Cookie Policy

Last reviewed: 2026-04-19 · Version 1.0 · Effective: 2026-04-19

What Are Cookies?
Cookies We Use
First-Party vs Third-Party Cookies
Consent and Legal Basis
How to Manage or Disable Cookies
Changes to This Policy
Contact Us

Note for EU/EEA/UK visitors: On your first visit to carehubs.tech, a consent banner is shown. You may Accept all (strictly necessary + first-party analytics) or Reject non-essential (strictly necessary only). Your choice is stored for 12 months in your browser as carehub_consent_v1. You can change your choice at any time via the "Cookie preferences" link at the bottom of the page. Carehub does not use third-party advertising cookies, cross-site tracking, or behavioural profiling — ever.

1. What Are Cookies?

Cookies are small text files that are placed on your device (computer, phone, or tablet) by websites you visit. They are widely used to make websites work efficiently, to remember your preferences, and to provide information to website operators. Cookies are not programs and cannot carry viruses or malware.

In addition to cookies, we may use similar technologies such as:

localStorage: Browser storage used to remember your language preference and authentication state across sessions.
sessionStorage: Temporary browser storage cleared when you close the tab.

2. Cookies We Use

Strictly Necessary Cookies

These cookies are essential for the platform to function. They cannot be disabled without breaking core functionality. No consent is required to set these cookies under GDPR Recital 25 and the ePrivacy Directive.

Name / Key	Provider	Purpose	Type	Expiry
`sb-[project]-auth-token`	Supabase (first-party)	Stores your authenticated session JWT. Required to keep you logged in.	HTTP cookie (HttpOnly, Secure)	Session / 7 days (refresh token)
`cpms_sa_token` (localStorage)	Carehub (first-party)	Superadmin panel session token. Only set when accessing the superadmin route.	localStorage	Session

Functional Cookies

These cookies remember your choices and preferences to improve your experience. They do not track you across other websites.

Name / Key	Provider	Purpose	Type	Expiry
`carehub_lang` (localStorage)	Carehub (first-party)	Remembers your preferred language (English or Arabic) between visits.	localStorage	Persistent (until cleared)

Analytics Cookies

We use first-party analytics (page view events stored in our own database), Google Analytics 4 (GA4), and Microsoft Clarity to understand how visitors use the site. These analytics providers are loaded only after you grant consent via the cookie banner. If you Reject non-essential or have not responded to the banner, no GA4 or Clarity cookies are set and no data is sent to either provider (GA4 runs in cookieless "Consent Mode v2" pinging only; Clarity does not load at all). Carehub does not use Facebook Pixel, LinkedIn Insight, TikTok Pixel, or any cross-site behavioural advertising tracker.

Name / Key	Provider	Purpose	Type	Expiry
Page view events (server-side)	Carehub (first-party)	Records anonymised page view data (page URL, referrer, visitor type, timestamp) in our `page_views` database table. No cross-site tracking.	Server-side event (no browser cookie set)	12 months rolling
`_ga`	Google Analytics 4 (Google LLC)	Distinguishes unique visitors. Anonymised IP enabled (`anonymize_ip: true`). Set only after opt-in consent.	First-party cookie	2 years
`_ga_G-JZ9E5CPMH0`	Google Analytics 4 (Google LLC)	Persists session state for the Carehub GA4 property. Set only after opt-in consent.	First-party cookie	2 years
`_clck`	Microsoft Clarity (Microsoft Corp.)	Persists a Clarity user ID so repeat visitor sessions can be stitched together for heatmap / session-replay analysis. Set only after opt-in consent.	First-party cookie	1 year
`_clsk`	Microsoft Clarity (Microsoft Corp.)	Links page views from a single visit into one Clarity session. Set only after opt-in consent.	First-party cookie	1 day

Marketing Cookies

We currently use no marketing or advertising cookies. We do not place any cookies for retargeting, conversion tracking, or behavioural advertising purposes. Analytics providers above are used for product & UX analysis only, not for advertising.

3. First-Party vs Third-Party Cookies

First-party cookies are set by carehubs.tech and its subdomains directly (including the GA4 and Clarity cookies, which both write to the first-party domain).

Third-party scripts loaded on the landing pages (only after analytics consent):

Google Analytics 4 — googletagmanager.com, google-analytics.com. Data processor: Google LLC. Data may be transferred to the US under EU-US Data Privacy Framework safeguards. See Google Privacy Policy.
Microsoft Clarity — clarity.ms, c.clarity.ms. Data processor: Microsoft Corporation. Data may be transferred to the US under EU-US Data Privacy Framework safeguards. See Microsoft Privacy Statement.
Google Fonts — fonts.googleapis.com, fonts.gstatic.com. Used to load Inter (EN) and Tajawal (AR). No cookies set.

As a result, no third-party cookies are set on carehubs.tech at this time. If this changes (e.g., we add a live chat widget or an analytics integration), this policy will be updated before those cookies are activated.

Strictly necessary cookies are set without consent, as they are essential to service delivery (GDPR Art. 6(1)(b) — contract performance; ePrivacy Directive Art. 5(3) exemption).
Functional cookies (language preference) are set to provide a better user experience. Legal basis: legitimate interests (Art. 6(1)(f)).
Analytics events are collected on a legitimate-interests basis (Art. 6(1)(f)) as they are first-party, do not identify individuals, and do not involve cross-site tracking. You may opt out as described in Section 5.

We are implementing a cookie consent banner to provide EU/EEA visitors with granular control before non-essential data processing begins. Until that banner is deployed, you can opt out of analytics by blocking JavaScript (see Section 5).

5. How to Manage or Disable Cookies

You can control cookies in your browser settings. Note that disabling strictly necessary cookies will prevent the platform from functioning correctly.

Browser Instructions

Chrome: Settings → Privacy and security → Cookies and other site data.
Firefox: Options → Privacy & Security → Cookies and Site Data.
Safari: Preferences → Privacy → Manage Website Data.
Edge: Settings → Cookies and site permissions → Cookies and site data.

Clearing localStorage

To clear the carehub_lang preference stored in localStorage, open your browser's developer tools (F12), go to Application → Local Storage → https://carehubs.tech, and delete the relevant key.

6. Changes to This Policy

We may update this Cookie Policy when we add new features, integrate new third-party services, or deploy a consent management platform. Material changes will be communicated via a notice on the website. The "Last reviewed" date at the top indicates the most recent update.

7. Contact Us

Questions about cookies or this policy: [email protected].

Notice: Cookie regulations vary by jurisdiction. The EU ePrivacy Directive and GDPR requirements differ from CCPA (California) and other national laws. This policy targets GDPR compliance; if you serve visitors in other jurisdictions, verify compliance with their specific requirements.