Privacy policy

PRIVACY POLICY

AM Alder Miller  •  aldermiller.com

Effective: January 1, 2027  •  Last Updated: January 1, 2027

 

Washington State residents: your prescription data has additional protections under the Washington My Health My Data Act. See our Consumer Health Data Privacy Notice at aldermiller.com/pages/consumer-health-data-privacy-notice.

 

This Privacy Policy describes how AM AlderMiller, LLC, doing business as AM Alder Miller ("AM Alder Miller," "we," "us," or "our"), collects, uses, and shares personal information when you visit aldermiller.com, place an order, or contact us. Our principal office is at 4620 Pacific Avenue, Tacoma, Washington 98408.

This Policy covers personal information collected through our Shopify-powered website (aldermiller.com), our customer service communications (hello@aldermiller.com), and our social media presence. It does not cover your Protected Health Information (PHI) or consumer health data collected through our prescription intake portal — that data is governed by our Consumer Health Data Privacy Notice and HIPAA-equivalent practices described separately at aldermiller.com/pages/consumer-health-data-privacy.

2A.  Information You Provide to Us

•    Contact and account information: name, email address, phone number, mailing address.

•    Order information: items purchased, frame selection, lens type, order history, payment information (processed by Shopify Payments / Stripe — AM Alder Miller does not store payment card numbers).

•    Communications: messages you send us via email, chat, or social media.

•    Optional: prescription retention consent, if you opt in through our prescription intake form.

2B.  Information Collected Automatically When You Visit aldermiller.com

•    Device information: browser type, operating system, device type (desktop, mobile, tablet).

•    Usage information: pages visited, products viewed, time on page, referring website.

•    IP address and approximate location (city/region level, not precise).

•    Cookies and similar tracking technologies: see Section 6 (Cookies) for full details.

2C.  Information We Do Not Collect Through This Policy

Your eyeglass prescription values, uploaded prescription documents, pupillary distance, and all other prescription-related health data are collected through our separate HIPAA-eligible prescription intake portal (IntakeQ), not through aldermiller.com or Shopify. Those data flows are governed by our Consumer Health Data Privacy Notice, not this Privacy Policy.

Purpose	Legal Basis (where applicable)	Examples
Fulfilling your order	Contractual necessity	Processing payment, fabricating lenses, shipping eyewear, sending order confirmation and tracking emails
Customer service	Contractual necessity / legitimate interest	Responding to questions, processing returns and exchanges, resolving complaints
Fraud prevention and security	Legitimate interest	Detecting unusual order patterns, verifying payment information, protecting against account abuse
Website improvement	Legitimate interest	Analyzing which pages customers visit, identifying navigation problems, improving product descriptions
Marketing (with consent)	Consent or legitimate interest depending on state	Sending promotional emails about new frames, sales, or optical health tips — only if you have opted in or we have a legitimate interest under applicable law
Legal compliance	Legal obligation	Complying with tax laws, responding to lawful government requests, maintaining required business records
Analytics	Legitimate interest	Using aggregated, non-identifying website analytics to understand shopping trends

4A.  Service Providers (Processors Under Contract)

AM Alder Miller shares personal information only with service providers that process data on our behalf under binding contracts restricting their use of your data to providing services to us. These include:

•    Shopify Inc. — e-commerce platform powering aldermiller.com. Shopify processes your order, payment, and account information. Shopify’s privacy policy is at shopify.com/legal/privacy.

•    Shopify Payments / Stripe — payment processing. Card numbers are processed and stored by Stripe, not by AM Alder Miller.

•    Shipping carriers (USPS, UPS, FedEx, or similar) — receive your name and shipping address to deliver your order.

•    Email service provider — delivers order confirmation, shipping notification, and customer service emails.

•    Prescription intake platform (IntakeQ Inc.) — handles prescription submission data under a separate HIPAA Business Associate Agreement. Prescription data is governed by our Consumer Health Data Privacy Notice, not this Privacy Policy.

•    Cloud storage provider (Google LLC / Google Workspace) — used for internal business operations, email, and document storage under a signed HIPAA Business Associate Agreement for prescription-related files.

4B.  No Sale of Personal Information

AM Alder Miller does not sell your personal information to any third party for monetary consideration. AM Alder Miller does not share your personal information with advertising networks for targeted advertising based on your browsing behavior across other websites.

4C.  Corporate Affiliates

AM AlderMiller, LLC has no parent company, no subsidiaries, and no corporate affiliates. Your personal information is not shared with any entity in a corporate relationship with AM AlderMiller, LLC.

