Cookie Policy
Last updated: 1 April 2025 ยท Applies to all FertilityConnect websites and apps
1. What Are Cookies?
Cookies are small text files placed on your device when you visit a website. They are widely used to make websites function correctly, remember your preferences, and provide information to site owners about how visitors use their platform.
FertilityConnect uses cookies and similar technologies (local storage, session storage) carefully and with your privacy as a priority. Because you share sensitive health information with us, we apply stricter standards to cookie use than most websites.
๐ Our Core Cookie Commitment
- โ We never pass health data to advertising networks via cookies
- โ We never use cookies to build advertising profiles about fertility patients
- โ We never sell cookie-derived data to third parties
- โ Strictly necessary cookies only until you give consent for others
- โ You can withdraw consent and clear all optional cookies at any time
2. Categories of Cookies We Use
Essential for the website to function. Cannot be disabled. Examples: session authentication, CSRF protection, consent record storage.
No consent required under GDPR, PECR, DPDP Act โ these fall under "legitimate interest" / "service delivery" basis.
Enhance your experience by remembering preferences (language, UI settings). Site works without them but less conveniently.
Consent required under GDPR/PECR. Deemed consent may apply in some jurisdictions for purely preference cookies.
Help us understand how visitors use the site so we can improve it. Anonymised/aggregated. No health data included in analytics payloads.
Consent required under GDPR/PECR, DPDP Act 2023, Thailand PDPA. We use privacy-respecting analytics where possible.
We do NOT use advertising or targeting cookies. We will never place cookies that track your health browsing for advertising purposes.
Not applicable โ we do not use these cookies. Advertising networks are blocked from this platform.
3. Full Cookie List
| Cookie Name | Type | Purpose | Duration | Provider | Opt-Out? |
|---|---|---|---|---|---|
| fc_session | Strictly Necessary | Maintains your login session and assessment state across pages | Session (deleted on browser close) | FertilityConnect | Required |
| fc_csrf | Strictly Necessary | Cross-Site Request Forgery protection token โ prevents malicious form submissions | Session | FertilityConnect | Required |
| fc_consent | Strictly Necessary | Stores your cookie consent preferences so we do not ask again unnecessarily | 12 months | FertilityConnect | Required |
| sb-auth-token | Strictly Necessary | Supabase authentication token for secure API access | 1 hour (auto-refreshed) | Supabase | Required |
| _fc_analytics | Analytics (Optional) | Privacy-respecting usage analytics โ counts page views, journey completion rates. No personal data. No cross-site tracking. | 13 months | FertilityConnect (self-hosted) | โ Yes |
| _ga / _ga_* | Analytics (Optional) | Google Analytics โ aggregated usage statistics. IP anonymisation enabled. No health data passed. | 13 months / 2 years | Google LLC (US) | โ Yes |
| fc_pref | Functional (Optional) | Remembers your language preference and UI display settings | 12 months | FertilityConnect | โ Yes |
This list is reviewed and updated quarterly. Last audited: 1 April 2025.
4. Cookies and Your Health Data
โ๏ธ Special Protection for Health-Related Session Data
Your fertility assessment responses are health data โ a special category under GDPR (Art. 9), sensitive personal data under DPDP Act 2023 S.9, and equivalent categories in other jurisdictions. Session cookies used to maintain your assessment state are strictly necessary and do not contain your actual health data โ they contain only a pseudonymous session identifier. Your health data sits encrypted in the database, linked only to that pseudonymous ID.
What session cookies contain: A randomised, cryptographically secure session token only. No health data, no diagnosis, no personal identifiers are ever stored in a cookie.
Analytics and health data: We deliberately exclude all health-related page paths from analytics tracking. Pages where you enter assessment data are excluded from analytics payloads. No fertility-related browsing data is shared with analytics providers.
Third-party pixels: We do not allow third-party advertising pixels, social media trackers, or retargeting technologies on pages where health data is collected or displayed.
5. Legal Framework by Jurisdiction
๐ฎ๐ณ India โ DPDP Act 2023 + IT Act 2000
Legal Requirement
Explicit consent required for non-essential cookies. Health-data-adjacent cookies require special category treatment. Cookies constituting "personal data" under S.2(t) require a consent notice.
