medPlan Logo

Cookie Policy

Effective Date: January 12, 2026

Company: Tymera Software LLC

Platform: medplan.live

1. Types of Cookies Used

Essential Cookies

The following cookies are essential for platform functionality:

Cookie NameTypePurposeDurationData Stored
sb-*-auth-tokenEssentialUser authentication (Supabase Auth)Session-basedEncrypted session data

Cookie Attributes: httpOnly, secure, sameSite=lax

Note: sb-* cookies are managed by Supabase Auth for secure session management.

2. Use of Cookies

  • These cookies are used exclusively for authentication and session management.
  • They are not shared with third parties.
  • Users may delete them by logging out.
  • We do NOT use analytics, advertising, or tracking cookies.

3. Cookie Management

Users can delete or block cookies via their browser settings. However, doing so may prevent successful login to the platform.

How to Disable Cookies by Browser

Chrome:Settings → Privacy and security → Cookies and other site data
Firefox:Options → Privacy & Security → Cookies and Site Data
Safari:Preferences → Privacy → Manage Website Data
Edge:Settings → Privacy, search, and services → Cookies

⚠️ Important: Disabling essential cookies will prevent you from logging into the platform.

4. Third-Party Cookies

4.1 Supabase (Authentication)

  • Supabase manages authentication cookies for secure session handling.
  • For more information, please visit: supabase.com/privacy

4.2 Paddle (Payments)

When you make a payment, our Merchant of Record Paddle may set its own cookies for payment processing and fraud prevention.

  • Paddle cookies are governed by Paddle's own Cookie Policy.
  • For more information, please visit: paddle.com/legal/privacy
  • We do not control or have access to Paddle's cookies.

4.3 Google (Authentication)

If you choose to sign in with Google, Google may set cookies on its own domain to authenticate your identity. These are third-party cookies managed entirely by Google.

5. Cookie Consent

We only use essential cookies that are strictly necessary for authentication and security. Under GDPR Article 6(1)(f) (legitimate interest) and KVKK Article 5, these cookies do not require your explicit consent as they are necessary for the service to function.

If we introduce non-essential cookies (such as analytics or marketing cookies) in the future, we will request your consent before setting them.

6. Data Retention and Deletion

Upon Logout: All session cookies are immediately deleted from your browser.

Session Management: Supabase Auth manages session tokens automatically:

  • Sessions expire based on Supabase configuration, or
  • Immediate deletion upon logout or password reset

Manual Deletion: You can request immediate deletion of your cookie data by contacting us at support@medplan.live.

7. Your Rights

Under GDPR and KVKK, you have the following rights regarding cookies:

  • Access: Request information about cookies set on your device.
  • Deletion: Delete cookies at any time via browser settings or by logging out.
  • Withdrawal: Withdraw consent for non-essential cookies (if applicable).
  • Objection: Object to the use of certain cookie categories.

To exercise these rights, please contact us at: support@medplan.live

8. No Tracking Statement

We want to be clear about what we DO NOT use:

  • ❌ Analytics cookies (e.g., Google Analytics)
  • ❌ Advertising cookies
  • ❌ Social media tracking pixels (Facebook Pixel, etc.)
  • ❌ Cross-site tracking
  • ❌ Behavioral profiling
  • ❌ Any non-essential cookies

Your privacy is important to us. We collect only the minimum data necessary to provide our service.

9. International Data Transfers

Our cookies may result in data being transferred to and stored on servers located in the United States. By using our platform, you consent to this transfer. We ensure appropriate safeguards are in place to protect your data in accordance with GDPR and KVKK requirements.

10. Security Measures

We implement industry-standard security measures to protect our cookies:

  • httpOnly flag: Prevents JavaScript access to cookies, protecting against XSS attacks.
  • secure flag: Ensures cookies are only transmitted over HTTPS connections.
  • sameSite=lax: Prevents CSRF (Cross-Site Request Forgery) attacks.
  • Supabase Auth: Session tokens are securely managed by Supabase with industry-standard encryption.
  • Short sessions: Session tokens have appropriate expiration to minimize risk.

11. Updates to This Policy

We may update this Cookie Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. The "Effective Date" at the top of this page will reflect any changes. We encourage you to review this policy periodically. Continued use of the platform after updates constitutes acceptance of the revised policy.

12. Contact Information

If you have questions or concerns about our use of cookies, please contact us:

Company Name: Tymera Software LLC

Email: support@medplan.live

Website: medplan.live

Address: New Mexico, USA

Last Updated: January 12, 2026

By using medplan.live, you acknowledge that you have read and understood this Cookie Policy. If you do not agree with this policy, please discontinue use of the platform.

Back to Home