4D.  Legal Requirements

AM Alder Miller may disclose personal information when required by law, court order, or government authority, or when we believe in good faith that disclosure is necessary to protect the rights, property, or safety of AM Alder Miller, our customers, or the public.

Your eyeglass prescription is Protected Health Information (PHI) and consumer health data. It is subject to more stringent protections than general personal information and is governed by a completely separate set of rules:

•    HIPAA-equivalent standards (administrative, physical, and technical safeguards)

•    Washington My Health My Data Act (RCW Chapter 19.373) for Washington State customers

•    A signed Business Associate Agreement with our prescription intake platform (IntakeQ Inc.)

•    A signed Business Associate Agreement with our cloud storage provider (Google LLC / Google Workspace)

•    A separate Business Associate Agreement with our optical laboratory covering prescription data used for lens fabrication

For full details on your prescription data rights, see our Consumer Health Data Privacy Notice at aldermiller.com/pages/consumer-health-data-privacy and our Prescription Policy at aldermiller.com/pages/prescription-policy.

6A.  What Cookies We Use

Cookie Type	Purpose	Can You Opt Out?
Strictly necessary	Required for the Shopify cart, checkout session, and basic website function. Without these, you cannot place an order.	No — required for the website to work
Preference / functional	Remember your language setting, currency preference, and recently viewed products.	Yes — see Section 6B
Analytics (if used)	Understand aggregate website traffic patterns using anonymized data (e.g., which pages are visited most). AM Alder Miller evaluates each analytics tool before use to ensure prescription data cannot be captured.	Yes — see Section 6B
Marketing / advertising	AM Alder Miller does not currently use third-party advertising or retargeting pixels on aldermiller.com. If this changes, we will update this Policy and obtain required consent before deploying any marketing cookies.	N/A currently

6B.  How to Control Cookies

You can control cookies through: (1) your browser settings (most browsers allow you to block or delete cookies — search "[your browser name] manage cookies" for instructions); (2) the cookie preference tool on aldermiller.com, if displayed; or (3) by emailing privacy@aldermiller.com to request that we minimize data collection for your visits.

Note: Blocking strictly necessary cookies will prevent the shopping cart and checkout from working correctly.

6C.  Global Privacy Control (GPC)

AM Alder Miller honors Global Privacy Control (GPC) opt-out signals from your browser where required by applicable law (currently required in California, Colorado, Connecticut, and several other states). If your browser sends a GPC signal, we will treat it as an opt-out of the sale or sharing of your personal information for cross-context behavioral advertising — though AM Alder Miller does not currently engage in such activities.

Data Category	Retention Period	Reason
Order information (non-prescription)	7 years from order date	Washington State and federal tax record retention requirements
Customer service communications	3 years from last contact	Dispute resolution and quality assurance
Website analytics (aggregated)	24 months rolling	Website improvement
Email marketing list	Until you unsubscribe, then 30 days	Opt-out compliance
Prescription data (PHI)	Minimum 6 years from order date	HIPAA-equivalent record retention; see Consumer Health Data Privacy Notice
Payment information	Not retained by AM Alder Miller	Card data is stored only by Stripe/Shopify Payments

AM Alder Miller implements reasonable administrative, physical, and technical safeguards to protect personal information from unauthorized access, disclosure, alteration, or destruction. These include:

•    HTTPS encryption for all pages on aldermiller.com (TLS 1.2 or higher).

•    Multi-factor authentication (MFA) required on all AM Alder Miller staff accounts with access to customer data.

•    Payment processing handled by PCI-DSS compliant Stripe / Shopify Payments — AM Alder Miller never sees or stores your full card number.

•    Prescription data isolated in HIPAA-eligible systems separate from Shopify.

No security system is impenetrable. If a breach occurs that is likely to harm you, we will notify you promptly and take corrective action as required by applicable law.

AM Alder Miller’s website and products are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us personal information, please email privacy@aldermiller.com and we will delete it promptly.

For customers between 13 and 17: if you are ordering prescription eyewear, a parent or legal guardian must review and authorize the prescription submission on your behalf. Your prescription data receives the same HIPAA-equivalent protections as adult prescription data.

Washington State — Consumer Health Data (MHMD Act)

Your prescription data has enhanced protections under the Washington My Health My Data Act (RCW Chapter 19.373). See our Consumer Health Data Privacy Notice at aldermiller.com/pages/consumer-health-data-privacy for your full rights including confirm, access, withdrawal of consent, deletion, non-discrimination, and appeal rights. Response within 45 days.

