Back to Home

IOOptiks Privacy Policy

Last Updated: January 19, 2026 | Version 2026.01.19

1. Information We Collect

We collect information you provide directly to us, including:

  • Account information (name, email, business details, professional license information)
  • Patient data you enter into the Platform (protected as personal health information)
  • Payment information (processed securely via Stripe)
  • Usage data and analytics
  • Device and browser information

2. How We Use Your Information

We use collected information to:

  • Provide and improve our services
  • Process transactions and send related information
  • Send technical notices and support messages
  • Respond to your requests and inquiries
  • Monitor and analyze usage patterns
  • Maintain audit logs as required by healthcare regulations

3. Protection of Health Information

Patient data entered into the Platform is treated as personal health information under PIPEDA and is protected in accordance with applicable Canadian privacy laws. We implement:

  • 256-bit AES encryption at rest
  • TLS 1.3 encryption in transit
  • Role-based access controls
  • Comprehensive audit logging
  • Regular security assessments

4. Data Sharing and Third-Party Services

We do not sell your personal information or patient data. We share information with the following service providers who assist in our operations:

Payment Processing

  • Stripe - Processes all payment transactions, subscription billing, and marketplace payouts. Receives: customer names, email addresses, billing addresses, payment method details, transaction amounts, and subscription information.

Email Communications

  • Resend - Delivers transactional emails including appointment reminders, invoices, order confirmations, and booking notifications. Receives: recipient names, email addresses, appointment details, invoice information, and order summaries. Patient names may be included in appointment-related communications.

Hosting and Infrastructure

  • Supabase - Provides database hosting, authentication, and real-time services. Stores: all application data including user accounts, patient records, orders, appointments, and configuration settings.
  • Vercel - Hosts the web application and provides domain registration services. For domain registration: collects registrant contact information including name, address, phone number, and email as required by domain registration regulations.

Security Services

  • Upstash - Provides rate limiting and abuse prevention. Receives: client IP addresses and request patterns for security monitoring. No personal data is stored.

Optional Integrations (User-Initiated)

The following integrations are optional and only activated when you explicitly connect them:

  • Google Calendar - If you connect your Google Calendar, we sync appointment and task data including patient names, appointment types, dates, times, and locations to your calendar.
  • Microsoft Outlook Calendar - If you connect your Outlook Calendar, we sync appointment and task data including patient names, appointment types, dates, times, and locations to your calendar.
  • Google Sheets - If you connect Google Sheets for data import, we access spreadsheet contents to import data into your IOOptiks account.

Legal and Compliance

We may also share information with:

  • Legal authorities when required by law, subpoena, or legal process
  • Business partners with your explicit consent
  • Professional regulatory bodies in response to complaints or investigations

All third-party service providers are bound by data processing agreements and are required to protect data in accordance with applicable privacy laws. We regularly review our vendors' security practices and compliance certifications.

5. Data Security

We implement industry-standard security measures to protect your data, including encryption, access controls, intrusion detection, and regular security assessments. We maintain SOC 2 compliant infrastructure and conduct regular penetration testing.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Patient records are retained in accordance with applicable healthcare record retention requirements (typically 10 years from last contact in most Canadian jurisdictions). You may request deletion of your account data at any time, subject to legal retention requirements.

7. Your Rights

You have the right to:

  • Access your personal information
  • Correct inaccurate data
  • Request deletion of your data (subject to legal retention requirements)
  • Export your data in a portable format
  • Opt out of marketing communications
  • Withdraw consent for non-essential data processing

8. Patient Rights

Patients whose data is stored on the Platform retain the right to:

  • Access their optometric records through their optician
  • Request amendments to their records
  • Obtain copies of their records
  • Know how their information has been disclosed

Requests for patient data access should be directed to the optician who manages that patient's records.

9. Cookies and Tracking

We use cookies and similar technologies to enhance your experience and collect usage data. You can control cookie settings through your browser preferences. Essential cookies required for Platform functionality cannot be disabled.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes through the Platform and require acceptance of the updated policy to continue using the service.

11. Contact Us

For privacy-related inquiries, contact us at support@iooptiks.com.

For data protection concerns or to exercise your privacy rights, contact our Privacy Officer at privacy@iooptiks.com.

Questions about our privacy practices? Contact us