Last updated: 15 May 2026
1. What this covers
This page describes the cookies and first-party device storage MedPro AI uses across medproai.com, the MedPro clinician web app, and the MedYou patient app. It is published in compliance with:
- ePrivacy Directive 2002/58/EC Article 5(3)(storage of and access to information on a user's device)
- Irish PECR — S.I. 336/2011 Regulation 5 (Irish implementation of the ePrivacy Directive)
- GDPR Articles 6 and 7 for any cookie or storage that constitutes personal-data processing
- The European Data Protection Board guidance on cookie banners (EDPB Guidelines 03/2022 on deceptive design patterns)
2. Strictly necessary — no consent needed
These are required for the platform to function. Article 5(3) ePrivacy exempts them from consent because they are "strictly necessary for the provision of an information society service explicitly requested by the user."
| Storage key | Purpose | Retention | Type |
|---|---|---|---|
sb-ptbcpblrtlvfglqyteju-auth-token | Supabase auth session (signed-in state, refresh token) | 1 hour rolling refresh | localStorage |
medyou.session | Patient profile ID + tenant ID for the active session | Until sign out | localStorage |
medpro.session | Clinician profile ID for the active session | Until sign out | localStorage |
medpro.clinician_consent | Clinician consent ledger (Terms / DPA / MDR / professional attestation states) | Until consent withdrawn or account closed | localStorage |
medyou.cookie_banner_dismissed | Records that you've seen the cookie banner so we don't show it again | Until cleared / new policy version | localStorage |
medyou.lastSignIn | Remembers the last patient who signed in on this device (name + practice) for the Face-ID prompt | Until "Sign in as a different person" is used | localStorage |
medyou.sidebar.sections | Remembers which sidebar groups you have open/closed on the desktop portal | Until cleared | localStorage |
csrf_token | Prevents cross-site request forgery on form submits | Per session | Session cookie |
3. Clinician-app first-party storage (MedPro Desktop + Mobile)
The clinician apps store additional first-party data for session continuity, preferences, and offline resilience. All keys below are strictly necessary or functional (no tracking).
| Storage key | Purpose | Retention |
|---|---|---|
cookieConsent.v1 | Desktop banner consent state (essential / analytics / marketing / functional) | 1 year or until withdrawn |
medpro-theme | Light/dark theme preference | Until cleared |
medpro_ephemeral | Flag for ephemeral (one-off) sessions — security-relevant | Per session |
medpro_reset_pending | Timestamp of a pending password reset | Until password reset completes (max 24h) |
medpro_last_processed_file | Last file ID processed by the document uploader (UX hint) | Until cleared |
invoice-templates, template-editor-draft, template-editor-versions | Saved custom invoice templates + autosaved drafts + version history | Until cleared |
onboarding_progress, onboarding_timestamp | Clinician onboarding form state (so a half-finished signup doesn't lose data) | Until onboarding completes |
action_items_last_scan_{patientId} | Per-patient timestamp of last action-item scan (cache hint, no PHI itself) | Until cleared |
voice-brigid-summary:{patientId} | Cached AI voice-to-summary per patient (encrypted; cleared on sign-out) | Until sign-out or 24h whichever sooner |
medyou.familyLinks | Family link cache (carer/dependent relationships) | Until sign-out |
medfill.activePharmacyId | Active pharmacy ID for the MedFill prescription routing workflow | Until sign-out or pharmacy change |
4. sessionStorage (cleared automatically on tab close)
These keys exist only for the duration of the current tab and are wiped when you close it.
medpro_alive— session heartbeat (updated every minute so we know your tab is still active)medyou:denied-staff— flag for patients who explicitly declined staff access this sessionapp_session_id— anonymous per-tab session ID, used for analytics correlation only (cleared on tab close)medpro_chunk_reload_inflight,medpro_chunk_reload_attempts— recovery state for JavaScript chunk-loading errors (when a deployment lands while your tab is open)
5. IndexedDB — offline resilience (MedPro Desktop only)
The clinician desktop app uses a small IndexedDB database called MedProDB to support offline use of the clinic schedule, patient roster, and queued requests when your connection drops. All data is encrypted in the database, scoped to your signed-in clinician account, and wiped on sign-out or after 14 days of inactivity.
patients— cached patient roster (id, name, last visit) for offline readcachedData— generic TTL cache for queries you've recently performedqueuedRequests— queued writes (notes, prescriptions) waiting to be sent when your connection returns
6. Analytics — optional, opt-in
We use Plausible Analytics for privacy-friendly aggregate page-view statistics. Plausible is hosted in the EU, sets no cookies, uses no cross-site identifiers, does not collect personal data, and is fully GDPR-compliant by design. That said, we treat its use as opt-in:
- Hosted in the EU — no transfer outside the EEA
- No personal data — only aggregated, anonymous page-view counters
- No cross-site tracking, no fingerprinting, no profiling
- Easy to opt out via the cookie banner
7. Third-party advertising & tracking
We use none. No Google Analytics, no Facebook Pixel, no LinkedIn Insight, no Hotjar, no Segment, no advertising cookies. We never sell or share any user data with ad-tech vendors.
8. How to control these
- Cookie banner — shown once on first visit; dismissable. The dismissal itself is recorded in
medyou.cookie_banner_dismissedso we don't pester you. - Account settings — manage analytics opt-in under Me → Notifications & sign-in.
- Browser controls — most browsers let you block or delete cookies and local storage. Doing so for our strictly-necessary items will sign you out and may break features.
- Per-tab private browsing— opening MedPro in a Private/Incognito window gives you a fresh session that's wiped on tab close.
9. Changes to this policy
When we add a new cookie or change retention, we update this page and the medyou.cookie_banner_dismissed version flag — which re-shows the banner so you can review and re-consent.
Related documents
Privacy Policy · Data Processing Agreement · Compliance Overview · Terms of Service