Privacy
Book a demo Get started

Privacy Policy

Effective Date: March 23, 2026

Last Updated: March 23, 2026

This Privacy Policy (the “Policy”) describes the manner in which DirectOD, together with its parents, subsidiaries, affiliates, and related entities (collectively, “DirectOD,” “we,” “our,” or “us”), collects, uses, processes, discloses, and safeguards information obtained through its website located at https://directod.com, including all associated subdomains, applications, portals, interfaces, and related services that link to or reference this Policy (collectively, the “Website”).

This Policy is intended to provide a comprehensive description of DirectOD’s data practices in accordance with applicable United States federal and state privacy laws and regulations. By accessing, browsing, or otherwise using the Website, you acknowledge and agree that you have read, understood, and consent to the terms and conditions set forth herein. If you do not agree to this Policy, you should discontinue use of the Website immediately.

Collection of Information

DirectOD collects information that is voluntarily provided by users in the course of interacting with the Website. Such interactions may include, without limitation, submitting inquiries, requesting information, registering for or administering accounts, enrolling in or managing membership plans, or otherwise communicating with DirectOD. The categories of information collected may include identifying information such as name, email address, telephone number, and business or practice-related information, as well as account credentials and any additional information that a user elects to provide.

In certain instances, participating practices may utilize the Website to input or transmit information relating to patients or membership plan participants. In such circumstances, DirectOD receives and processes such information strictly on behalf of, and at the direction of, the applicable practice. DirectOD does not independently determine the purpose or means of processing such information and acts solely as a technology service provider with respect to such data.

In addition to information affirmatively provided by users, DirectOD automatically collects certain information arising from use of the Website. Such information may include Internet Protocol (IP) addresses, device identifiers, browser characteristics, operating system details, access timestamps, referring and exit pages, and user interaction data. This information is collected through the use of cookies, pixels, log files, and similar tracking technologies, which are utilized for purposes including, but not limited to, maintaining Website functionality, improving performance, conducting analytics, and enhancing the user experience. Users may configure their browser settings to limit or disable certain tracking technologies; however, such limitations may impair the functionality or availability of certain features of the Website.

Use and Processing of Information

DirectOD processes information for legitimate business purposes and in furtherance of its operational activities. Such purposes include, without limitation, the provision, maintenance, and improvement of the Website and related services; the facilitation of account registration, authentication, and management; the processing of transactions through third-party service providers; the provision of customer service and support; and the communication of service-related updates, administrative notices, and other operational communications.

DirectOD further processes information for purposes of monitoring, analyzing, and improving system performance and user engagement; detecting, preventing, and responding to fraud, abuse, security incidents, and other potentially unlawful activities; enforcing contractual obligations and applicable policies; and complying with applicable legal, regulatory, and reporting requirements. DirectOD may also utilize information in aggregated or de-identified form for purposes of analytics, benchmarking, research, and internal business intelligence, provided that such information cannot reasonably be used to identify any individual.

Role of DirectOD as a Technology Provider

DirectOD operates exclusively as a technology platform and administrative service provider and does not provide medical care, clinical services, or professional healthcare advice. Any relationship between a patient and a healthcare provider exists solely between such patient and the applicable participating practice. DirectOD does not control, supervise, or assume responsibility for any clinical decisions, diagnoses, treatments, or outcomes.

DirectOD further disclaims any responsibility for the accuracy, completeness, or legality of information submitted to the Website by practices or users. Participating practices are solely responsible for ensuring compliance with all applicable laws and regulations governing their operations, including, without limitation, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and any related regulations. To the extent DirectOD is deemed to act as a service provider, data processor, or business associate under applicable law, such relationship shall be governed exclusively by the terms of a separate written agreement entered into between DirectOD and the applicable entity.

Payment Processing and Financial Data

The Website may facilitate payment transactions in connection with membership plans or related services. All such transactions are processed by independent third-party payment processors. DirectOD does not collect, store, or maintain full payment card numbers, bank account numbers, or other sensitive financial credentials. Any financial information provided in connection with a transaction is transmitted directly to the applicable payment processor and is subject to that processor’s privacy and security practices.

DirectOD expressly disclaims any liability arising from or related to the acts, omissions, errors, or security practices of any third-party payment processor or financial institution.

Disclosure of Information

DirectOD does not sell personal information as such term is defined under applicable law. DirectOD may, however, disclose information to third parties under certain circumstances, including where such disclosure is necessary to provide services or operate the Website. Such disclosures may include sharing information with service providers that perform functions on behalf of DirectOD, including but not limited to hosting providers, cloud infrastructure providers, analytics providers, payment processors, communication platforms, and customer support systems.

