disclose information when required by law, regulation, subpoena, or to protect the security or integrity of our services.

Your Rights and Choices

Consistent with SOC 2 Privacy TSC and HIPAA requirements, you have the following rights:

  • Access and Correction: You can review and update your personal information by logging in to your account or contacting us directly.
  • Opt-Out: You may unsubscribe from marketing emails at any time.
  • HIPAA Rights: Where PHI is involved, you may request an accounting of disclosures or ask us to restrict certain uses or disclosures as permitted by law.

Data Retention

We retain personal information only as long as necessary to fulfill the purposes outlined above or as required by law and our SOC 2 Privacy and HIPAA retention schedules.


Security

We maintain administrative, physical, and technical safeguards that meet SOC 2 Security and Privacy criteria and HIPAA Security Rule standards, including:

  • Encryption of sensitive data in transit (SSL/TLS) and at rest where applicable.
  • Access controls and monitoring to prevent unauthorized access.
  • Regular risk assessments and security testing.

International Visitors

Our services are primarily intended for users within the United States. If you access our site from outside the U.S., you consent to the transfer and processing of your information in the United States.


How to Contact Us

Please wait.....