Our cookie policy is deliberately minimalist. We use no advertising cookies, no third-party trackers, no Meta/Google Ads pixels.
1. What is a cookie?
A cookie is a small file stored by your browser that allows the site to remember information as you browse.
2. Cookies used by My Data My Care
2.1 Strictly necessary cookies (no consent required)
- Session: keeps your connection active (duration: session)
- CSRF token: protects against cross-site attacks (duration: session)
- Accessibility preference: remembers your choices (theme, text size) (duration: 1 year)
- mdmc_anon_id: anonymous identifier shared across all our sub-domains (diosal.com, patient.diosal.com, doctor.diosal.com) to preserve cookie consent consistency when navigating across sub-domains. This cookie contains no personally identifiable data — only a random UUID generated locally. Attributes:
Domain=.diosal.com,SameSite=Lax,Secure(HTTPS only in production). Duration: 180 days. - access_token: short-lived authentication token (15 minutes) issued after login. Attributes:
HttpOnly,Secure,SameSite=Strict,Domain=.diosal.com. Not accessible from JavaScript (XSS protection). Duration: 15 minutes. - refresh_token: automatic session renewal token. Attributes:
HttpOnly,Secure,SameSite=Strict,Domain=.diosal.com. Not accessible from JavaScript. Duration: 30 days.
2.2 Audience measurement cookies (with consent)
- Self-hosted Matomo: anonymized traffic measurement, hosted on our servers in France (duration: 13 months)
- Anonymized IP, no cross-session profiling, no third-party transfer
- This cookie is disabled by default. You can accept it from the banner or your preferences.
2.3 What we do not use
- Google Analytics nor any analytics hosted outside the EU
- Meta, LinkedIn, TikTok pixels
- Advertising cookies, retargeting, ad-tech
- Fingerprinting or persistent non-cookie identifiers
3. Managing your consent
Your choice is honored across all our sites. You can change it at any time via the "Cookie preferences" link at the bottom of the page.
4. Retention period
Your consent is valid for 6 months maximum. At the end, a new request will be presented to you.
5. Contact
Questions about this policy: dpo@mydatamycare.com.