Cookie Policy
Last updated: February 11, 2026. These policies are subject to change.
1. What Are Cookies
Cookies are small text files stored on your device (computer, tablet, or mobile phone) when you visit a website. They are widely used to make websites work efficiently, provide a better user experience, and give website operators useful information.
This Cookie Policy explains how MedSpa CRM, operated by CodeCanvas Collective, uses cookies and similar technologies. This policy should be read together with our Privacy Policy.
2. How We Use Cookies
We use cookies for the following purposes:
- Authentication: To identify you when you log in and maintain your session
- Security: To support security features and detect malicious activity
- Preferences: To remember your settings and display preferences
- Functionality: To enable platform features that depend on recognizing your browser
We do not use cookies for third-party advertising or cross-site tracking.
3. Cookie Categories
3.1 Strictly Necessary Cookies
These cookies are essential for the platform to function. They enable core features such as authentication, session management, and security. You cannot opt out of these cookies as the Service will not function without them.
3.2 Functional Cookies
These cookies remember your preferences and settings to provide a more personalized experience. For example, they may remember your sidebar state or display preferences. Disabling these cookies may reduce functionality but will not prevent you from using the Service.
3.3 Analytics Cookies
We may use analytics cookies to understand how users interact with our platform, helping us improve the user experience. Currently, we do not use third-party analytics services. If we introduce analytics cookies in the future, this policy will be updated.
4. Specific Cookies We Use
| Cookie Name | Purpose | Category | Duration |
|---|---|---|---|
| next-auth.session-token | Maintains your authenticated session | Strictly Necessary | Session / 30 days |
| next-auth.csrf-token | Prevents cross-site request forgery attacks | Strictly Necessary | Session |
| next-auth.callback-url | Stores redirect URL after authentication | Strictly Necessary | Session |
| sidebar-collapsed | Remembers sidebar open/closed state | Functional | 1 year |
5. Third-Party Cookies
We currently do not use any third-party marketing, advertising, or tracking cookies. Our platform does not engage in cross-site tracking or behavioral advertising.
Some integrated third-party services (such as Square for payment processing) may set their own cookies when you interact with their features. These cookies are governed by the respective third party's cookie and privacy policies.
6. Managing Your Cookie Preferences
You can manage cookies through your browser settings. Most browsers allow you to:
- View what cookies are stored and delete them individually
- Block third-party cookies
- Block cookies from specific sites
- Block all cookies
- Delete all cookies when you close your browser
Please note that blocking or deleting strictly necessary cookies will prevent you from logging into and using the MedSpa CRM platform.
For instructions on managing cookies in popular browsers:
7. Changes to This Policy
We may update this Cookie Policy to reflect changes in our practices or for operational, legal, or regulatory reasons. Any changes will be posted on this page with an updated "Last updated" date.
8. Contact Us
If you have questions about our use of cookies, contact us at:
- Email: [email protected]
- Support: [email protected]
CodeCanvas Collective
MedSpa CRM Platform