DirectOD may also disclose information where required to do so by applicable law, regulation, subpoena, court order, or other legal process; where necessary to enforce its agreements, policies, or terms of use; where necessary to protect the rights, property, or safety of DirectOD, its users, or others; or in connection with a corporate transaction, including a merger, acquisition, financing, reorganization, or sale of assets, in which case information may be transferred as part of such transaction.

All third-party service providers engaged by DirectOD are contractually obligated to maintain the confidentiality of information and to use such information solely for authorized purposes.

Data Security

DirectOD implements commercially reasonable administrative, technical, and physical safeguards designed to protect information from unauthorized access, use, disclosure, alteration, or destruction. Such safeguards may include encryption in transit, access controls, authentication mechanisms, system monitoring, and vendor risk management procedures.

Notwithstanding the foregoing, users acknowledge that no method of transmission over the Internet or method of electronic storage is entirely secure. Accordingly, DirectOD does not warrant or guarantee the absolute security of any information and disclaims liability for any unauthorized access, breach, or loss of information that occurs beyond its reasonable control.

Data Retention

DirectOD retains information for as long as reasonably necessary to fulfill the purposes described in this Policy, including the provision of services, maintenance of business records, compliance with legal and regulatory obligations, resolution of disputes, and enforcement of agreements. Retention periods may vary depending on the nature of the information, applicable legal requirements, and legitimate business needs.

Consumer Privacy Rights

Depending on the jurisdiction in which a user resides, such user may have certain rights under applicable privacy laws, including the right to request access to personal information, request correction of inaccurate information, request deletion of personal information, obtain a portable copy of personal information, and opt out of certain categories of data processing.

Such rights are subject to applicable limitations and verification requirements. DirectOD reserves the right to deny or limit requests to the extent permitted by law. DirectOD will not discriminate against any individual for exercising rights granted under applicable privacy laws.

Requests to exercise such rights may be submitted using the contact information provided below, and DirectOD will respond in accordance with applicable legal requirements.

State Law Compliance

This Policy is intended to comply with applicable U.S. state privacy laws, including, without limitation, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, and the Utah Consumer Privacy Act.

To the extent required under California law, DirectOD does not sell or share personal information for purposes of cross-context behavioral advertising. DirectOD honors valid consumer requests submitted directly or through authorized agents, subject to appropriate verification procedures.

Third-Party Services and Links

The Website may contain links to or integrations with third-party websites, platforms, or services that are not owned or controlled by DirectOD. DirectOD does not endorse and is not responsible for the privacy practices, security measures, or content of such third parties. Access to and use of third-party services is undertaken at the user’s own risk.

Children’s Privacy

The Website is not directed to individuals under the age of thirteen (13), and DirectOD does not knowingly collect personal information from children. If DirectOD becomes aware that personal information has been collected from a child without appropriate consent, it will take reasonable steps to delete such information in accordance with applicable law.

Limitation of Liability

To the fullest extent permitted by applicable law, DirectOD shall not be liable for any indirect, incidental, consequential, special, exemplary, or punitive damages arising out of or relating to the use of the Website or the collection, use, processing, or disclosure of information. Users expressly acknowledge and agree that use of the Website is undertaken at their own risk and that DirectOD’s obligations are limited strictly to those expressly set forth in this Policy.

Changes to This Policy

DirectOD reserves the right to amend, update, or modify this Privacy Policy at any time in its sole discretion. Any such changes shall become effective immediately upon posting to the Website, and the “Last Updated” date shall be revised accordingly. Continued use of the Website following the posting of any changes constitutes acceptance of such changes.

Contact Information

For questions, requests, or notices regarding this Privacy Policy or DirectOD’s data practices, please contact:

DirectOD

Email: info@directod.com

Subject Line: ATTN: PRIVACY POLICY INQUIRY

In-office plans built for independent eye care practices.

Get Started Book a Demo
2026 DirectOD™. All rights reserved. #1010 2321 Sir Barton Way Suite 140, Lexington, KY 40509 US
Privacy Terms Security Cookies Accessibility
DirectOD Vision Membership Plans are NOT insurance. Members pay a monthly or annual fee directly to participating eye care providers in exchange for access to discounted services, benefits, and product savings as outlined in the provider’s custom membership plan. Members are responsible for paying their provider directly for any services or products received beyond the plan’s benefits. Plan features, pricing, and savings may vary by provider and location — please refer to your provider’s specific plan terms for full details. Vision membership plans offered through DirectOD do not qualify as insurance under the Affordable Care Act and do not satisfy minimum essential coverage requirements. DirectOD is not an insurance company, and does not pay or reimburse providers for services rendered. DirectOD exclusively supports eye care and does not operate in any other medical field or acknowledge outside industry technologies attempting to operate in the eye care industry. For questions regarding your plan, please contact your participating provider.
[bot_catcher]