Cookie Policy
Version: 1.1 • Last updated: 11 Oct 2025
1. Purpose
This Cookie Policy explains how Digital Care Systems L.L.C ("DCS") uses cookies and similar technologies on the MHIRA Health Information System ("MHIRA") and related websites. We currently use only essential cookies necessary to operate the platform securely and efficiently.
2. What are cookies
Cookies are small text files stored on your device when you visit a website. They allow the site to remember information between sessions — for example, keeping you logged in or saving preferences.
3. Summary of use
- Essential cookies for authentication and secure access to MHIRA.
- No marketing cookies.
- No analytics cookies by default. If introduced, they will be subject to prior consent and documented here.
4. Cookies we set (first‑party)
| Name | Type | Purpose | Retention | Attributes | Notes |
|---|---|---|---|---|---|
| firebase-token | Essential | Session authentication (Firebase ID token for server-side use) | Up to 7 days | HttpOnly; Secure (production); SameSite=Lax; Path=/; Domain: host-only | Set by Next.js API routes after login. Not accessible to JavaScript. |
| authToken | Essential (legacy) | Session authentication in legacy/static flows | ~1 hour | Not HttpOnly; Secure; SameSite=Strict; Path=/; Domain: host-only | Being deprecated. Only present in legacy/static authentication pages; not used in the main Next.js flow. |
We are standardising on a single HttpOnly session cookie (firebase-token). Legacy uses of authToken are being phased out.
5. Managing cookies
Most browsers accept cookies automatically. You can control or delete cookies in your browser settings. Blocking essential cookies may prevent you from logging in or using core MHIRA functionality.
6. Third‑party services
| Provider | Purpose | Cookies/Storage | Notes |
|---|---|---|---|
| Google Firebase (Google LLC) | Authentication and secure session verification | Firebase ID tokens (stored in our first‑party cookie) | Essential; required for login and access control. |
| DigitalOcean | Hosting infrastructure and object storage (Spaces) | None directly | No tracking or marketing cookies. |
| Postmark (ActiveCampaign LLC) | Transactional email delivery | None | No cookies used. |
| Google Cloud KMS | Encryption key management | None | No cookies used. |
7. Legal basis and consent
- Essential cookies: contractual necessity and/or legitimate interests. Consent not required for strictly necessary cookies.
- Optional cookies (if introduced): we will ask for your consent before setting any non‑essential cookies.
8. Updates
We may update this Cookie Policy to reflect changes in technology, our services, or regulations. The current version is available at this page and includes the date of last revision.