Cookie Policy
Last updated: January 27, 2026
Cookies are small text files stored on your device when you visit a website. This policy explains what cookies we use and why, and your choices regarding cookies.
1. Types of Cookies We Use
1.1 Strictly Necessary Cookies
Purpose: Essential for the platform to function. Without these, services like logging in or booking appointments cannot be provided.
Duration: Session or up to 1 year
Legal Basis: Legitimate interest (GDPR Article 6(1)(f)) - necessary to provide the service you've requested.
Cannot be disabled - Platform won't work without them.
1.2 Functional Cookies
Purpose: Remember your choices and preferences for enhanced, personalized features.
Duration: Up to 1 year
Legal Basis: Consent (GDPR Article 6(1)(a)) or legitimate interest for basic functionality.
Can be disabled - Platform will work but won't remember preferences.
1.3 Analytics Cookies
Purpose: Help us understand how visitors use our platform so we can improve it.
Duration: Up to 2 years
Legal Basis: Consent (GDPR Article 6(1)(a))
Can be disabled - We use anonymized, aggregated data only.
1.4 Marketing Cookies (Future)
Purpose: Show you relevant ads and measure campaign effectiveness.
Status: NOT currently used. If implemented, we will notify you, request explicit consent, and provide easy opt-out.
Legal Basis: Consent (GDPR Article 6(1)(a))
2. Cookies We Use in Detail
| Cookie Name | Purpose | Type | Duration | Provider |
|---|---|---|---|---|
__vitaflow_session | Keep you logged in | Strictly Necessary | Session | VitaFlow Care |
__vitaflow_csrf | Prevent CSRF attacks | Strictly Necessary | Session | VitaFlow Care |
__vitaflow_lang | Remember language preference | Functional | 1 year | VitaFlow Care |
__vitaflow_consent | Remember cookie consent | Strictly Necessary | 1 year | VitaFlow Care |
_ga | Google Analytics (anonymized) | Analytics | 2 years | |
_gid | Google Analytics identifier | Analytics | 24 hours | |
__cf_bm | Cloudflare bot management | Strictly Necessary | 30 minutes | Cloudflare |
3. Third-Party Cookies
3.1 Google Analytics (Analytics)
What it does: Helps us understand how users interact with our platform using anonymized data.
Cookies: _ga, _gid, _gat
Privacy: IP anonymization enabled, data shared with Google in aggregated form only.
3.2 Cloudflare (Security & Performance)
What it does: Protects our platform from DDoS attacks, improves loading speed via CDN.
Cookies: __cf_bm, __cflb, __cfduid
Privacy: Cloudflare does NOT track users across sites. Cookies used only for security and load balancing.
3.3 Firebase Authentication (Authentication)
What it does: Manages user authentication securely.
Cookies: Various Firebase session cookies
Privacy: Data processed in EU region, complies with GDPR.
3.4 Vercel (Hosting)
What it does: Hosts our frontend application.
Cookies: __vercel_live_token (if using preview deployments)
Privacy: EU edge network, GDPR compliant.
4. Managing Your Cookie Preferences
4.1 Our Cookie Consent Tool
When you first visit, you'll see a cookie banner with options:
- Accept All: Allow all cookies (recommended for best experience)
- Reject Non-Essential: Only strictly necessary cookies
- Customize: Choose specific cookie categories
You can change preferences anytime in Account Settings → Privacy → Cookies or by clicking 'Cookie Preferences' in the footer.
4.2 Browser Settings
You can control cookies through your browser settings. Be aware that blocking all cookies may prevent the platform from working correctly.
5. Do Not Track (DNT)
We respect Do Not Track (DNT) signals. If you have DNT enabled in your browser, we will not set analytics or marketing cookies.
6. Cookies and Your Rights
Under GDPR, you have the right to withdraw consent for non-essential cookies, object to their use, and access information about collected data. Exercise these rights through our Cookie Preferences tool, by contacting [email protected], or by contacting the Belgian DPA.
7. Contact Us
For questions about this Cookies Policy, please contact us at [email protected].