Cookie Policy

Last updated: May 25, 2026

This Cookie Policy explains which cookies and similar technologies we use in the MyMedica Service, what they are for, and how you can manage them. It should be read together with our Privacy Policy and Terms of Use.

1. Introduction

Cookies are small text files your browser stores on your device when you visit a website. Similar technologies (localStorage, sessionStorage, HTTP-header tags) play a similar role: remembering that you are already signed in, which language you have chosen, which subscription plan you viewed.

MyMedica uses a minimal set of cookies. The goal is to let you sign in, view the Service in your language, and pay for a Subscription. We do not use cookies for advertising, data resale, or cross-site tracking.

2. Cookies and Similar Technologies We Use

Below is the full list of what we set in your browser, grouped by purpose.

2.1. Strictly Necessary

Without these cookies the Service does not work. They cannot be disabled in the interface without losing sign-in functionality.

Application authentication session tokens (sb-access-token, sb-refresh-token). Flags: HttpOnly, Secure, SameSite=Lax. Purpose — keep you signed in while the session is active and refresh the token without re-entering the password. Stored until you sign out or the session expires.
CSRF token (where applicable). A technical token that protects against cross-site request forgery on state-changing forms (payment, deletion, settings changes).

2.2. Preference

Stores your interface choices.

i18n_redirected — remembers your chosen language (Ukrainian or English) so we do not redirect you to a language version on every visit. If you clear this cookie, the next visit will apply a language redirect based on your browser headers.
mm_cookie_consent — stores your analytics consent choice (accepted or rejected) in localStorage so the banner does not reappear on every visit and analytics loads only after consent. If you clear site data, the banner will appear again.

2.3. Conversion Attribution

mm_utm — stores first-touch campaign parameters (source, campaign, medium) in localStorage for up to 30 days when you arrive with UTM parameters. We use it to attribute signups and purchases and to decorate links to the app. It does not store medical data.

2.4. Analytics (self-hosted, privacy-friendly)

We use Umami self-hosted for aggregated traffic analytics on non-medical pages only:

Pages where Umami is enabled: the landing page (/), /terms, /privacy, /refund, /cookies, /acceptable-use, /imprint.
Pages where Umami is disabled: all pages that contain medical data, namely /account/** (documents, facts, one-pagers) and /share/** (doctor share links).

Umami self-hosted does not store personal data, does not use fingerprinting, and does not send data to third-party providers. We receive only aggregated page-view and event counts (for example, clicks on “Sign up”). Your IP address is hashed and discarded by Umami; we do not retain the raw IP.

We do not load Umami until you accept analytics in the consent banner shown on your first visit. If you reject, no analytics request is made. You can change your decision at any time via “Cookie preferences” in the footer; this surfaces the banner again so you can accept or revoke. If analytics was already loaded on the current page, revoking consent reloads the page so the script is removed.

2.5. Third-Party Trackers — None

We do not use Google Analytics, Meta Pixel, Hotjar, Mixpanel, Amplitude, Segment, or any other third-party tracking system. We do not embed third-party advertising scripts. This is a deliberate design choice from VISION-v2: medical context must not leak to ad networks.

2.6. Freemius Checkout Page

When you initiate a Subscription payment, we use the checkout form provided by Freemius Inc. (Delaware, USA), which acts as the Merchant of Record. On that page Freemius sets its own cookies needed for order fulfillment, session security, fraud detection and prevention, and tax/regulatory compliance. Those cookies are governed by the Freemius Cookie Policy and Freemius Privacy Policy and are outside our control; we have no access to those cookies and cannot read them. Consent and opt-out options for those cookies are surfaced on the Freemius checkout page itself in line with its policy.

3. How to Control Cookies

You can manage cookies through your browser settings. The exact path differs by browser; the general hints below should be enough to find them:

Chrome: Settings → Privacy and security → Cookies and other site data.
Firefox: Settings → Privacy & Security → Cookies and Site Data.
Safari: Settings → Privacy → Manage Website Data.

You can block all cookies, block third-party cookies only, delete cookies selectively, or set the browser to prompt every time.

Consequences of blocking:

Blocking strictly necessary cookies (sb-access-token, sb-refresh-token) means you will not be able to sign in or you will be signed out automatically after every request. The Service is not usable in that mode.
Blocking preference cookies (i18n_redirected) means that on every visit the interface will default to Ukrainian until you manually pick another language again.
Blocking analytics has no effect on Service functionality. We operate fine without it.

You can also use your browser’s private browsing mode — it does not retain cookies between sessions, so you will have to sign in each time.

4. Updates to This Policy

If we change the set of cookies or add new tools that affect your data, we update this Policy and notify registered users by email at least 30 days before material changes take effect. Editorial changes (typos, rewording) take effect immediately upon publication.

The date at the top of the page reflects the last update.

5. Contact

If you have questions about this Policy, the cookie list, or the exercise of your data-subject rights:

Email: support@mymedica.me

Privacy Policy — how we process personal data.
Terms of Use — general rules for using the Service.
Imprint — operator information.