What Are Cookies
Cookies are small text files that a website places on your device when you visit. They allow websites to remember information about your visit — like whether you're logged in, your language preference, or items you've viewed — so that your next visit is faster and more useful.
Session vs. persistent cookies
- Session cookies: These exist only for the duration of your browsing session. They are deleted automatically when you close your browser. Session cookies are typically used for things like keeping you logged in while you navigate between pages.
- Persistent cookies: These remain on your device after your browser is closed, until they expire or you delete them manually. They are used to remember your preferences and settings across visits.
First-party vs. third-party cookies
- First-party cookies: Set by the website you are visiting directly (in this case, controlhf.com or app.controlhf.com). These are generally used for essential site functionality and your personal preferences.
- Third-party cookies: Set by a domain other than the one you are visiting. These are typically placed by external services — such as analytics providers or advertising platforms — embedded on the page. Third-party cookies can track your activity across multiple websites.
No third-party advertising cookies in the patient app or care portal. Third-party tracking is limited to the public marketing site (controlhf.com) only. The patient-facing app and clinical care portal have a firm no-advertising-cookie commitment.
Why We Use Cookies
We use cookies and similar technologies for specific, defined purposes. Here is why each category of cookie exists on our properties:
- Authentication: Session cookies confirm that you are logged in as you navigate between pages in the app or care portal. Without these, you would need to re-enter your credentials on every page load.
- Security: CSRF (Cross-Site Request Forgery) tokens are stored in cookies to protect your account from certain types of web-based attacks where malicious sites try to perform actions on your behalf.
- Preferences: Functional cookies remember your settings — such as your preferred theme (light or dark), cookie consent choice, and display preferences — so you don't have to reconfigure them each visit.
- Analytics (marketing site only): We use privacy-first analytics to understand how visitors interact with controlhf.com so we can improve the site. We use Plausible Analytics, which does not use cookies or collect personally identifiable information.
- Advertising (marketing site only): On controlhf.com, we use LinkedIn and Google advertising cookies to measure the effectiveness of our marketing campaigns and reach healthcare professionals who may benefit from ControlHF. These cookies are not present in the patient app or care portal under any circumstances.
Cookies We Use
The following table lists all cookies and tracking technologies currently in use across ControlHF properties. We review and update this list whenever we add or remove cookies.
| Name | Type | Purpose | Duration | Provider |
|---|---|---|---|---|
session_token |
Necessary | Authenticates your logged-in session in the app and care portal | Session | ControlHF |
csrf_token |
Necessary | Protects against cross-site request forgery attacks on form submissions | Session | ControlHF |
cookie_consent |
Functional | Remembers your cookie consent choice so we don't show the banner on every visit | 1 year | ControlHF |
theme_pref |
Functional | Stores your UI theme preference (light or dark mode) across sessions | 1 year | ControlHF |
_plausible |
Analytics | Privacy-first, cookieless page view analytics on the marketing site. No PII collected, no cross-site tracking | Session | Plausible Analytics |
intercom-session |
Functional | Maintains your support chat session with our customer experience team so conversation context is preserved | 1 week | Intercom |
stripe_sid |
Necessary | Used by Stripe to identify your payment session during checkout for consumer plan subscriptions. No health data is shared with Stripe. | Session | Stripe |
_ga |
Analytics | Google Analytics — marketing site only (controlhf.com). Tracks aggregate page views and traffic sources to measure marketing effectiveness. Not present in the app or care portal. | 2 years | |
li_sugr |
Marketing | LinkedIn Insight Tag — marketing site only. Measures conversions from LinkedIn ad campaigns and enables retargeting of healthcare professionals on LinkedIn. | 90 days | |
_gcl_au |
Marketing | Google Ads conversion tracking — marketing site only. Measures whether visitors from Google Ads campaigns take specific actions on the site. | 90 days |
Cookies marked "marketing site only" are never present on app.controlhf.com or care.controlhf.com. This separation is enforced at the infrastructure level, not just through configuration.
