EnWella Health Platform Effective Date: [INSERT DATE] Last Updated: [INSERT DATE]
This Cookie Policy explains how [COMPANY LEGAL NAME] ("EnWella," "we," "us," "our") uses cookies and similar tracking technologies on the EnWella platform and its website. It should be read together with our Privacy Policy.
Cookies are small text files that are stored on your device (computer, tablet, or phone) when you visit a website or use a web application. They allow the service to remember information about your visit.
Similar technologies we may use include: - Local Storage / Session Storage: Browser storage mechanisms used to maintain session state in our web application - Pixel tags / Web beacons: Tiny images embedded in pages or emails that help us understand engagement (we use these sparingly and only for non-PHI analytics)
EnWella uses cookies in two contexts:
When you are logged into the EnWella platform (as a provider, staff member, or patient), we use:
| Cookie Name | Type | Purpose | Duration |
|---|---|---|---|
_enwella_session |
Strictly Necessary | Maintains your authenticated session after login | Session (expires when browser closes) |
_enwella_csrf |
Strictly Necessary | Cross-site request forgery (CSRF) protection — prevents malicious sites from making unauthorized requests on your behalf | Session |
theme_preference |
Functional | Remembers your selected theme (light or dark mode) | 1 year |
sidebar_state |
Functional | Remembers whether you have collapsed the navigation sidebar | 30 days |
locale_preference |
Functional | Remembers your language/locale preference | 1 year |
We do not use advertising, marketing, or cross-site tracking cookies in the authenticated platform.
On our marketing website at [WEBSITE_URL]:
| Category | Purpose | Examples | Opt-Out Available? |
|---|---|---|---|
| Strictly Necessary | Core website functionality (load balancing, security) | Session token | No — required for site to work |
| Functional | User preferences (language, region) | Preference cookies | No — required for personalization you've requested |
| Analytics | Aggregate usage analytics (pages visited, time on site, browser type) — no individual tracking | [ANALYTICS_TOOL] | Yes — via cookie banner |
| Performance | Monitor site speed and errors | [PERFORMANCE_TOOL] | Yes — via cookie banner |
We do not use third-party advertising cookies, social media tracking pixels, or retargeting technologies.
We use a limited number of third-party services that may set their own cookies:
Google (Authentication) When you use "Sign in with Google," Google may set cookies to maintain your Google session. These are governed by Google's Privacy Policy. We do not control these cookies.
Payment Processor Our payment processor may set cookies when you access billing pages. These are governed by the processor's privacy policy.
We do not permit third-party advertising networks to set cookies on our platform or website.
Cookies do not contain Protected Health Information (PHI). Our session cookies contain only an encrypted, opaque session identifier — not your name, medical information, or any identifiable health data. PHI is stored server-side in our secure, HIPAA-compliant database, accessible only through authenticated API calls.
When you first visit our marketing website, you will see a cookie consent banner allowing you to accept or decline non-essential cookies (analytics and performance). Your choice is remembered for 12 months.
You can control or delete cookies through your browser settings: - Chrome: Settings → Privacy and Security → Cookies - Firefox: Options → Privacy & Security → Cookies and Site Data - Safari: Preferences → Privacy → Manage Website Data - Edge: Settings → Cookies and site permissions
Important: Disabling all cookies will impair your ability to use the EnWella platform. The session cookie is required for authentication. If you block session cookies, you will not be able to log in.
Some browsers send a "Do Not Track" (DNT) signal. At this time, EnWella does not respond to DNT signals because there is no industry-standard interpretation. We describe our tracking practices fully in this policy and our Privacy Policy.
We respect the Global Privacy Control (GPC) signal for users in jurisdictions where it is required (including California under CPRA). Where GPC is detected, we will treat it as an opt-out of analytics cookies.
| Cookie Type | Retention |
|---|---|
| Session cookies | Deleted when you close your browser |
| Authentication session | Maximum 8 hours of inactivity (security requirement) |
| Preference cookies | Up to 12 months |
| Analytics cookies | As configured per tool (typically 13 months) |
We may update this Cookie Policy as we add or remove cookies or as applicable law changes. Material changes will be communicated through a notice on the Service or by email. The "Last Updated" date at the top of this policy reflects when it was last revised.
For questions about our use of cookies:
Email: [PRIVACY_EMAIL] Address: [COMPANY ADDRESS]
EnWella — Your health, elevated. © [YEAR] [COMPANY LEGAL NAME]. All rights reserved.