Cookie Policy
Effective Date: 2026-05-18 Version: 1.0
This Cookie Policy explains what cookies and similar technologies AIClinica uses, why we use them, and how you can control them. It supplements our Privacy Policy.
By using the Service, you consent to the use of cookies as described below, except where you have set granular preferences through our cookie banner.
1. What is a cookie?
A cookie is a small text file that a website stores on your device. Cookies are widely used to make websites work, remember preferences, and report on usage. Similar technologies include local storage, session storage, IndexedDB, web beacons, and pixel tags ("similar technologies" — collectively, "cookies" in this Policy).
2. The categories of cookies we use
We classify cookies into three categories. You can accept all, reject non-essential, or set granular preferences in the cookie banner that appears on your first visit (and any time you click "Manage cookies" in the footer).
2.1 Essential cookies (always on — cannot be disabled)
These are necessary for the Service to function. Disabling them would break login, security, and basic features.
| Cookie / storage | Purpose | Lifetime |
|---|---|---|
sb-access-token, sb-refresh-token (Supabase Auth) |
Authentication and session | Session + 30 days refresh |
one_mfa |
Admin MFA session for /one/* admin console |
4 hours |
_cf_bm (Cloudflare) |
Bot management, DDoS protection | 30 minutes |
Local-storage: aic_consent |
Stores your cookie preferences | Persistent until you clear |
| Service-worker cache | Offline support for installed PWA | Until cleared |
Legal basis: Strictly necessary — no consent required under GDPR.
2.2 Analytics cookies (off by default — opt-in)
Help us understand how the Service is used so we can improve it.
| Cookie | Purpose | Lifetime | Provider |
|---|---|---|---|
_ga, _ga_* (_ga_ML5TBDSSLE) |
Anonymous usage analytics; aggregate dashboards | Up to 24 months | Google Analytics 4 (property 386344175, measurement ID G-ML5TBDSSLE) |
_gid |
Per-session aggregation | 24 hours | Google Analytics 4 |
We use Google's Consent Mode v2. When you opt out, GA4 sees only de-identified, modeled signals.
Legal basis: Consent (Article 6(1)(a) GDPR).
2.3 Marketing cookies (off by default — opt-in)
We currently do not use marketing or advertising cookies. If we add them in the future, you will be re-prompted to consent.
3. Do Not Track
If your browser sends a DNT: 1 header, we default all non-essential categories to "denied" and do not show the consent banner until you affirmatively click "Manage cookies".
4. How to manage your cookies
4.1 In AIClinica
- First-visit banner: choose "Accept all" or "Essential only" or "Manage preferences"
- Footer link: every page has a "Manage cookies" link that reopens the banner
- Account settings: signed-in users can update consent in profile settings; updates sync to the database
4.2 In your browser
Most browsers let you block cookies entirely or per site. Blocking strictly-necessary cookies will break the Service. Instructions:
- Chrome: chrome://settings/cookies
- Firefox: about:preferences#privacy
- Safari: Preferences → Privacy
- Edge: edge://settings/content/cookies
4.3 In Google Analytics
You can install Google's GA Opt-out browser add-on to disable GA4 across all sites.
5. Cookies set by third parties on our domain
Some sub-processors set cookies on our domain when their resources load:
- Cloudflare — bot management (essential)
- Google Analytics — analytics (opt-in)
- Stripe — fraud prevention when you reach our payment forms (essential while on payment page)
These third parties' use of cookies is governed by their own privacy / cookie policies, listed in section 4 of our Privacy Policy.
6. Changes to this policy
We may update this Cookie Policy from time to time. The effective date at the top reflects the current version. Material changes will be announced in-app and via email at least 14 days before they take effect.
7. Contact
Questions about cookies: privacy@aiclinica.com