Patient App & Care Portal
The ControlHF patient mobile app and the clinician care portal (care.controlhf.com) are held to a stricter standard than the public marketing website. The following is a firm, unconditional commitment:
- No third-party advertising cookies: We do not place any advertising or retargeting cookies in the patient app or care portal. No LinkedIn, Google Ads, Meta Pixel, or any other advertising technology is present in these environments.
- No behavioral tracking: We do not track individual user behavior for the purpose of building advertising profiles. We do not share patient usage patterns with ad networks or data brokers.
- Strictly necessary cookies only: In the patient app and care portal, only the cookies required for authentication (
session_token), security (csrf_token), and payment processing (stripe_sid) are used by default. - Functional cookies are opt-in: Functional cookies like
theme_prefandintercom-sessionare only set after you have been presented with a choice and have not opted out. These cookies do not track you across sites.
This is a firm commitment, not a policy that can be changed quietly. Any introduction of third-party tracking in the patient app or care portal would constitute a material change to this policy and would require 30 days' notice and updated user consent before taking effect.
Your Cookie Choices
You have meaningful control over the cookies placed on your device. Here are the options available to you:
Browser settings
All modern browsers allow you to view, manage, and delete cookies through their settings menus. You can configure your browser to block third-party cookies, block all cookies, or alert you before a cookie is set. Refer to your browser's help documentation for instructions:
- Chrome: Settings → Privacy and security → Cookies and other site data
- Safari: Settings → Safari → Privacy → Block All Cookies
- Firefox: Settings → Privacy & Security → Enhanced Tracking Protection
- Edge: Settings → Cookies and site permissions → Cookies and site data
Opt-out links
- Google Ads & Analytics opt-out: Visit adssettings.google.com to opt out of personalized ads, or install the Google Analytics Opt-out Browser Add-on available at tools.google.com/dlpage/gaoptout.
- LinkedIn opt-out: Visit linkedin.com/psettings/guest-controls to opt out of LinkedIn retargeting if you have a LinkedIn account, or use the LinkedIn opt-out form for non-members.
Cookie banner
When you visit controlhf.com for the first time, or after clearing your cookies, a cookie consent banner allows you to accept only necessary cookies, accept functional and analytics cookies, or accept all cookies including marketing cookies. Your choice is saved in the cookie_consent cookie and honored on future visits.
Disabling necessary cookies will break authentication. The session_token and csrf_token cookies are required for the app to function. Blocking these in your browser will prevent you from logging in. All other cookies can be blocked without affecting core functionality.
Third-Party Links
The ControlHF website and app may contain links to external websites, resources, and services that are not operated or controlled by ControlHF — for example, links to your healthcare provider's patient portal, the HHS Office for Civil Rights, or medical reference resources.
We are not responsible for the privacy practices, cookie policies, or content of any third-party websites you visit via links from our Services. Each external site operates under its own privacy and cookie policies, which we encourage you to review before providing any personal information.
The presence of a link to a third-party site does not constitute our endorsement of that site or its privacy practices.
Changes to This Policy
We may update this Cookie Policy from time to time to reflect changes in the cookies we use, changes in applicable law, or other operational reasons. When we make changes, we are committed to communicating them clearly:
- 30-day advance notice for material changes: If we introduce new cookie categories (for example, adding a new advertising platform to the marketing site), we will update this policy and the cookie consent banner at least 30 days before the change takes effect. Material changes include adding advertising or tracking technologies not previously described in this policy.
- Cookie banner updated: On your next visit to controlhf.com following a material change, the cookie consent banner will reappear to allow you to review and confirm your preferences for the updated cookie set.
- In-app notification: Active users of the patient app will receive an in-app notification when this Cookie Policy is updated, with a link to the updated policy.
- Effective date updated: The effective date at the top of this page will always reflect when the current version of this policy came into effect.
For minor changes — such as updating cookie duration information or correcting descriptive text — we may update the policy without advance notice, but the effective date will be updated to reflect the change.
Questions or concerns? If you have any questions about our cookie practices or want to understand more about how a specific cookie works, email us at privacy@controlhf.com. We're committed to full transparency.