Cookie PolicyOctor Background LogoOctor Background Logo

Last Updated On: 28/11/25

1. Introduction

This Cookie Policy explains how Octor Health Tech Private Limited (“Octor”, “we”, “us”, “our”) uses cookies, SDK-based trackers, and similar technologies to support secure login, improve platform performance, and enable essential clinical workflows.

Octor complies with:

  • GDPR (EU) and ePrivacy Directive
  • DPDP Act (India)
  • CCPA/CPRA (California)
  • UK GDPR
  • Industry standards for healthcare privacy & security

Octor does not use advertising, behavioral tracking, or third-party marketing cookies.

2. Scope of This Policy

This Policy applies to:

  • Octor’s Website (octor.health)
  • Octor Web Portals (doctor, clinic, admin dashboards)
  • Octor Web Apps (browser-based components)
  • Mobile app components that use webviews or local storage

This Policy does not apply to the cookie practices of:

  • Third-party HIS/EMR systems
  • External websites linked through our UI

3. What Are Cookies?

Cookies are small text files placed on your device when you access a website or application. They serve various purposes such as enabling login, remembering preferences, and ensuring security.

We also use:

  • Local Storage (browser-based)
  • Session Storage
  • Secure tokens
  • App-level persistent data stores
  • SDK-level caching in mobile apps

These are treated equivalently to cookies under global privacy laws.

4. Types of Cookies Used by Octor

Octor uses the following cookie categories:

  • Strictly Necessary (Essential) Cookies
  • Functional Cookies
  • Performance & Analytics Cookies
  • Security Cookies

Octor does not use:

  • Advertising cookies
  • Cross-site tracking cookies
  • Profiling cookies
  • Behavioral marketing cookies

5. Categories of Cookies in Detail

5.1 Strictly Necessary (Essential) Cookies

These are required for the platform to function.

Used for:

  • Secure login
  • Maintaining authenticated sessions
  • Role-based access permissions
  • Queues and patient workflows
  • API request validation
  • CSRF protection
  • Teleconsultation connection setup

Without these, the Octor platform cannot operate.

Examples:

  • session_token
  • csrf_token
  • auth_state
  • clinic_mode

5.2 Functional Cookies

Used to enhance user experience and personalize workflows.

Examples:

  • Language settings
  • Preferred clinic or branch
  • Layout preferences
  • Teleconsultation audio/video device selections

5.3 Performance & Analytics Cookies

Used for aggregated, anonymized insights such as:

  • Page load speeds
  • Crash diagnostics
  • Latency monitoring
  • Peak load tracking
  • API performance trends

We do not use Google Analytics Universal Tracking. We may use privacy-preserving alternatives:

  • First-party analytics
  • Self-hosted tools
  • Strictly anonymized metrics

5.4 Security Cookies

Used to:

  • Detect unauthorized access
  • Prevent brute-force attacks
  • Monitor suspicious login patterns
  • Enforce security policies

Examples:

  • IP-based session validation
  • Login attempt counters
  • Token integrity checks
For more details, Click Here

6. Legal Basis for Using Cookies

Under GDPR:

  • Essential cookies — Legitimate Interest or Contractual Necessity
  • Functional & Analytics cookies — Consent

Under DPDP Act:

  • Personal Data processed via cookies follows consent-based or legitimate use rules.

Under CCPA:

  • Cookies that collect identifiable data qualify as “personal information”.
  • Users have the right to opt out of non-essential cookie-based processing.

7. Cookie Duration & Lifespan

Cookies may be:

Session Cookies Deleted automatically once the user logs out or closes the browser.

Persistent Cookies Remain stored for a defined period (e.g., 30–180 days), unless manually cleared.

App Storage (Mobile) Persistent app storage is used for:

  • Offline caching
  • Login state
  • Temporary clinical drafts

8. Third-Party Cookies

Octor uses very limited third-party cookies and only for:

  • Hosting (e.g., AWS, Azure)
  • Error monitoring (e.g., Sentry-like tools)
  • Session tracking (first-party configuration)
  • Teleconsultation services (WebRTC metadata only)

All third-party providers are contractually bound to equivalent data protection obligations.

No marketing or advertising third-party cookies are used.

9. No Advertising or Tracking Cookies

Octor does not use:

  • Facebook Pixel
  • Google Ads tags
  • Retargeting tags
  • Programmatic advertising trackers
  • Cross-site tracking identifiers

No behavioral profiling or audience segmentation is performed.

10. Cookies Set Through Mobile Apps

Mobile apps may use:

  • Local storage
  • Secure keychain/Keystore
  • JWT tokens
  • App-level caches
  • Internal telemetry identifiers

These equivalents are subject to the same rules as web cookies.

11. Managing & Withdrawing Cookie Consent

Users can:

  • Accept all cookies
  • Reject non-essential cookies
  • Modify existing preferences
  • Withdraw consent anytime

Cookie consent can be changed by:

  • Accessing the Cookie Preferences link
  • Browser-level controls (see section 12)
  • Clearing stored data

12. Browser-Level Controls

Users may block or delete cookies using browser settings:

  • Chrome
  • Safari
  • Firefox
  • Edge
  • Opera

Blocking essential cookies may disable core platform functionality.

13. “Do Not Track” (DNT) Signals

Some browsers support DNT signals.

Because there is no universal standard, Octor:

  • Does not respond to DNT signals directly
  • Respects manual cookie preferences instead

14. Cookies in Teleconsultation & Clinical Workflows

Teleconsultation functionality may require:

  • Session identity tokens
  • WebRTC secure identifiers
  • Device permission flags
  • Audio/video selection cookies

These are essential for secure remote care.

15. Cookies in Device Integrations

Device integrations (ECG readers, Bluetooth thermometers) may require:

  • Device pairing flags
  • Connection stability tokens
  • Temporary data caching

These do not store PHI — only technical metadata.

16. Cookies for Analytics & Performance

Analytics cookies track:

  • API response times
  • Infrastructure load
  • Session duration
  • Browser environment
  • Crash stacks

All such data is anonymized before analysis.

17. Cookies for Authentication & Security

Used for:

  • Session management
  • MFA indicators
  • Risk scoring
  • CSRF protection
  • Bot detection
  • Suspicious activity logging

Security cookies are strictly essential.

18. Cross-Border Data Transfers

Some cookies may result in technical data transfers (e.g., via CDN or hosting infrastructure).

Octor ensures:

  • SCCs (Standard Contractual Clauses)
  • DPDP-compliant mechanisms
  • Industry-standard security

19. Updates to This Policy

Octor may update this Cookie Policy periodically. Changes take effect upon publication on https://www.octor.health.

All rights reserved.© Octor 2025.