Our Approach
Consent banner on first visit; no non-essential cookies set before opt-in; health session data treated as sensitive personal data.
๐ช๐บ๐ฌ๐ง EU GDPR + UK GDPR + PECR
Legal Requirement
Prior informed consent for all non-strictly-necessary cookies (PECR Reg. 6). Consent must be freely given, specific, informed, and unambiguous. Pre-ticked boxes not permitted. Withdrawal as easy as consent.
Our Approach
Granular consent by category. No pre-ticking. One-click withdrawal. Consent records retained 3 years.
๐บ๐ธ US โ State Privacy Laws (CCPA/CPRA, VCDPA, etc.)
Legal Requirement
California CCPA/CPRA: right to opt out of "sale or sharing" of personal information. Most US state laws require clear disclosure of tracking technologies.
Our Approach
"Do Not Sell or Share My Information" available in cookie settings. No cross-site tracking for advertising purposes.
๐ฆ๐ช UAE โ PDPL Federal Law No. 45/2021
Legal Requirement
Personal data processed via cookies requires a lawful basis. Sensitive data (health) requires explicit consent.
Our Approach
Consent-first approach; health-session cookies require explicit consent; no advertising cookies served to UAE users.
๐ธ๐ฌ Singapore โ PDPA 2012 (amended 2020)
Legal Requirement
Personal data collected via cookies requires notification and, for sensitive data, consent. Deemed consent acceptable for functional cookies tied to a transaction.
Our Approach
Cookie notice with full disclosure; analytics cookies require active consent for Singapore users.
๐น๐ญ Thailand โ PDPA 2019
Legal Requirement
Explicit consent required for cookies that collect personal data. Data subjects must be informed of purposes before collection.
Our Approach
Consent banner displayed before any optional cookie is set; purpose stated clearly for each category.
๐ด๐ฒ Oman โ PDPL 2022
Legal Requirement
Personal data collection via electronic means requires notice and consent. Special sensitivity for health-related identifiers.
Our Approach
Same consent-first framework; no advertising tracking for Oman users.
6. Managing and Withdrawing Cookie Consent
You can manage your cookie preferences at any time using these methods:
Cookie Preference Centre
Click the cookie settings icon in the bottom-left of any page to open our consent manager and toggle individual categories on or off.
Browser Settings
All modern browsers allow you to block or delete cookies. Note: blocking strictly necessary cookies will prevent the site from working correctly.
Do Not Track
We honour the DNT (Do Not Track) browser signal. If DNT is enabled, we disable all optional analytics and functional cookies automatically.
Email Request
Email privacy@fertilityconnect.in to request deletion of all cookies and associated analytics data. We respond within 7 days.
7. Third-Party Cookies and Services
Some functionality on FertilityConnect involves third-party services that may set their own cookies. We have reviewed each third party and only allow those that meet our privacy standards:
| Service | Purpose | Privacy Policy | GDPR Safeguard |
|---|---|---|---|
| Google Analytics | Anonymised usage stats | policies.google.com/privacy | SCC + IP anonymisation enabled |
| Supabase | Auth & database | supabase.com/privacy | DPA in place, EU/India data residency |
| Vercel | CDN & hosting | vercel.com/legal/privacy-policy | SCC, no personal data in CDN layer |
| Google Maps API | Clinic location display | policies.google.com/privacy | No health data passed to Maps API |
No advertising cookies from third parties: We do not allow Facebook Pixel, Google Ads remarketing tags, or any other advertising network cookies on pages where health data is present. Our ad campaigns (if any) use first-party conversion tracking only.
8. Changes to This Policy
We review this Cookie Policy at least annually and whenever we introduce new technologies or services. When we make material changes, we will update the "Last updated" date at the top of this page and display a new consent banner to collect fresh consent where required by law.
For EU/UK users, material changes to non-essential cookie use will require renewed consent. We will not rely on prior consent for materially different cookie uses.
9. Contact Us
Cookie / Privacy Queries
privacy@fertilityconnect.inIndia Grievance Officer (DPDP)
grievance@fertilityconnect.inResponse Time
7 days for cookie requests, 30 days for data requests