Privacy Policy

Information you provide directly

• Contact details such as name, email address, phone number, and shipping address.
• Prescription data, pupillary distance measurements, and lens preferences supplied by you or your care provider.
• Payment information (processed securely by our PCI-compliant payment providers).
• Support communications, feedback, and marketing preferences.

Information collected automatically

• Device telemetry from kiosks, including firmware version, sensor calibration status, and anonymized session identifiers.
• Technical logs and analytics from our web and mobile applications (IP address, browser type, operating system, referring pages, usage timestamps).
• AI capture artifacts such as anonymized facial landmark vectors used to improve measurement accuracy.
• Location data (general geographic region inferred from IP address; precise location only with your consent).

Information from partners

• Order fulfillment updates from optical labs and shipping carriers.
• Identity verification and fraud-prevention signals from payment providers.
• Practice account data (e.g., authorized optometrists, store locations) from our business partners.

• Facial geometry data is processed in real-time to extract measurement coordinates; raw images are not stored after processing unless you explicitly consent to save a reference photo.
• We do not use facial recognition for identification purposes. The geometric data extracted cannot be used to identify you.
• If you are in Illinois, Texas, Washington, or another state with biometric privacy laws, we will obtain your informed consent before collecting biometric information and will comply with applicable retention and destruction requirements.
• You may request deletion of any stored biometric data by contacting privacy@eyekiosk.online.

Types of cookies we use

• Essential cookies: Required for basic site functionality (authentication, shopping cart, security).
• Functional cookies: Remember your preferences such as language and display settings.
• Analytics cookies: Help us understand how visitors interact with our services so we can improve the user experience.

Your cookie choices

• Most browsers allow you to block or delete cookies through settings. Note that blocking essential cookies may impair site functionality.
• We honor Global Privacy Control (GPC) signals where required by law.
• We do not respond to "Do Not Track" browser signals as there is no industry-standard interpretation, but we do not track users across third-party websites for advertising purposes.

• Delivering core services: providing vision measurements, processing eyewear orders, and managing kiosk sessions.
• Maintaining platform integrity: diagnosing issues, monitoring for abuse, auditing access, and ensuring hardware safety.
• Improving experiences: training and validating AI models, calibrating kiosk sensors, and conducting user research with de-identified data.
• Communicating with you: sending transactional updates, responding to support requests, and delivering marketing communications (where permitted).
• Complying with legal obligations: responding to lawful requests, maintaining records as required, and protecting our legal rights.

Service providers

• Optical labs that manufacture your eyewear.
• Payment processors (such as Stripe) that handle transactions securely.
• Shipping carriers that deliver your orders.
• Cloud infrastructure providers that host our platform.
• Analytics services that help us improve our products.

Other disclosures

• With professional advisors (lawyers, auditors) under confidentiality obligations when necessary to protect our business.
• With government authorities or law enforcement when required to comply with applicable laws or lawful requests.
• With corporate affiliates or in connection with a merger, acquisition, or sale of assets, subject to appropriate protections.

• Account information: Retained while your account is active and for a reasonable period afterward to handle inquiries.
• Prescription and order data: Retained for seven (7) years to support warranty claims, regulatory requirements, and potential disputes.
• Log and analytics data: Retained for up to twenty-four (24) months unless extended for security or auditing purposes.
• Marketing preferences: Retained until you unsubscribe or request deletion.
• Biometric data: Deleted within 3 years of collection or upon your request, whichever is sooner, unless required for an ongoing transaction.

Rights that may be available to you

• Right to know: Request information about what personal data we collect, use, and disclose.
• Right to access: Obtain a copy of your personal information.
• Right to correction: Request correction of inaccurate personal data.
• Right to deletion: Request deletion of your personal information, subject to legal exceptions.
• Right to portability: Receive your data in a structured, machine-readable format.
• Right to opt out: Opt out of the sale or sharing of personal information (we do not sell your data).
• Right to limit use of sensitive data: Restrict processing of sensitive personal information.
• Right to non-discrimination: Exercise your rights without facing discriminatory treatment.

How to exercise your rights

• Submit a request by emailing privacy@eyekiosk.online with sufficient details to identify you.
• We will verify your identity (or the identity of your authorized agent) before fulfilling any request.
• We will respond within the timeframe required by applicable law (typically 45 days) and explain any denial or limitation placed on your request.
• You may designate an authorized agent to submit requests on your behalf with proper verification.

• We do not sell personal information as defined by the CCPA.
• We do not share personal information for cross-context behavioral advertising.
• You may request disclosure of the categories and specific pieces of personal information we have collected about you.
• You may request deletion of personal information we have collected from you.
• You may request correction of inaccurate personal information.
• We will not discriminate against you for exercising your CCPA rights.
• California residents under 16 years of age may use our services only with parental consent.

• Nevada residents: We do not sell your personal information. If you have questions, contact us at privacy@eyekiosk.online.
• We honor opt-out preference signals such as Global Privacy Control (GPC) where required by applicable law.
• If we deny your privacy request, you may appeal by contacting us. We will respond to appeals within the timeframes required by your state's law.

• SMS data is used only for transactional messages such as MFA codes, account notices, and order updates. Message frequency varies and standard message/data rates may apply.
• Reply STOP to opt out or HELP for assistance at any time, or contact support to revoke consent. SMS consent is not required to complete a purchase, and you will continue to receive email updates even if you opt out of texts.
• We do not share your phone number with third parties for their marketing purposes.

• Encryption of data in transit (TLS 1.2+) and at rest using industry-standard algorithms.
• Role-based access controls, multi-factor authentication, and least-privilege policies for employees and partners.
• Secure kiosk hardware design, regular firmware validation, and tamper-resistant enclosures.
• Continuous vulnerability monitoring, third-party penetration testing, and incident response playbooks.
• Regular security training for all employees with access to personal data.
• Data breach notification procedures in compliance with applicable laws.