Logo

Privacy Policy

Last updated: November 25, 2025

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.

We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation The words whose initial letters are capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions For the purposes of this Privacy Policy:

  • Account means a unique account created for You to access our Service or parts of our Service.
  • Affiliate means an entity that controls, is controlled by, or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
  • Application refers to BlinkFrames, the software program provided by the Company, and the associated Blink Frames wearable medical device hardware.
  • Business, for the purpose of CCPA/CPRA, refers to the Company as the legal entity that collects Consumers' personal information and determines the purposes and means of the processing of Consumers' personal information.
  • CCPA and/or CPRA refers to the California Consumer Privacy Act (the "CCPA") as amended by the California Privacy Rights Act of 2020 (the "CPRA").
  • Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to Globe Biomedical, Inc., 5225 Canyon Crest Dr., Suite 360, Riverside, CA 92507 USA.
  • Consumer, for the purpose of the CCPA/CPRA, means a natural person who is a California resident.
  • Country refers to: California, United States.
  • Data Controller, for the purposes of the GDPR (General Data Protection Regulation), refers to the Company as the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data. In the context of prescription use, your prescribing Healthcare Provider may also act as a Data Controller regarding your treatment data.
  • Device means any device that can access the Service such as a computer, a cell phone or a digital tablet, and explicitly includes the Blink Frames smart eyewear.
  • GDPR refers to EU General Data Protection Regulation.
  • Healthcare Provider means the doctor, clinician, researcher, or medical institution that prescribed the Blink Frames device to the User.
  • Personal Data is any information that relates to an identified or identifiable individual.
  • Service refers to the Application and the connected Blink Frames device.
  • Service Provider means any natural or legal person who processes the data on behalf of the Company.
  • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
  • You means the individual accessing or using the Service, typically the Parent, Legal Guardian, individual over the age of 18 (or the equivalent minimum age in your jurisdiction), the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
  • Wearer/User refers to the patient (whether a Child or an Adult) using the Blink Frames device, whose data is managed by the Account holder.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Information (You) While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

  • Email address
  • First name and last name
  • Date of Birth
  • Phone number
  • Relationship to the Patient (Child) if applicable

Patient Information (Wearer/User) To configure the device for use, we collect:

  • First Name or Nickname (if Wearer/User is different than You)
  • Date of Birth (if Wearer/User is different than You)
  • Prescription details (as provided by the Healthcare Provider)

Device Sensory and Health Data (Blink Frames) As a prescribed medical device, the Blink Frames collect specific sensory data to monitor treatment compliance, ocular health, and environmental factors. This data is uploaded to our servers and shared with your prescribing Healthcare Provider. We collect:

  • Ocular Compliance & Health Metrics:
  • Compliance: Data regarding the duration of spectacle wear ("Frame Time") and occlusion patch compliance ("Patch Time") for Amblyopia treatment.
  • Physiological Measurements: The device captures specific ocular metrics including Blink Rate, Tear Meniscus Height, and Ocular Redness. Note: Some of these metrics are used for internal algorithmic calibration and diagnostic accuracy and may not be immediately visible in the user application.
  • Environmental and Behavioral Metrics:
  • Activity & Posture: Physical activity levels and head posture (angle) measured via accelerometer.
  • Environment: Data regarding the user's immediate surroundings to assess eye strain risks, including Ambient Light Levels (used to calculate Screen Time vs. Outdoor Time), Temperature, Humidity, and Atmospheric Pressure.
  • Eye Surface Imaging:
  • The frames utilize inward-facing cameras to capture images of the eye and surrounding area.
  • Note on Biometrics: While the device captures images of the eye, we do not use these images for the purpose of uniquely identifying you (e.g., iris scanning for authentication). Therefore, under GDPR Article 4(14), this data is classified as Health Data, not Biometric Data. We process this strictly to calculate health compliance metrics (e.g., detecting if the frames are worn or if a patch is present).
  • Internal Device Performance Data:
  • We collect technical logs, including battery health and connectivity status, to ensure the device is functioning correctly.

Generalized Location Information: To determine sunrise and sunset times for outdoor light analysis, we collect:

  • Generalized location information from the connection IP address. This information is only accurate enough to obtain local weather data, and approximately corresponds to the city or county in which the frames are located.

