Legal
Cookies & similar technologies
Last updated: 1 May 2026.
What we use
We use a small number of strictly-necessary cookies that keep the application working. We do not currently use third-party analytics, advertising, or tracking cookies. If that ever changes we'll update this page and request consent through the cookie banner before any new non-essential cookies are set.
Cookies we set
| Name | Purpose | Type | Lifetime |
|---|---|---|---|
| authjs.session-token | Keeps you signed in to your clinic dashboard. | Strictly necessary | 30 days |
| authjs.csrf-token | Cross-site-request-forgery protection on auth flows. | Strictly necessary | Session |
| authjs.callback-url | Remembers where to send you after sign-in. | Strictly necessary | Session |
| cp_cookie_choice | Records your choice on the cookie notice so we don't show it again. | Strictly necessary | 6 months |
What we don't use (today)
- Google Analytics, Plausible, or any other web analytics
- Facebook Pixel, Google Ads, or any other ad-tracking pixel
- Heatmap or session-replay tools (Hotjar, FullStory, etc.)
- Third-party social-media widgets that drop cookies
Controlling cookies
You can manage or block cookies in your browser settings (Chrome, Safari, Firefox, Edge, etc.). Blocking strictly-necessary cookies will prevent you from staying signed in to clinicpilot.
If we ever introduce non-essential cookies, the cookie banner will let you accept or decline them and change your mind later from this page.
Questions
Email dpa@clinicpilot.co.uk.