Privacy Policy

Personal Information means information about an identifiable individual, as defined under PIPEDA. This includes your name, email address, phone number, and other data that can identify you.

Personal Health Information means information about your physical or mental health, including the reason for your eye exam appointment, as governed by PHIPA in Ontario.

Consent means your voluntary agreement to the collection, use, and disclosure of your personal information for the stated purposes.

Information you provide: When you book an appointment, we collect your name, email address, phone number, date of birth, and the reason for your visit. You may also provide insurance details or special requests.

Health-related information: The reason for your eye exam visit and any notes you provide to the clinic are considered personal health information under Ontario law.

Automatically collected information: When you visit our website, we may collect your IP address, browser type, device type, operating system, referring URL, and pages visited. This data is used to improve our services and ensure security.

Location data: With your permission, we use your location to show nearby optometry clinics. You may also search by entering a location manually.

We collect and process your personal information in accordance with the ten fair information principles set out in Schedule 1 of PIPEDA:

• Accountability: We have designated a Privacy Officer responsible for our compliance with this policy.
• Identifying purposes: We identify the purposes for collection at or before the time of collection.
• Consent: We obtain your meaningful consent for the collection, use, and disclosure of your information. Where we rely on implied consent (e.g., providing your email to receive booking confirmations), the purpose is clear from context.
• Limiting collection: We collect only the information necessary for the stated purposes.
• Limiting use, disclosure, and retention: Your information is used only for the purposes for which it was collected, unless you provide further consent.

We use your personal information to:

• Facilitate and confirm your appointment bookings
• Communicate with you and the clinic about your appointment (confirmations, reminders, follow-ups)
• Provide customer support
• Improve our platform, services, and user experience
• Prevent fraud and ensure the security of our platform
• Comply with legal obligations
• With your express consent under Canada's Anti-Spam Legislation (CASL), send commercial electronic messages such as marketing communications

We do not sell your personal information to third parties.

We may share your personal information with:

• Optometry clinics: Your booking details are shared with the clinic you select so they can provide your appointment.
• Service providers: Trusted third parties who help us operate our platform (e.g., cloud hosting, SMS delivery, email delivery) under strict confidentiality agreements.
• Legal requirements: When required by law, court order, or to protect our legal rights.
• Business transfers: In connection with a merger, acquisition, or sale of assets, subject to confidentiality obligations.

We use cookies and similar technologies as described in our Cookie Policy. You can manage your cookie preferences at any time through the cookie consent banner or the "Cookie Preferences" link in our website footer. When you consent to analytics cookies, we use Amplitude, a third-party analytics service, to understand how visitors use our website. Amplitude collects aggregated, anonymized usage data such as pages visited, referral source, browser type, and device type. We have configured Amplitude not to store your IP address, and we do not send any personally identifiable information (such as your name, email, or phone number) to Amplitude. Amplitude processes data in the United States, which is covered by our cross-border disclosure in Section 11 below. If you do not consent to analytics cookies, no analytics data is collected. You can withdraw your consent at any time through the Cookie Preferences link in our website footer.

We retain your personal information only as long as necessary to fulfill the purposes described in this policy and to comply with legal obligations. Specifically:

• Booking and contact information is retained for the duration of your use of the service and a reasonable period thereafter.
• Audit logs are retained for 90 days for security and compliance.
• When information is no longer needed, it is securely destroyed or de-identified.

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit (TLS/HTTPS)
• Secure authentication with hashed passwords
• HttpOnly and Secure flags on authentication cookies
• Role-based access controls
• Audit logging of administrative actions
• Regular security reviews and updates

No method of transmission over the internet is completely secure. We cannot guarantee absolute security, but we take all reasonable steps to protect your data.

Under PIPEDA and applicable provincial legislation, you have the right to:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Withdrawal of consent: Withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice. Withdrawal may affect our ability to provide certain services.
• Deletion: Request deletion of your personal information, subject to legal retention requirements.
• Complaint: File a complaint with the Office of the Privacy Commissioner of Canada (OPC) or the Information and Privacy Commissioner of Ontario (IPC).

To exercise any of these rights, contact our Privacy Officer using the information in Section 14 below.

Your personal information is stored and processed in Canada and the United States. Some of our service providers (including cloud hosting and communication services) may process data in the United States. In such cases, your information may be subject to U.S. laws, including the USA PATRIOT Act. We ensure that any cross-border transfers are subject to appropriate contractual safeguards and that service providers maintain security standards comparable to those required under Canadian law.

Our services are not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. Individuals between 13 and the age of majority in their province (18 in Ontario) may use the Platform with the consent of a parent or legal guardian. If you believe we have collected data from a child under 13 without proper consent, please contact us immediately and we will take steps to delete it.

In accordance with PIPEDA's mandatory breach notification requirements, if a breach of security safeguards involving your personal information creates a real risk of significant harm, we will:

• Notify you as soon as feasible with details of the breach and steps you can take to reduce the risk of harm
• Report the breach to the Office of the Privacy Commissioner of Canada
• Notify any other organizations or government institutions that may be able to reduce the risk of harm
• Maintain a record of all breaches for a minimum of 24 months

Our Privacy Officer is responsible for our compliance with this policy and PIPEDA. For privacy-related questions, to exercise your rights, or to report a concern, please contact us:

We will acknowledge your request within ten (10) business days and provide a substantive response within thirty (30) days.

If you are not satisfied with our response, you have the right to file a complaint with:

• Office of the Privacy Commissioner of Canada (OPC): www.priv.gc.ca (1-800-282-1376)
• Information and Privacy Commissioner of Ontario (IPC): www.ipc.on.ca (1-800-387-0073)

We may update this Privacy Policy to reflect changes in our practices or applicable law. Material changes will be posted on this page with an updated "Last updated" date. Where required by law, we will provide notice and obtain consent before making material changes to how we handle your personal information.