OptomIQ

Privacy Policy

Last updated: 29 April 2026

OptomIQ ("we", "us", "our") is committed to protecting the privacy of personal and health information we handle on behalf of optometry clinics in Australia. This Privacy Policy describes how we collect, use, store, and disclose information when you use the OptomIQ Commerce platform — including reorder reminders, the patient storefront, and order fulfilment.

This policy is governed by the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and applicable state-based health records legislation.

1. Who we are

OptomIQ is a trading name of [Legal entity name — Josh to confirm] (ABN [ABN — Josh to confirm]), [Registered address — Josh to confirm], Australia.

OptomIQ Commerce is provided to optometry clinics, who in turn use it to communicate with their patients. When OptomIQ handles patient information on behalf of a clinic, OptomIQ acts as a service provider to the clinic and the clinic remains the primary entity responsible for patient information collected during clinical care.

2. What we collect

Through the OptomIQ Commerce platform we may collect and process the following categories of information about clinic patients:

  • Identifiers: name, date of birth, postal address, email address, mobile phone number.
  • Health information: contact lens prescription parameters (base curve, diameter, sphere, cylinder, axis, add power), prescription expiry, prescribing optometrist, replacement schedule, and the prescribed lens product.
  • Order & communication records: reorder history, delivery preferences, prior reminders sent, opt-out / consent state.
  • Payment information: when paying online, your payment is processed by Stripe Australia Pty Ltd. OptomIQ does not store your full card number. We retain a Stripe customer reference and a record of order totals only.
  • Technical data: IP address, device/browser type, and usage logs collected when you interact with the patient storefront.

3. How we collect it

We collect information in the following ways:

  • From the clinic.Clinics integrate OptomIQ with their practice management system (e.g. Optomate). With the clinic's authorisation, we sync patient demographics, prescriptions, and order history.
  • From you directly. When you click a reorder link or place an order via the patient storefront, you provide delivery address, payment details, and any contact updates.
  • Automatically. When you visit the patient storefront, your browser sends technical data (IP address, user agent) which we use for security and reliability monitoring.

4. Why we collect it

We use the information to:

  • send reorder and prescription-expiry reminders on the clinic's behalf;
  • process contact lens orders and pass them to the clinic and supplier for fulfilment;
  • generate tax invoices and order confirmations;
  • operate, secure, and improve the OptomIQ Commerce platform;
  • comply with our legal obligations, including AU Spam Act 2003 (consent / unsubscribe) and Privacy Act notifiable data breach requirements.

5. Who we share it with

We share information with:

  • The clinic that holds your patient relationship — all information collected through OptomIQ Commerce is accessible to authorised clinic staff.
  • Contact lens suppliersto fulfil your order. The information shared is limited to what the supplier needs to dispatch the lenses (your name, prescription parameters, lens barcode, ship-to address). Suppliers we work with include Johnson & Johnson Vision, Alcon, CooperVision, and Bausch + Lomb.
  • Service providers who help us operate the platform: Stripe (payments), Resend (email delivery), [SMS provider — Josh to confirm], Vercel (hosting), Supabase (database, hosted in Sydney), Sentry (error monitoring). These providers process information on our instructions only.
  • Government bodies if required by law.

We do not sell your personal or health information. We do not use your health information for marketing.

6. Cross-border data flow

Your information is primarily stored on Australian infrastructure (Supabase ap-southeast-2 region, Sydney). Some of our service providers may process limited information overseas:

  • Stripe: payment data may be processed in the United States and other Stripe operating regions.
  • Resend / Sentry / Vercel: email delivery, error monitoring, and request routing infrastructure may transit servers in the United States and the European Union.

We take reasonable steps before disclosing information overseas to ensure the recipient handles it consistently with the Australian Privacy Principles.

7. Security

We use industry-standard measures to protect information, including TLS 1.2+ encryption in transit, encryption-at-rest for sensitive fields (AES-256-GCM), role-based access control, audit logging, and rate limiting. No system is 100% secure; if we become aware of a data breach likely to result in serious harm, we will notify affected individuals and the OAIC under the Notifiable Data Breaches scheme.

8. Your rights

Under the APPs you have the right to:

  • request access to the personal information we hold about you;
  • request correction of inaccurate or out-of-date information;
  • opt out of reminder messages at any time (reply STOP to any SMS, or use the unsubscribe link in any email);
  • request deletion of your personal information, subject to our legal record-keeping obligations.

To exercise any of these rights contact us using the details below. For prescription and order-history records held by your clinic, your clinic remains the primary point of contact.

9. Cookies

OptomIQ Commerce uses functional cookies required for authentication and session management. We do not use marketing or third-party advertising cookies.

10. Changes to this policy

We may update this policy as the platform evolves or as required by law. Material changes will be notified to clinics and reflected in the "Last updated" date above.

11. Contact

Privacy enquiries: josh@optomiq.au

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC): oaic.gov.au.