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

  • To provide and maintain our Service: including monitoring the usage of our Service and ensuring the medical device functions according to its specifications.
  • To facilitate Treatment: To process and visualize health data for review by your prescribing Healthcare Provider via the Doctor's Portal.
  • To manage Your Account: to manage Your registration as the Parent/Guardian user of the Service.
  • For Product Improvement: We use aggregated and de-identified physiological data (such as blink rates and environmental metrics) to improve our sensing algorithms and treatment efficacy.
  • To contact You: To contact You by email, telephone calls, SMS, or push notifications regarding updates, battery alerts, or informative communications related to the treatment plan.
  • To manage Your requests: To attend and manage Your requests to Us.

Sharing of Personal Data

We may share Your personal information in the following situations:

  • With Healthcare Providers: We share the Patient's device data (Compliance, Outdoor Time, Screen Time, etc.) with the prescribing Doctor or Clinic via the Doctor's Portal to facilitate medical supervision and treatment.
  • With Service Providers: We may share Your personal information with Service Providers to monitor and analyze the use of our Service, for payment processing, and to host our cloud infrastructure.
  • With Business Partners: We may share Your information with Our business partners to offer You certain products, services or promotions.
  • For Business Transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
  • With Your consent: We may disclose Your personal information for any other purpose with Your consent.

Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable medical device regulations), resolve disputes, and enforce our legal agreements and policies.

Transfer of Your Personal Data

Your information, including Personal Data and Health Data, is processed at the Company's operating offices in the United States (Riverside, California) and in any other places where the parties involved in the processing are located.

If you are located in the European Economic Area (EEA) or United Kingdom, your data is transferred to the United States.

International Data Transfers & The EU-U.S. Data Privacy Framework

Globe Biomedical, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. Globe Biomedical, Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF.

If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit [https://www.dataprivacyframework.gov/](https://www.dataprivacyframework.gov/).

Liability for Onward Transfers: Globe Biomedical, Inc. remains liable under the DPF Principles if third-party agents that it engages to process such personal information on its behalf do so in a manner inconsistent with the DPF Principles, unless we prove that we are not responsible for the event giving rise to the damage.

Dispute Resolution In compliance with the EU-U.S. DPF Principles, Globe Biomedical, Inc. commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our DPF policy should first contact Globe Biomedical, Inc. at:

  • Email: privacy@globebiomedical.com
  • Mailing Address: 5225 Canyon Crest Dr. Suite 360, Riverside CA 92507, USA
  • Globe Biomedical, Inc. has further committed to refer unresolved DPF complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit [https://www.jamsadr.com/dpf-dispute-resolution](https://www.jamsadr.com/dpf-dispute-resolution) for more information or to file a complaint. The services of JAMS are provided at no cost to you.
  • Binding Arbitration Under certain conditions, more fully described on the DPF website [https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2](https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2), you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
  • Regulatory Oversight The Federal Trade Commission (FTC) has jurisdiction over Globe Biomedical, Inc.’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

Pediatric Use & Parental Gateway The Service is intended for use by children (pediatric patients) but must be administered by a Parent or Legal Guardian.

We do not permit children under the age of 13 (or the equivalent minimum age in your jurisdiction) to create their own Accounts. The Account must be created, paired, and managed by a Parent or Legal Guardian. The Parent/Guardian is responsible for providing consent for the collection of the child's data.

If We become aware that We have collected Personal Data from a child without verification of parental consent, We take steps to remove that information from Our servers. If You represent a child and believe we have collected data without your consent, please contact Us.

