Privacy Policy

Effective Date: February 6, 2026. Last reviewed: February 2026.

1. Who We Are

MyopiaProgression.com is an educational health information website dedicated to providing evidence-based resources about myopia (nearsightedness) progression and myopia control for parents, eye care providers, educators, and researchers.

Data Controller: MyopiaProgression.com, 1905 Sherman Street, Ste 200, Denver, CO 80203, United States. Privacy Contact: privacy@myopiaprogression.com

2. Information We Collect

Information You Provide Directly

Account registration (name, email), email subscriptions, Risk Assessment Tool responses (child's age, vision history, lifestyle factors, family history), appointment requests, provider directory listings, research submissions, advertiser inquiries, and community participation.

Information Collected Automatically

Device and browser information, usage data (pages visited, time on pages), IP address and approximate location, and referral data.

Information We Do NOT Collect

We do not collect Social Security numbers, government IDs, financial account numbers, biometric data, precise GPS geolocation, or protected health information (PHI) as defined by HIPAA.

3. How We Use Your Information

Service delivery, communication (with consent for marketing), provider matching, payment processing, website improvement, security, and legal compliance.

4. Legal Basis for Processing (GDPR)

For EEA/UK users: Consent, contract performance, legitimate interests, and legal obligation.

5. Data Sharing and Third-Party Services

We do not sell, rent, or trade your personal information. We share data only with: Plausible Analytics (privacy-focused analytics, no personal identifiers, no cookies), Stripe (payment processing), Resend (transactional emails), Cloudflare (CDN and DDoS protection), and S3-compatible cloud storage (file storage).

6. Cookies and Tracking Technologies

We use strictly necessary cookies (authentication, security), optional analytics cookies (Plausible Analytics, which operates without cookies and stores no personal identifiers), and preference cookies (theme, consent choice). You can manage preferences via our cookie consent banner.

7. Children's Privacy (COPPA Compliance)

MyopiaProgression.com takes children's privacy seriously. Our website is designed for use by parents, guardians, and eye care professionals — not by children directly. We do not knowingly collect personal information directly from children under 13. Our Risk Assessment Tool and forms are designed to be completed by a parent or guardian. Child-related data is associated with the parent's email, not a child's account. We do not use any data related to children for advertising, profiling, or behavioral targeting.

Parents may request to review, delete, or stop collection of their child's information by contacting privacy@myopiaprogression.com.

8. Health Information and HIPAA Disclaimer

Important: MyopiaProgression.com is NOT a healthcare provider, health plan, or healthcare clearinghouse. We are NOT a covered entity or business associate under HIPAA. Information on this website is for educational purposes only and is not a substitute for professional medical advice. Our Risk Assessment Tool does not constitute a medical diagnosis. Always consult a qualified eye care professional.

9. Data Retention

User accounts: until deletion request or 3 years of inactivity. Email subscriptions: until unsubscribe. Risk assessment data: 2 years, then anonymized. Appointment requests: 1 year after completion. Provider listings: until removal request or subscription end. Payment records: as required by law (typically 7 years). Analytics: aggregated and anonymized.

10. Data Security

We implement TLS/SSL encryption, HSTS preloading, encrypted database storage, access controls, Content Security Policy headers, rate limiting, honeypot spam prevention, Cloudflare DDoS protection, and PCI DSS Level 1 compliant payment processing via Stripe.

11. Your Rights

Access, correction, deletion, opt-out of marketing, data portability, and withdrawal of consent. Contact privacy@myopiaprogression.com to exercise these rights. We respond within 30 days.

12. California Privacy Rights (CCPA/CPRA)

California residents have the right to know, right to delete, right to opt-out of sale or sharing (we do NOT sell your personal information), right to non-discrimination, and may use authorized agents.

13. European Privacy Rights (GDPR)

EEA/UK residents have additional rights: restriction of processing, right to object, right to lodge a complaint with a supervisory authority, and right not to be subject to automated decision-making.

14. Do Not Track Signals

Our website respects Do Not Track (DNT) browser signals. Plausible Analytics does not use cookies or track individual users regardless of DNT settings.

15. International Data Transfers

Our servers and database are located in the United States. For EEA/UK users, we rely on Standard Contractual Clauses (SCCs) or explicit consent for international data transfers.

16. Changes to This Policy

We will update the effective date, post notices for significant changes, and email registered users for material changes affecting data handling.

17. Contact Us

Email: privacy@myopiaprogression.com. Mail: MyopiaProgression.com, 1905 Sherman Street, Ste 200, Denver, CO 80203, United States. We respond within 30 days.