Privacy Policy
Last updated: 3 July 2026 · getoptical.app
This Privacy Policy explains how Carlos Enrique Herrera Betancourt, a sole trader (autónomo) with Spanish tax ID (NIF) 54263611X, trading as "Optical" ("Optical", "we"), handles information when a merchant installs our Shopify apps — including Optical Form — and when a merchant's customers use features we provide on the storefront.
1. Who is responsible
For merchant account data, Optical is the data controller. For prescription and order data that a merchant's customers submit through our on-store forms, the merchant is the controller and Optical acts as a processor on their behalf.
2. Data we collect
- Merchant & store data — shop domain, store details and the data needed to run the app, accessed via Shopify with the scopes you approve on install (products, metaobjects, themes).
- Customer prescription data — values a shopper enters or uploads in the configurator: prescription figures (e.g. SPH, CYL, AX, ADD), PD, uploaded prescription files, and any email provided to submit a prescription.
- Order & selection data — the lens, treatment and accessory choices attached to the order.
- Technical data — standard log and device data needed to operate and secure the service.
3. How we use it
To provide the app's functionality (build the configuration, add it to cart, save it to the order), to support merchants, and to keep the service secure and reliable. We do not sell personal data, and we do not use prescription data for advertising.
4. Processors & hosting
The app runs on Shopify (the store platform) and Gadget (our application backend and database host). These providers act as sub-processors and process data on our behalf under their own security and privacy terms.
5. Prescription (sensitive) data
Prescription data is stored only to fulfil the order and provide the app's features. It is transmitted over TLS and access is restricted. We honor deletion and export requests (see below), and we support Shopify's mandatory data-redaction requests.
6. Retention
We retain data only as long as needed to provide the service or as required by law — generally the periods set by applicable tax and commercial rules (typically 4–6 years for order- and invoicing-related data). On app uninstall or a valid redaction request, associated records are deleted or anonymized.
7. Your rights (GDPR / CCPA and similar)
Depending on your location you may request access, correction, deletion, portability, or restriction of your data. Merchants' customers should direct requests to the store they purchased from; we assist merchants in fulfilling them. Contact us at support@getoptical.app. If you believe the processing does not comply with the law, you may lodge a complaint with the competent supervisory authority; in Spain, the Spanish Data Protection Agency (AEPD, aepd.es).
8. Cookies
Our marketing site uses minimal cookies. The storefront app uses only what is necessary to operate the configurator and cart.
9. Changes
We may update this policy; the "last updated" date reflects the current version.
10. Contact
Carlos Enrique Herrera Betancourt (NIF 54263611X) · Calle Arroyo 27, 41003 Sevilla, Spain · support@getoptical.app