California (CCPA / CPRA)

California residents have the right to know what personal information we collect, the right to delete personal information, the right to correct inaccurate personal information, and the right to opt out of the sale or sharing of personal information (AM Alder Miller does not sell or share personal information for advertising). To exercise California rights: email privacy@aldermiller.com with subject "CA Privacy Rights Request." Response within 45 days at no charge.

Sensitive Personal Information: your prescription data is sensitive personal information under California law. We use it only to fulfill your eyewear order. You have the right to limit our use of sensitive personal information to this purpose by emailing privacy@aldermiller.com.

Nevada (SB 370 / Chapter 603A)

Nevada residents have the right to opt out of the sale of personal information. AM Alder Miller does not sell Nevada residents’ personal information. Nevada residents also have enhanced rights regarding consumer health data under Nevada SB 370 (modeled on the WA MHMD Act). To exercise any Nevada right: email privacy@aldermiller.com with subject "NV Privacy Rights Request."

Colorado (Colorado Privacy Act)

Colorado residents have the right to access, correct, delete, and port their personal information, and the right to opt out of targeted advertising, sale of personal information, and profiling for significant decisions. AM Alder Miller does not engage in targeted advertising, sale of personal information, or automated profiling. AM Alder Miller honors Global Privacy Control signals from Colorado residents. To exercise Colorado rights: email privacy@aldermiller.com with subject "CO Privacy Rights Request."

Connecticut (CTDPA)

Connecticut residents have the right to access, correct, delete, and port their personal information, and the right to opt out of targeted advertising and sale of personal information. AM Alder Miller honors Global Privacy Control signals from Connecticut residents. Beginning August 1, 2026, Connecticut law also requires controllers to honor GPC signals — AM Alder Miller complies. To exercise Connecticut rights: email privacy@aldermiller.com with subject "CT Privacy Rights Request."

Texas, Virginia, Oregon, Indiana, and Other States With Active Privacy Laws

AM Alder Miller applies the following rights to all customers regardless of state: access your data, correct inaccuracies, delete your data (where technically feasible), and opt out of any sale of personal information (AM Alder Miller does not sell personal information). To exercise any privacy right: email privacy@aldermiller.com with your state and the type of request. We respond within 45 days at no charge.

Louisiana (Louisiana Data Privacy Act — Effective January 1, 2027)

Louisiana residents have privacy rights under the Louisiana Data Privacy Act (LDPA), effective January 1, 2027 — the same date as AM Alder Miller’s launch. Louisiana residents have the right to access, correct, delete, and port personal information, and to opt out of targeted advertising and sale. To exercise Louisiana rights: email privacy@aldermiller.com with subject "LA Privacy Rights Request."

All Other States — Uniform Standard

Regardless of which state you live in, AM Alder Miller applies a uniform privacy standard: we do not sell your personal information, we do not share it for cross-context behavioral advertising, we honor GPC opt-out signals where required by law, and we respond to all privacy rights requests within 45 days at no charge.

AM Alder Miller may update this Privacy Policy periodically. When we do, we will update the "Last Updated" date at the top. If we make material changes that affect your rights or how we use your personal information, we will notify you by email (if you have an account) or by posting a prominent notice on aldermiller.com for at least 30 days before the changes take effect.

We encourage you to review this Policy annually. If you continue to use aldermiller.com after changes take effect, you agree to the updated Policy.

For all general privacy questions, rights requests, or complaints about our privacy practices:

•    Email: privacy@aldermiller.com — subject line: "[State] Privacy Rights Request — [type of request]"

•    Online request form: aldermiller.com/pages/privacy-request

•    Mail: AM AlderMiller, LLC — Attn: Privacy Officer, 4620 Pacific Avenue, Tacoma, Washington 98408

•    General inquiries: hello@aldermiller.com

Privacy Officer: Kevin Dinh, Managing Member. We respond to all privacy requests within 45 days at no charge. We may ask you to verify your identity before processing your request.

If you are a Washington State resident and your request relates to your prescription (consumer health data), please use our Consumer Health Data Privacy Notice rights process at aldermiller.com/pages/consumer-health-data-privacy.

To file a complaint with your state Attorney General: Washington — atg.wa.gov. California — oag.ca.gov. Other states — contact your state’s consumer protection office.