Disclosure of Your Personal Data

Business Transactions If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law Enforcement Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other Legal Requirements The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

  • Comply with a legal obligation
  • Protect and defend the rights or property of the Company
  • Prevent or investigate possible wrongdoing in connection with the Service
  • Protect the personal safety of Users of the Service or the public
  • Protect against legal liability

GDPR Privacy

Legal Basis for Processing Personal Data under GDPR We may process Personal Data under the following conditions:

  • Consent: You (the Wearer/User) have given Your consent for processing Personal Data for treatment and monitoring purposes. If the Wearer/User is a minor, this consent is provided by the Parent or Legal Guardian.
  • Performance of a Contract: Provision of Personal Data is necessary for the performance of the agreement to use the Blink Frames device.
  • Legitimate Interests: Processing is necessary for the purposes of the legitimate interests pursued by the Company or the Healthcare Provider. We rely on legitimate interests for the following specific purposes:
  • Device Security & Integrity: To detect connectivity errors, prevent fraud, and ensure the physical safety of the device, battery, and sensors.
  • Product Improvement (Anonymization): To process personal data for the sole purpose of permanently anonymizing it. Once anonymized, we use this non-personal data to train and improve the accuracy of our algorithms and for scientific research.
  • Business Analytics: To analyze aggregated usage trends to understand how our device is used and improve our hardware design.
  • Treatment Monitoring: To allow the Healthcare Provider to monitor compliance and treatment progress.
  • Vital Interests: Processing Personal Data is necessary in order to protect Your vital interests or of another natural person.

Your Rights under the GDPR

The Company undertakes to respect the confidentiality of Your Personal Data and to guarantee You can exercise Your rights. You have the right under this Privacy Policy, and by law if You are within the EU, to:

  • Request access to Your Personal Data.
  • Request correction of the Personal Data that We hold about You.
  • Object to processing of Your Personal Data.
  • Request erasure of Your Personal Data.
  • Request the transfer of Your Personal Data.
  • Withdraw Your consent. Note that withdrawing consent for data processing may render the Blink Frames device incapable of performing its intended medical monitoring functions.

CCPA/CPRA Privacy Notice (California Privacy Rights)

Categories of Personal Information Collected We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Consumer or Device.

  • Category A: Identifiers.
  • Examples: Real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name.
  • Collected: Yes.
  • Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
  • Examples: Medical information, health insurance information.
  • Collected: Yes (Device sensory data, Frame Time, compliance metrics).
  • Category C: Protected classification characteristics under California or federal law.
  • Examples: Age, sex, medical condition.
  • Collected: Yes (Date of Birth, Pediatric medical status).
  • Category D: Commercial information.
  • Examples: Records and history of products or services purchased or considered.
  • Collected: Yes.
  • Category E: Biometric information.
  • Examples: Physiological characteristics used to extract a template for identification (iris scans, faceprints).
  • Collected: No. (Images collected are for health compliance monitoring only and are not used for unique biometric identification).
  • Category F: Internet or other similar network activity.
  • Examples: Interaction with our Service or advertisement.
  • Collected: Yes.
  • Category G: Geolocation data.
  • Examples: Approximate physical location.
  • Collected: Yes.
  • Category H: Sensory data.
  • Examples: Environmental data (Light levels, Temperature, Pressure) and visual information (Eye images).
  • Collected: Yes.
  • Category L: Sensitive personal information.
  • Examples: Account login, geolocation, health data.
  • Collected: Yes.

Contact Us: If you have any questions about this Privacy Policy, You can contact us:

European Representative & Data Protection Officer

Internal Privacy Officer: You may contact our Privacy Officer regarding your data rights at: privacy@globebiomedical.com

EU Representative (Article 27): Since Globe Biomedical, Inc. does not have a physical establishment in the European Union or the United Kingdom, we have appointed a representative to whom you may address issues regarding your personal data.

DataRep is our authorized Data Protection Representative in the EU/EEA and UK.

How to Contact DataRep: If you are located in the EU or UK and have a privacy-related inquiry, you may contact DataRep using any of the following methods:

  • Email: [datarequest@datarep.com](mailto:datarequest@datarep.com)
  • *IMPORTANT: You MUST quote "Blink Frames"* in the subject line of your email. If you do not, your inquiry may not reach us.
  • Webform: [www.datarep.com/data-request](http://www.datarep.com/data-request)
  • Postal Mail: You may mail your inquiry to DataRep at the most convenient address for your country.
  • [View the full list of DataRep postal addresses here](https://blinkframes.com/wp-content/uploads/2025/11/gdpr-rep-addresses.pdf)
  • *IMPORTANT: When mailing inquiries, you MUST mark your letter for the attention of "DataRep"* (not "Blink Frames"). If you do not, it may not be delivered.