Cookie Policy

1. Types of Cookies Used

Essential Cookies

The following cookies are essential for platform functionality:

2. Use of Cookies

• These cookies are used exclusively for authentication and session management.
• They are not shared with third parties.
• Users may delete them by logging out.
• We do NOT use analytics, advertising, or tracking cookies.

3. Cookie Management

Users can delete or block cookies via their browser settings. However, doing so may prevent successful login to the platform.

How to Disable Cookies by Browser

4. Third-Party Cookies

When you make a payment, our payment processor Stripe may set its own cookies for payment processing and fraud prevention.

• Stripe cookies are governed by Stripe's own Cookie Policy.
• For more information, please visit: stripe.com/cookies-policy/legal
• We do not control or have access to Stripe's cookies.

5. Cookie Consent

We only use essential cookies that are strictly necessary for authentication and security. Under GDPR Article 6(1)(f) (legitimate interest) and KVKK Article 5, these cookies do not require your explicit consent as they are necessary for the service to function.

If we introduce non-essential cookies (such as analytics or marketing cookies) in the future, we will request your consent before setting them.

6. Data Retention and Deletion

Upon Logout: All cookies are immediately deleted from your browser.

Server-Side Tokens: Refresh tokens stored on our servers are automatically deleted after:

• 60 days from issuance, or
• Immediate deletion upon account termination or password reset

Manual Deletion: You can request immediate deletion of your cookie data by contacting us at support@medplan.live.

7. Your Rights

Under GDPR and KVKK, you have the following rights regarding cookies:

• Access: Request information about cookies set on your device.
• Deletion: Delete cookies at any time via browser settings or by logging out.
• Withdrawal: Withdraw consent for non-essential cookies (if applicable).
• Objection: Object to the use of certain cookie categories.

To exercise these rights, please contact us at: support@medplan.live

8. No Tracking Statement

We want to be clear about what we DO NOT use:

• ❌ Analytics cookies (e.g., Google Analytics)
• ❌ Advertising cookies
• ❌ Social media tracking pixels (Facebook Pixel, etc.)
• ❌ Cross-site tracking
• ❌ Behavioral profiling
• ❌ Any non-essential cookies

Your privacy is important to us. We collect only the minimum data necessary to provide our service.

9. International Data Transfers

Our cookies may result in data being transferred to and stored on servers located in the United States. By using our platform, you consent to this transfer. We ensure appropriate safeguards are in place to protect your data in accordance with GDPR and KVKK requirements.

10. Security Measures

We implement industry-standard security measures to protect our cookies:

• httpOnly flag: Prevents JavaScript access to cookies, protecting against XSS attacks.
• secure flag: Ensures cookies are only transmitted over HTTPS connections.
• sameSite=lax: Prevents CSRF (Cross-Site Request Forgery) attacks.
• JWT signing: Tokens are cryptographically signed to prevent tampering.
• Short expiration: Access tokens expire after 15 minutes to minimize risk.

11. Updates to This Policy

We may update this Cookie Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. The "Effective Date" at the top of this page will reflect any changes. We encourage you to review this policy periodically. Continued use of the platform after updates constitutes acceptance of the revised policy.

12. Contact Information

If you have questions or concerns about our use of cookies, please contact us: