Contact Support

Security Policy

Effective Date: March 23, 2026

Last Updated: March 23, 2026

This Security Policy (the “Policy”) describes the administrative, technical, and organizational measures implemented by DirectVision, together with its affiliates, subsidiaries, and related entities, including DirectOD (collectively, “DirectVision,” “we,” “our,” or “us”), in connection with its website located at https://directvision.us, including all associated subdomains, patient portals, applications, and related services (collectively, the “Platform”).

This Policy is provided for informational purposes only and is not intended to create contractual obligations or guarantees regarding specific security measures or outcomes. By accessing or using the Platform, you acknowledge and agree to the practices described herein.

1. Security Program Overview

DirectVision maintains a security program designed to protect the confidentiality, integrity, and availability of information processed through the Platform. This program is based on commercially reasonable practices consistent with industry standards for software-as-a-service platforms.

DirectVision’s security approach includes a combination of internal safeguards and reliance on established third-party infrastructure and service providers. While reasonable measures are taken to protect information, no system can be guaranteed to be completely secure, and DirectVision expressly disclaims any representation or warranty of absolute security.

2. Role of DirectVision and Practices

DirectVision operates as a technology platform that facilitates enrollment, billing, and administration of membership programs offered by independent optometry practices (“Practices”).

Security of information related to your care, treatment, or services may also involve your selected Practice. DirectVision does not control and is not responsible for the internal systems, processes, or security practices of Practices.

Practices are independently responsible for compliance with applicable healthcare and data protection laws, including the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), where applicable.

3. Third-Party Infrastructure and Service Providers

The Platform relies on third-party infrastructure, software, and service providers to support its operation. These providers may include systems used for customer management, communications, hosting, analytics, and workflow automation, including platforms such as Ontraport and similar services.

These third-party providers maintain their own independent security controls and practices. DirectVision selects providers based on general industry standards; however, DirectVision does not control and is not responsible for the security practices, systems, or infrastructure of such providers.

By using the Platform, you acknowledge that your information may be processed, stored, or transmitted through third-party systems outside of DirectVision’s direct control, and DirectVision disclaims liability arising from the acts or omissions of such providers.

4. Shared Responsibility Model

Security of the Platform operates under a shared responsibility model. DirectVision is responsible for maintaining the security of its application environment and systems under its direct control.

You are responsible for maintaining the security of your own devices, login credentials, and account access. This includes using strong passwords, safeguarding account information, and preventing unauthorized access to your account.

DirectVision shall not be responsible for any security incident resulting from compromised credentials, insecure devices, or user actions outside of DirectVision’s control.

5. Administrative and Technical Safeguards

DirectVision implements administrative and technical safeguards designed to protect information against unauthorized access, disclosure, alteration, or destruction. These safeguards may include access controls, authentication mechanisms, encryption in transit, system monitoring, and internal policies governing data access.

Access to systems and data is limited to authorized personnel with a legitimate business need. DirectVision periodically reviews access privileges and maintains procedures for onboarding and offboarding personnel.

6. Payment Security

Payments processed through the Platform are handled by independent third-party payment processors. DirectVision does not store full payment card numbers or sensitive banking credentials.

All financial data is processed in accordance with the security practices of the applicable payment processor. DirectVision disclaims any responsibility or liability for the security, performance, or compliance of such third-party systems.

7. Monitoring and Incident Response

DirectVision maintains monitoring practices designed to detect potential security events, including unauthorized access attempts and abnormal system behavior. In the event of a suspected security incident, DirectVision will take commercially reasonable steps to investigate and mitigate the issue.

Where required by applicable law, DirectVision will provide notice of confirmed data breaches in accordance with legal requirements. However, DirectVision does not guarantee the detection or prevention of all incidents.

8. Data Retention and Disposal

DirectVision retains data only for as long as necessary to provide services, comply with legal obligations, and support operational needs. When data is no longer required, DirectVision implements commercially reasonable measures to delete or anonymize such data.

Retention periods may vary based on the nature of the data and applicable legal requirements.

9. Compliance Positioning

DirectVision’s security practices are designed to align with general industry standards; however, DirectVision does not represent or warrant compliance with any specific regulatory framework, including HIPAA, unless expressly stated in a separate written agreement.

Users should direct any questions regarding regulatory compliance or medical data usage to their selected Practice.

10. Limitations and Disclaimer

This Policy provides a general overview of DirectVision’s security practices and is not intended to be a comprehensive description of all safeguards or controls.

To the fullest extent permitted by law, DirectVision disclaims all liability for any unauthorized access, data breach, loss, or corruption of information, including incidents arising from third-party systems, Practices, or user actions beyond DirectVision’s reasonable control.

11. Changes to This Policy

DirectVision reserves the right to update or modify this Security Policy at any time in its sole discretion. Any changes will become effective upon posting to the Platform, and the “Last Updated” date will be revised accordingly.

Continued use of the Platform constitutes acceptance of any updated Policy.

12. Contact Information

DirectVision

Email: support@directvision.us

Subject Line: ATTN: SECURITY INQUIRY

Helping patients better understand their vision benefits, plan access, and support through their trusted practice.

Contact Support
2026 DirectVision. All rights reserved.
Privacy Terms Security Cookies
DirectVision helps support the patient experience by making vision plan information, billing communication, and care access easier to understand. Plan details, benefits, eligibility, and coverage may vary based on your provider, employer, location, or plan type. Please review your specific plan information carefully and contact your provider or support team if you have questions about covered services, billing, reimbursement, or eligibility. DirectVision does not replace medical advice, diagnosis, or treatment from your doctor. For urgent care needs or medical emergencies, contact your doctor directly or call local emergency services. For general support, contact support@directvision.com.
[bot_catcher]