Legal
Privacy
This page describes what data Reel Optics Vision Center collects through this website, who it is shared with, how long it is kept, and how you can opt out. It mirrors the substance of our internal privacy specification in plain English.
1. What we collect, and what we don't
Information we collect
- Contact form submissions. When you send a message through our contact form, we receive your name, email address, optional phone number, the topic you selected, and your message. We hold this information only long enough to relay it to the practice; it is not stored on the website.
- Appointment bookings. Appointments are booked through Calendly. The details you enter (name, email, appointment type, and any notes) go directly to Calendly and Reel Optics. The website itself does not see or store them.
- Anonymous analytics. We use Google Analytics 4 to count page views and outbound link clicks. IP addresses are anonymized, and we do not send signals to advertising networks.
- Server access logs. Our host (Vercel) keeps short access logs containing a truncated IP address, your browser's user-agent string, the response status, and the URL requested. These logs are retained for 30 days.
Information we do not collect
- We do not collect health information. There is no patient intake on this public site.
- We do not collect insurance details.
- We do not collect payment information.
- We do not collect location data beyond what Google Analytics derives from an anonymized IP.
- We do not collect biometric data.
- We do not knowingly collect data from minors. This site is not directed at children under 13.
3. Who else handles your data
We rely on the following sub-processors to operate the site. Each handles a narrow slice of data for a defined purpose, under its own published data-processing agreement (DPA).
| Sub-processor | Purpose | Data location | DPA |
|---|---|---|---|
| Vercel | Website hosting | United States | vercel.com/legal/dpa |
| Cloudflare | Bot mitigation | Global edge network | cloudflare.com/cloudflare-customer-dpa |
| Resend | Email relay for contact form | US / EU | resend.com/legal/dpa |
| Calendly | Appointment bookings | United States | calendly.com/pages/dpa |
| Google (GA4, Maps, Fonts) | Analytics and embeds | Global | business.safety.google/adsdataprocessingterms |
| Sentry | Error tracking | United States | sentry.io/legal/dpa |
4. Your rights
You may:
- Request access. Ask what data we hold about you. (By design, we hold very little.)
- Request deletion. Ask us to delete data we hold about you. In most cases this is effectively a no-op; where data sits with a sub-processor named above, we forward the deletion request to them.
- Opt out of analytics. Use the Opt out of analytics link in the site footer. The opt-out sets a local preference (
localStorage.gaOptOut = '1') that prevents Google Analytics 4 from loading on subsequent page visits.
Requests should be sent to privacy@vertsolutions.ai during the current engagement. After the site is handed over to the client, requests should go to the address the client publishes here.
5. Cookies and similar storage
This site uses a small, fixed set of first-party storage:
- One first-party cookie set by Google Analytics 4 (
_gaand a couple of related keys). - One server-side rate-limit key stored in Vercel KV (not a browser cookie).
- One first-party preference value in your browser's
localStoragerecording your analytics opt-out, if you choose to set it.
We do not display a modal cookie-consent banner. Based on our review of current United States privacy law and the limited data this site collects, we do not believe a consent banner is legally required. If you would like a banner anyway, contact us — it can be enabled as an optional feature.
6. How long we keep things
| Data stream | Retention |
|---|---|
| Contact-form payload (in transit) | Held only until the email is delivered, then discarded |
| Email in the practice's inbox | Determined by the practice's Gmail retention settings |
| Vercel access logs | 30 days |
| Sentry error events | 90 days |
| Google Analytics 4 events | 14 months (the GA4 default) |
| Calendly bookings | Per the practice's Calendly retention settings |
| Vercel KV rate-limit keys | 10-minute time-to-live |
7. If something goes wrong
If we confirm a breach involving personal information, we follow our written incident-response playbook. Under New Jersey law (N.J.S.A. 56:8-163), a breach involving the personal information of a New Jersey resident can trigger notice obligations. Our default posture is to treat every confirmed breach as notifiable until a written legal review concludes otherwise.
If you suspect an incident, write to privacy@vertsolutions.ai.
Last reviewed: