Introduction
IntakeAccess.ai ("we," "us," "our") operates the website at https://intakeaccess.ai and a healthcare platform that handles Protected Health Information (PHI). This Cookie Policy explains how we use cookies and similar tracking technologies on the public-facing Website and within the authenticated platform environment.
Given the sensitive healthcare nature of our platform, we apply a heightened standard to cookie use: no cookies that could expose or indirectly identify PHI are used for advertising, behavioral tracking, or third-party marketing purposes. Cookies within authenticated provider and patient sessions are limited to what is strictly necessary for security, authentication, and session management.
This Cookie Policy should be read alongside our Privacy Policy and Terms of Service, available at https://intakeaccess.ai.
What Are Cookies?
Cookies are small text files placed on your device when you visit a website. They are widely used to make websites and platforms work efficiently, maintain security sessions, remember preferences, and collect analytical information.
We also use related technologies including:
- Session Tokens: Encrypted temporary identifiers used to maintain authenticated sessions in the provider portal and patient portal. These are destroyed upon logout or session timeout (15 minutes).
- Local Storage: Browser-based storage used for non-PHI UI preferences (e.g., sidebar state, display settings).
- Security Tokens: CSRF tokens and other security-specific identifiers used to protect against cross-site request forgery attacks.
Cookie Categories & What We Use
| Category | Examples | Purpose | Consent Required? | PHI Involved? |
|---|---|---|---|---|
| Strictly Necessary | Session ID, CSRF token, MFA state, 2FA session token | Platform authentication, session security, MFA/2FA workflows, HIPAA-required session timeouts | No (security-essential) | No — tokens only |
| Functional | UI preferences, language, sidebar state | Remembering non-PHI display preferences to improve platform usability | No (non-tracking) | No |
| Analytics (Public Website Only) | Google Analytics (_ga, _gid) | Understanding public website traffic and improving marketing pages. Not used within authenticated provider or patient sessions. | Yes (consent banner) | No — public pages only |
| Marketing (Optional) | Google Ads conversion tag | Measuring ad campaign performance on public marketing pages only. Never placed within authenticated sessions. | Yes (opt-in only) | No — public pages only |
Authenticated Platform Environment (Provider & Patient Portals)
Within the authenticated provider portal and patient portal, cookie use is strictly limited to what is necessary for security and functionality:
- No advertising cookies are placed within any authenticated session
- No behavioral tracking is conducted within provider or patient workflows
- No third-party analytics scripts run within authenticated sessions where PHI may be present
- Session tokens expire after 15 minutes of inactivity (HIPAA Security Rule compliance)
- All session tokens are invalidated upon explicit logout
- Audit logs capture all session activity independently of cookies, in the server-side audit system
Third-Party Cookies
On our public marketing website (pages not requiring login), we may use the following third-party services that set their own cookies:
- Google Analytics: Collects anonymized usage statistics on public pages. IP anonymization is enabled. Governed by Google's Privacy Policy at policies.google.com/privacy. Opt out: tools.google.com/dlpage/gaoptout
- Google Ads: Conversion tracking on public pages only, where you have consented. No Google Ads cookies are placed within authenticated sessions.
No third-party advertising or behavioral tracking cookies are permitted within any authenticated provider or patient session, regardless of any consent previously given for public-page cookies.
Your Cookie Choices & Controls
Consent Banner
When you first visit the public website, a cookie consent banner allows you to accept all cookies, reject non-essential cookies, or customize by category. You may update these preferences at any time via the "Cookie Settings" link in the website footer.
Browser Controls
You may refuse or delete cookies through your browser settings. Note that disabling strictly necessary cookies (session tokens, CSRF tokens) will prevent login to the platform:
- Google Chrome: support.google.com/chrome/answer/95647
- Mozilla Firefox: support.mozilla.org/kb/cookies-information-websites-store
- Apple Safari: support.apple.com/guide/safari/manage-cookies-sfri11471
- Microsoft Edge: support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge
Google Analytics Opt-Out
Install the Google Analytics Opt-out Browser Add-on at tools.google.com/dlpage/gaoptout to prevent Google Analytics from collecting data about your public website visits.
Do Not Track
We honor Do Not Track (DNT) signals on our public website by disabling non-essential analytics and marketing cookies when a DNT signal is detected. DNT has no effect on strictly necessary session cookies within the authenticated platform, as these are required for HIPAA-compliant session security.
Retention Periods
| Cookie Type | Retention |
|---|---|
| Session / authentication tokens | Session only (destroyed on logout or 15-min timeout) |
| MFA / 2FA state tokens | Session only |
| CSRF security tokens | Session only |
| Functional / UI preference cookies | Up to 12 months |
| Google Analytics (_ga) | 24 months |
| Google Analytics (_gid) | 24 hours |
| Google Ads conversion | Up to 90 days |
Updates & Contact
We may update this Cookie Policy to reflect changes in our cookie practices or applicable law. Updated policies are posted with a revised "Last Updated" date. Material changes are communicated via the consent banner and, for registered users, by email.
For questions about this Cookie Policy: privacy@intakeaccess.ai | 205-855-4545 | https://intakeaccess.ai