careosplatform

Legal · Cookies

Cookie Policy

careos platform uses a deliberately minimal set of cookies. No advertising trackers, no cross-site fingerprinting, no third-party behavioural profiling.

Effective date: 2026-01-01·Last updated: 2026-04-09·Version: 1.0

1. About this Cookie Policy

This Cookie Policy explains how ITLOX LTD, operator of careos platform, uses cookies and similar technologies on the careosp.com marketing site and the authenticated careos platform application. It should be read together with our Privacy Policy.

2. What cookies are

Cookies are small text files placed on your device by a website you visit. They are widely used to make websites work efficiently, to remember preferences, and to provide information to the site operator. Similar technologies include local storage, session storage and pixel tags; where we use these on careosp.com or in the Service, we treat them on the same basis as cookies.

3. Our approach

careos platform is a tool used in regulated healthcare environments. We therefore limit our cookie use to what is necessary for the website and Service to function safely and for the Customer to operate the Service. We do not use:

  • Advertising or ad-targeting cookies;
  • Cross-site tracking or behavioural profiling pixels;
  • Social media tracking widgets that set third-party cookies;
  • Session replay tools inside the authenticated application;
  • Any tool that transmits PHI or clinician identifiers to third parties.

4. Categories of cookies we use

4.1 Strictly necessary

These cookies are required for the site or Service to function. Without them, features such as secure sign-in, CSRF protection and session continuity cannot work. They do not require consent under UK PECR or equivalent US state laws.

4.2 Functional

Remember user preferences such as language, theme or navigation state. They improve ergonomics but are not essential. We set them only where the underlying function is active.

4.3 Performance and analytics

We collect privacy-preserving, aggregated analytics about the marketing site to understand which content is useful. Analytics cookies are only set with consent. No PHI is sent to analytics providers. In the authenticated application, we use first-party server-side telemetry rather than client-side analytics beacons.

4.4 No third-party advertising

We do not sell data, do not share data for cross-context behavioural advertising, and do not set advertising cookies.

5. Cookie table

The table below lists the cookies most commonly encountered on careosp.com and the careos platform application. The actual set may vary slightly as the site evolves; the consent banner always reflects the current configuration.

  • careos_session — first-party, strictly necessary. Maintains authenticated session state. Expires at session end or after idle timeout.
  • careos_csrf — first-party, strictly necessary. Prevents cross-site request forgery. Expires with session.
  • careos_prefs — first-party, functional. Stores UI preferences (language, theme). Expires after 12 months.
  • careos_consent — first-party, strictly necessary. Stores your cookie consent choices. Expires after 12 months.
  • _analytics_id — first-party, performance. Aggregated marketing-site analytics, only when consent is given. Expires after 13 months.
  • cf_* — first-party, strictly necessary. Infrastructure cookies used by our DDoS and edge provider to protect the service. Expire per provider policy, typically under 30 days.

6. Managing cookies

You can manage your cookie preferences at any time via the Cookie Settings link in the footer of careosp.com. Changes take effect immediately for subsequent page loads. Strictly necessary cookies cannot be disabled without breaking the Service.

You can also control cookies directly in your browser:

7. Do Not Track and Global Privacy Control

We honour the Global Privacy Control (GPC) signal as an opt-out of any non-essential cookies in the United States. We do not respond to legacy Do Not Track headers because the standard lacks consistent definition, but we apply the same opt-out outcome when GPC is detected.

8. Changes to this policy

We may update this Cookie Policy to reflect changes in our use of cookies. The effective date at the top of the page indicates the latest revision. Material changes will be highlighted through the consent banner.

9. Contact

Questions about this Cookie Policy can be sent to privacy@careosp.com. For legal correspondence, use legal@careosp.com.