Privacy Policy

Built by CarrotByte, we are a cloud-based Optical Management Software designed for optical stores and eye clinics. CarrotByte processes several categories of your data:

• Customer Account Data: Your personal information as a customer (or potential customer) of CarrotByte's services
• Patient Data: This includes the patient information you enter into your Optical Management Software (OMS) and any related data
• Other Data: Any additional data provided by you on our websites and/or apps

Customer Account Data includes information from both existing and potential customers. When you sign up on CarrotByte's website or request a demo, we collect your data to provide information and services to you. Your privacy is important to us. CarrotByte respects your privacy regarding any information we collect from you across our websites and apps.

We only request personal information when necessary to provide a service to you, and we use it solely for delivering different CarrotByte services. We retain collected information only as long as necessary to provide you with your requested service and fulfill our obligations to you as per our Terms of Service.

As an Optical Management Software, CarrotByte handles Patient Data. Patient privacy is paramount. We do not share personally identifiable information publicly or with third parties except when required by law, when permitted by you, or in compliance with our Terms of Service.

For existing customers, we retain your Patient Data only as long as necessary to provide the requested service and fulfill our obligations as per our Terms of Service. Upon termination of our services, we return all your data and erase all copies on our side as detailed in our Terms of Service.

CarrotByte uses Amazon Web Services (AWS) as our cloud service provider to store and process your data. We implement industry-leading security measures including:

• AWS security best practices and compliance standards
• SSL certificates for secure data transmission
• AES256 encryption for data at rest and in transit
• Regular security audits and updates
• Multi-factor authentication for system access

We protect stored data using commercially acceptable methods to prevent loss, theft, unauthorized access, disclosure, copying, use, or modification.

We do not share any personally identifiable information publicly or with third parties except when:

• Required by law
• Permitted by you
• In compliance with our Terms of Service

Our websites may link to external sites not operated by us. Please be aware that we have no control over the content and practices of these sites and cannot accept responsibility for their respective privacy policies.

You have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion of your data
• Object to processing of your data
• Data portability