#1. Overview
This Cookie Notice explains how Kinevie ("we", "our", "us") uses cookies and similar technologies on the apex marketing site (www.kinevieapp.com), the patient portal, the clinic operating system, and every Kinevie tenant subdomain (<clinic>.kinevieapp.com). It supplements our Privacy Policy.
We follow the cookie and consent guidance of Canada's Office of the Privacy Commissioner under PIPEDA, Québec's Law 25, the Canadian Radio-television and Telecommunications Commission's CASL guidance for tracking software, and World Health Organization principles on transparent health-data governance.
#2. What are cookies?
Cookies are small text files that a website asks your browser to store. When you return to the site, the browser sends those files back so the site can recognize your session, remember preferences, and keep you signed in.
Similar technologies include local storage and session storage (built into the browser, used to keep small UI state like your theme preference or a draft intake answer), pixels (tiny images that let an analytics provider count an action), and service workers (background scripts used to keep the app responsive offline). When we say "cookies" in this notice we mean all of these together unless context says otherwise.
#3. How Kinevie uses cookies
We use cookies and similar technologies to:
- keep you signed in to the patient portal and clinic operating system;
- secure your session against forgery and replay attacks;
- remember your theme, language, recently-viewed clinics, and other preferences so you don't have to set them on every visit;
- record the choices you make in the cookie banner so we don't keep asking — and so we don't load optional scripts you have declined;
- understand which pages, features, and content help users so we can improve the product — using anonymous, aggregated analytics;
- detect security incidents and abuse; and
- operate the service reliably and recover from errors.
We do not use cookies to build advertising profiles, run cross-site behavioural ads, or share your health information with third parties.
#4. Cookie categories
Kinevie groups cookies into four categories:
- Strictly necessary. Required for the site or portal to work — for example, your sign-in session and CSRF protection. These cannot be disabled.
- Functional. Improve usability and personalization — theme, language, recently-viewed clinics. Decline these and the experience will still work but defaults will reset on every visit.
- Performance. Help us understand how the service performs in the wild (page-load timings, error rates).
- Analytics. Aggregated, anonymous usage metrics that help us prioritize UX improvements. We do not link analytics back to your account identifier.
#5. Cookies we set
The cookies and storage entries we set today. We will update this list as the product changes. Implementation details (exact lifetimes, storage mechanism) may evolve; what is stable is the category, the purpose, and what data we won't keep.
| Name | Category | Purpose | Duration | Party |
|---|---|---|---|---|
access_token | Strictly necessary | Short-lived JWT that keeps you signed in to the patient portal or clinic operating system. HttpOnly, Secure, SameSite=Lax. | ~15 minutes (refreshed automatically) | First party (Kinevie) |
refresh_token | Strictly necessary | Issues new access tokens without re-prompting for your password. HttpOnly, Secure, SameSite=Lax. | Up to 30 days (cleared on sign-out) | First party (Kinevie) |
kinevie_client_portal_token | Strictly necessary | Patient-portal session token kept in localStorage, used to authenticate against the apex API. | Until sign-out (stored in localStorage) | First party (Kinevie) |
kinevie_theme | Functional | Remembers your light/dark mode preference so we don't flash the wrong theme on first paint. | Persistent (stored in localStorage) | First party (Kinevie) |
kinevie_locale_v1 | Functional | Remembers your preferred language (English, French, Arabic) for the marketing site and portal. | Persistent (stored in localStorage) | First party (Kinevie) |
kinevie_portal_tz_v1 | Functional | Remembers the time zone preference you've set in your patient portal so appointment times render correctly. | Persistent (stored in localStorage) | First party (Kinevie) |
kinevie_consent_v1 | Strictly necessary | Records your cookie-banner choices so we don't ask again on every visit and don't load optional scripts you have declined. | 12 months (stored in localStorage) | First party (Kinevie) |
#6. Third-party cookies
We try to keep third-party cookies to the minimum needed to operate. When a Kinevie page uses a third-party service that sets a cookie, the cookie is governed by that provider's privacy practices as well as ours. Today, the categories of third parties that may set cookies are:
- Cloud infrastructure providers (load balancing, anti-DDoS) — these cookies typically carry a request identifier so traffic is routed consistently and attacks are blocked.
- Embedded media — when a clinic embeds a third-party video or map, the embed provider may set cookies on play / interaction. These embeds do not load until you interact unless required for layout.
- Payment processors — when a clinic uses an integrated processor for visit fees or deposits, that processor handles the transaction and may set cookies on its own checkout pages, subject to its own notice.
We do not allow third-party advertising networks or social-network "share" trackers to set cookies on Kinevie surfaces.
#7. Similar technologies
In addition to cookies, the patient portal and clinic operating system rely on localStorage and sessionStorage to keep small bits of state on your device — your theme, draft intake answers, recently-viewed clinics, and consent choices. These are scoped to your browser and we cannot read them from any other site.
The patient portal may also register a service worker so that key pages continue to work when your connection drops. The service worker stores only static assets, not health information, and you can clear it from your browser's developer tools.
#8. Your choices
You have several ways to control cookies on Kinevie:
- Cookie banner. The first time you visit the site you will see a banner letting you accept all, decline optional, or customize. You can change your choices at any time from the "Cookie preferences" link in the footer.
- Browser settings. Every modern browser lets you block or delete cookies. Blocking strictly necessary cookies will prevent you from signing in. Help pages: Chrome, Firefox, Safari, Edge.
- Device settings. On mobile you can clear site data for Kinevie from your browser settings; on iOS/Android you can also reset advertising identifiers globally (though we don't use them).
#9. Do Not Track and Global Privacy Control
Kinevie respects the Global Privacy Control (GPC) signal. When your browser sends GPC, we treat it as a request to disable optional analytics and functional cookies for the session, in addition to whatever you set in the banner.
We do not respond to the older "Do Not Track" (DNT) header because the industry never settled on a consistent interpretation. GPC is the modern equivalent and we honour it.
#10. Minors
The Kinevie marketing site, patient portal, and Knowledge Hub are intended for adults. When care is delivered to a minor through a Kinevie-using clinic, the clinic obtains parental or legal-guardian consent and is the custodian of the child's record. We do not knowingly target advertising or behavioural profiling at children.
#11. Changes
We may update this Cookie Notice when we add or remove cookies, switch providers, or when applicable law changes. The "Last updated" date at the top of this page reflects the most recent substantive change. Material changes will be announced in the cookie banner or via a notice in the portal.
#12. Contact
Questions or complaints about how we use cookies? Email privacy@kinevieapp.com. You can also reach our Privacy Officer through the contact options listed in our Privacy Policy.