Page being finalized. Fields marked [[TBD]] will be completed before the official public launch. For any legal question, contact contact@mydatamycare.com.

Legal

Cookie Policy

Last updated: April 12, 2026

Our cookie policy is deliberately minimalist. We use no advertising cookies, no Meta pixels, no retargeting, no Google Ads. Our audience measurement is limited to Matomo (self-hosted in France) and Google Analytics 4 (anonymized IP, strict opt-in), and can be disabled at any time.

1. What is a cookie?

A cookie is a small file stored by your browser that allows the site to remember information as you browse.

2. Cookies used by My Data My Care

2.1 Strictly necessary cookies (no consent required)

  • Session: keeps your connection active (duration: session)
  • CSRF token: protects against cross-site attacks (duration: session)
  • Accessibility preference: remembers your choices (theme, text size) (duration: 1 year)
  • mdmc_anon_id: anonymous identifier shared across all our sub-domains (mydatamycare.com, patient.mydatamycare.com, doctor.mydatamycare.com) to preserve cookie consent consistency when navigating across sub-domains. This cookie contains no personally identifiable data — only a random UUID generated locally. Attributes: Domain=.mydatamycare.com, SameSite=Lax, Secure (HTTPS only in production). Duration: 180 days.
  • access_token: short-lived authentication token (15 minutes) issued after login. Attributes: HttpOnly, Secure, SameSite=Strict, Domain=.mydatamycare.com. Not accessible from JavaScript (XSS protection). Duration: 15 minutes.
  • refresh_token: automatic session renewal token. Attributes: HttpOnly, Secure, SameSite=Strict, Domain=.mydatamycare.com. Not accessible from JavaScript. Duration: 30 days.

2.2 Audience measurement cookies (with consent)

  • Self-hosted Matomo: anonymized traffic measurement, hosted on our servers in France (duration: 13 months)
  • Google Analytics 4 (gtag.js): complementary web audience measurement, anonymized IP (anonymize_ip), no advertising profile, no remarketing. Cookies _ga, _ga_* (duration: 14 months max). Hosted by Google LLC (US) — transfer governed by the European Commission Standard Contractual Clauses (SCC) 2021/914 and the EU-US Data Privacy Framework adequacy decision of 2023-07-10.
  • Anonymized IP for both Matomo and Google Analytics, no cross-session profiling, no advertising use
  • These cookies are disabled by default. You can accept or refuse them from the banner or your preferences.

2.3 What we do not use

  • Meta, LinkedIn, TikTok or other social-network pixels
  • Advertising cookies, retargeting, ad-tech
  • Google Ads, Google Tag Manager for advertising
  • Fingerprinting or persistent non-cookie identifiers

3. Managing your consent

Your choice is honored across all our sites. You can change it at any time via the "Cookie preferences" link at the bottom of the page.

4. Retention period

Your consent is valid for 6 months maximum. At the end, a new request will be presented to you.

5. Contact

Questions about this policy: dpo@mydatamycare.com.