Cookie PolicyCookie Policy
Effective Date: 13 June 2025
Last Updated: 13 June 2025
Version: 1.0
This Cookie Policy explains how SAMSA Ltd (“SAMSA”, “we”, “us”, “our”) uses cookies and similar technologies when you visit samsa.health or access the SAMSA clinical‑decision‑support platform (collectively, the “Services”). It should be read alongside our Privacy Policy.
1. What Are Cookies?
Cookies are small text files that a website stores on your device to remember information about you, such as login status or usage preferences. Cookies can be “first‑party” (set by the domain you are visiting) or “third‑party” (set by a different domain). Technologies like local storage, pixels and server‑side tracking may serve similar purposes; for simplicity we refer to them collectively as “cookies”.
2. Why We Use Cookies
| Category | Are they optional? | Purpose | Typical Cookies |
|---|---|---|---|
| Strictly Necessary | No | Enable core platform functions such as authentication, session management and security protection. | __Host-next-auth.csrf-token, __Secure-next-auth.session-token |
| Functional | Yes (opt‑in) | Remember user interface settings and preferences using Zustand state management. | Local storage for UI state, theme preferences |
| Performance / Analytics | Yes (opt‑in) | Gather anonymised usage statistics to improve platform performance and user experience. | Analytics cookies (when enabled) |
| No Advertising / Tracking | n/a | We do not serve behavioural ads and do not allow ad networks to set cookies. | — |
We review our cookie inventory quarterly; an up‑to‑date list is always available in the preference centre described in Section 5.
3. Legal Basis
- Strictly Necessary cookies – processed under Article 6(1)(f) GDPR / Regulation 6 (4) PECR as our legitimate interest in delivering a secure Service.
- All other cookies – set only with your consent (Article 6(1)(a) GDPR). Consent is captured via the banner presented on first visit and refreshed every 6 months.
4. Third‑Party Cookies & Data Transfers
We minimise third‑party cookies. Our platform primarily uses first‑party cookies and local storage managed through Zustand for state management. When analytics are enabled, data is processed within the EEA and never shared with advertising networks.
If we engage new third‑party cookie providers located outside the EEA or UK, we will: (i) list them in the cookie preference centre; and (ii) rely on an approved transfer mechanism such as Standard Contractual Clauses.
5. Managing Your Cookie Preferences
- Banner: On first visit you will see a banner allowing you to “Accept all” or “Manage settings”. Non‑essential cookies are disabled by default until you opt‑in.
- Preference Centre: Accessible anytime via the cookie icon in the footer. You can toggle Functional and Analytics categories on or off.
- Browser Controls: Most browsers let you delete or block cookies. Note that blocking Strictly Necessary cookies will break login sessions.
- Withdraw Consent: Changing the toggle to “off” or clearing your cookies withdraws consent. We immediately disable and, where feasible, delete corresponding identifiers.
6. Cookie Retention
| Cookie | Provider | Expiry | Category |
|---|---|---|---|
__Host-next-auth.csrf-token | SAMSA (first‑party) | Session | Strictly Necessary |
__Secure-next-auth.session-token | SAMSA (first‑party) | 30 days | Strictly Necessary |
| Zustand state (Local Storage) | SAMSA (first‑party) | Persistent until cleared | Functional |
| Theme preferences | SAMSA (first‑party) | 1 year | Functional |
Exact lifetimes may vary; see the preference centre for real‑time values.
7. Changes to This Policy
We may update this Cookie Policy to reflect changes in technology, legislation or our use of cookies. We will post any changes on this page and, where material, obtain fresh consent.
8. Contact
Questions? Contact our Data Protection Officer:
Matt J. Stevenson
Email: matt@samsa.health