How We Protect Your Child's Data
Plain-language answers to what every parent should ask before starting a virtual therapy program.
The Six Things That Actually Matter
What keeps your family's data safe, in plain English.
Encryption, Everywhere
Your child's therapy data is encrypted in transit (TLS 1.2+) and at rest (AES-256). That includes progress data, messages with the therapy team, and account information.
Access Scoped to Your Care Team
Only your prescribing optometrist, the SuccessfulSight™ therapy team supporting your program, and household members you authorize can see your progress data.
Strong Account Protection
Multi-factor authentication for provider-side accounts. Face ID / Touch ID recommended for patient-side iPad access. Audit logs on every data access.
HIPAA-Compliant Infrastructure
The platform runs on Firebase and Google Cloud HIPAA-eligible services under a Business Associate Agreement with CNCF Consulting. Patient data stays in the US.
Data Kept to What Care Needs
We collect what's required to deliver your program and support your care — nothing else. No ad tracking, no data sales, no unauthorized sharing.
Your Data Moves With You
You can request an export or deletion at any time. If you stop the program, your data is yours to take.
What This Means in Practice
SuccessfulSight™ is operated by CNCF Consulting. When your optometrist becomes a participating provider, they sign a HIPAA Business Associate Agreement with us — this is non-negotiable.
Our infrastructure providers (Firebase, Google Cloud) are HIPAA-eligible services and sign BAAs with CNCF Consulting. That covers the full chain of custody for patient data.
What this means for your family: we treat every piece of protected health information as real patient information, not aggregate analytics. We don't sell data. We don't use it for advertising. We access it only to deliver your program and support your care.
Read our full Privacy Policy for exact detail on what's collected, how it's used, and your rights.
Common Questions
Where is my data stored?
In the United States, on Google Cloud HIPAA-eligible services, covered by a Business Associate Agreement. Data is not transferred internationally.
How long is data kept?
Health records are retained per standard medical records practice (typically 7 years, or longer if required by state law). System logs are retained for 90 days. You can request export or deletion at any time.
Who can see my child's progress data?
Your prescribing optometrist, the SuccessfulSight™ therapy team supporting your program, and household members you authorize.
Does SuccessfulSight™ share or sell data?
No. We do not sell data, use it for advertising, or share it outside your care relationship without your permission.
What happens in a security incident?
We follow a documented incident response process: containment, investigation, customer notification within 72 hours, and post-incident review. Serious breaches are reported per HIPAA Breach Notification Rule.
Does my optometrist sign a HIPAA agreement with SuccessfulSight™?
Yes. Participating providers sign a HIPAA Business Associate Agreement as part of becoming a participating provider.
Is SuccessfulSight™ FDA approved?
No. SuccessfulSight™ is a vision therapy program intended for use under the supervision of qualified eye care professionals. It is not an FDA-cleared medical device. This is called out explicitly in the Terms of Service.
Still Have a Privacy or Compliance Question?
Contact our privacy team directly.