Cookie Policy

1. Introduction

Third Opinion ("we," "our," or "us") uses cookies and similar technologies on our websites and applications (collectively, the "Services") to operate the platform, keep your session secure, remember preferences, and understand how the Services are used.

This Cookie Policy explains what these technologies are, how we use them, and your choices. It should be read together with our Privacy Policy and Terms & Conditions. By continuing to use the Services, you consent to our use of cookies as described here, except where your consent is required by law and you have not provided it.

2. What Are Cookies and Similar Technologies?

Cookies are small text files stored on your device when you visit a website. We may also use similar technologies such as local storage, session storage, and pixels that serve comparable functions—for example, maintaining login state or storing UI preferences.

Cookies may be set by us ("first-party") or by trusted partners that help us operate the Services ("third-party").

3. Types of Cookies We Use

We use the following categories of cookies and similar technologies:

  • Strictly Necessary: Required for the Services to function, including authentication, security, load balancing, and fraud prevention. These cannot be disabled through our platform without affecting core functionality.
  • Functional: Remember choices such as tenant context, display settings, or privacy mode preferences to improve your experience.
  • Performance and Analytics: Help us understand how users interact with the Services (for example, pages visited and errors encountered) so we can improve reliability and usability. Where used, we configure analytics to limit collection of identifiable health information.
  • Session and Authentication: Maintain your signed-in state, including HttpOnly cookies used for secure API authentication and session refresh, in line with our security practices described in the Privacy Policy.

4. Cookies and Health Information

We do not use cookies to store clinical or protected health information in plain text on your device. Health and trial-matching data are processed on our servers under the safeguards described in our Privacy Policy, including HIPAA-aligned technical and administrative controls.

Authentication cookies and tokens are used only to verify your identity and authorize access to features you are permitted to use.

5. Third-Party Cookies

Some third-party service providers may set cookies when you use the Services, such as hosting, analytics, or error-monitoring tools. These providers are contractually required to protect data confidentiality and security and may only use information as directed by us, consistent with our Privacy Policy.

We do not control cookies set by third-party websites you reach through links from our Services. Review those sites' policies before interacting with them.

6. How Long Cookies Are Stored

Session cookies expire when you close your browser or end your session. Persistent cookies remain for a defined period or until you delete them, depending on their purpose:

  • Authentication and security: Typically aligned with your session length or security policy (for example, idle timeout or refresh intervals).
  • Preferences: May persist until you clear them or change settings in the application.
  • Analytics: Retention periods are limited according to our vendor configurations and internal data minimization practices.

7. Managing Your Cookie Choices

You can manage cookies in several ways:

  • Browser settings: Most browsers let you block or delete cookies. Blocking strictly necessary cookies may prevent you from signing in or using secure features.
  • In-app settings: Where we offer preference controls (such as privacy mode or optional analytics), you can adjust them within the Services.
  • Sign out: Signing out clears session-related authentication cookies associated with your account on that device.

For questions about cookie-related choices or to exercise privacy rights that may apply in your state, contact [email protected].

8. Do Not Track

Some browsers offer a "Do Not Track" (DNT) signal. Because there is no uniform industry standard for responding to DNT, we do not currently alter our practices solely based on DNT signals. We continue to honor applicable privacy laws and the choices described in this policy and our Privacy Policy.

9. Changes to This Policy

We may update this Cookie Policy to reflect changes in technology, vendors, or legal requirements. The revision date at the top indicates the latest version. Changes become effective when posted on the Services.

10. Contact Us

If you have questions about our use of cookies or similar technologies, please contact us at [email protected].