Privacy Policy
This privacy policy describes how refract.ing ("we," "us," or "our") collects, uses, and shares information when you visit our marketing website at refract.ing. This policy applies only to the website — not to the refract.ing product platform, which is governed by separate agreements.
1. Who We Are
refract.ing is a B2B SaaS platform for optometry practices, owned and operated by Dr. Alexander Bonakdar. We are based in Irvine, California.
Contact: dr@refract.ing
2. Information We Collect
Information you provide
When you fill out our contact or demo request form, we collect:
- First name and last name
- Email address
- Phone number
- Practice name
- EMR system (your current electronic medical records software)
- Practice size (number of providers)
Information collected automatically
When you visit our website, we automatically collect certain technical data:
- IP address — collected via the Vercel hosting platform's x-forwarded-for header
- HubSpot tracking cookie (hutk) — a unique identifier placed by HubSpot to associate your form submission with your browsing activity on our site
- UTM parameters — utm_source, utm_medium, utm_campaign, utm_term, and utm_content from the URL, used to understand which marketing channels brought you to our site
- Referrer URL — the page you were on before arriving at our site
- Landing page URL — the specific page on our site where you arrived
- Browser user agent — technical information about your browser and operating system
3. How We Use Your Information
We use the information we collect for the following purposes:
- Responding to inquiries — to contact you about your demo request or question
- Marketing communications — to send relevant product updates and information (you can opt out at any time)
- Analytics — to understand how visitors find and use our website so we can improve it
- Session recording — to analyze how visitors interact with our pages (clicks, scrolls, navigation) to improve user experience
- Attribution — to understand which advertising and marketing channels are effective
We do not sell your personal information. We have never sold personal information, and we have no plans to do so.
4. Third-Party Services
We share data with the following third-party services to operate our website and business. Each service processes data under its own privacy policy.
| Service | Purpose | Data Shared |
|---|---|---|
| HubSpot | CRM, form submissions, email notifications | All form fields, IP address, hutk cookie, UTM parameters, referrer, landing page URL |
| Google Analytics 4 (G-9QTEEN06F7) | Website analytics | Page views, session data, browser info, anonymized IP |
| Google Tag Manager (GTM-58R4NCLT) | Analytics orchestration | Manages the loading of analytics scripts; does not independently collect personal data |
| Microsoft Clarity (wipfm149ci) | Session recording, heatmaps | Mouse movements, clicks, scrolls, page content (PII is masked by default) |
| Vercel | Hosting, serverless functions | IP address, request headers (processed as infrastructure provider) |
All listed services process data in the United States.
5. Cookies and Tracking Technologies
Our website uses cookies and similar technologies. Here are the cookies you may encounter:
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
| __hssc, __hssrc, __hstc | HubSpot | Track visitor sessions and identify returning visitors | 30 min / session / 13 months |
| hubspotutk | HubSpot | Unique visitor identifier used to link form submissions to browsing history | 13 months |
| _ga, _ga_* | Google Analytics | Distinguish unique users and track sessions | 2 years / 2 years |
| _gid | Google Analytics | Distinguish unique users (short-lived) | 24 hours |
| _clck | Microsoft Clarity | Persists the Clarity user ID | 12 months |
| _clsk | Microsoft Clarity | Connects page views into a single Clarity session | 1 day |
You can control cookies through your browser settings. Disabling cookies may affect some website functionality but will not prevent you from viewing the site.
6. HIPAA and Protected Health Information
This website does not collect, store, or process Protected Health Information (PHI) as defined under HIPAA. The form fields we collect (name, email, phone, practice name, EMR system, practice size) are business contact information, not patient health data.
The refract.ing product platform, which is installed on-premises at optometry practices, does handle PHI. That data processing is governed by separate Business Associate Agreements (BAAs) between refract.ing and each practice. This privacy policy does not cover the product platform.
7. Data Retention
Form submissions and associated contact data are stored in HubSpot for as long as needed to maintain our business relationship with you, or until you request deletion. Analytics data is retained according to each third-party service's default retention settings (typically 14 to 26 months).
8. Your California Privacy Rights (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information.
Your rights
- Right to know — You can request that we disclose what personal information we have collected about you, the sources of that information, our purpose for collecting it, and the third parties with whom we share it.
- Right to delete — You can request that we delete your personal information, subject to certain exceptions (for example, if we need the data to complete a transaction or comply with a legal obligation).
- Right to opt-out of sale — We do not sell your personal information. We do not share personal information for cross-context behavioral advertising.
- Right to non-discrimination — We will not discriminate against you for exercising any of your CCPA/CPRA rights.
- Right to correct — You can request that we correct inaccurate personal information we hold about you.
How to exercise your rights
To make a request under the CCPA/CPRA, contact us at dr@refract.ing. We will verify your identity before processing your request and respond within 45 days.
9. Data Security
We use commercially reasonable measures to protect the information collected through our website. Our site is served over HTTPS. Form submissions are transmitted securely to HubSpot via an API endpoint on our own domain (no cross-origin requests). However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
10. Children's Privacy
Our website is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at dr@refract.ing and we will delete it.
11. Links to Other Websites
Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to read the privacy policy of every website you visit.
12. Changes to This Policy
We may update this privacy policy from time to time. When we do, we will revise the "Effective" date at the top of this page. We encourage you to review this policy periodically. Your continued use of the website after any changes constitutes acceptance of the updated policy.
13. Contact Us
If you have questions about this privacy policy, want to exercise your California privacy rights, or need to reach us for any reason related to your data:
Dr. Alexander Bonakdar
refract.ing
Irvine, CA
dr@refract.ing