Cookie Policy

Last updated: December 23, 2024

Introduction

M2atech Solutions Inc. ("M2A DocAssist", "we", "our") is committed to respecting your privacy and being transparent about the technologies we use on our platform. This Cookie Policy explains what cookies are, which ones we use, and how you can control them. Our approach: Complete transparency, minimal data collection, and respect for your privacy.

What is a cookie?

A cookie is a small text file (typically 1-4KB) that is stored on your device (computer, tablet, smartphone) when you visit a website. Cookies allow websites to remember your login status, store your preferences (language, theme), maintain security, and analyze how the site is used. Cookies can be first-party (set by M2A DocAssist directly) or third-party (set by external services - we minimize these).

Our commitment: ZERO advertising tracking

IMPORTANT: M2A DocAssist uses NO tracking, advertising, or behavioral analysis cookies.

  • NO Google Analytics or similar analytics tracking
  • NO Facebook Pixel or social media tracking
  • NO advertising cookies or ad networks
  • NO cross-site tracking or behavioral profiling
  • NO marketing retargeting pixels
  • We use ONLY cookies essential to operation plus 2 optional functional cookies for your convenience

Cookies we use

1. Strictly necessary cookies (mandatory)

These cookies are ESSENTIAL for the platform to function. You CANNOT refuse these cookies if you want to use M2A DocAssist. They do not track you or store personal information beyond what's necessary for authentication and security.

  • auth_token (Authentication Token)
    • Purpose: Maintains your authenticated session; allows you to stay logged in as you navigate between pages. Data stored: Encrypted JWT token (no personal information in plain text)
    • Duration: Expires after 24 hours of inactivity or on logout
    • Third-party: No (1st party, HTTP-only, Secure flag)
  • refresh_token (Refresh Token)
    • Purpose: Enables automatic session renewal without requiring you to log in again. Data stored: Encrypted refresh token
    • Duration: 7 days maximum
    • Third-party: No (1st party, HTTP-only, Secure flag)
  • last_activity (Last Activity)
    • Purpose: Records the time of your last activity to manage session expiration. Data stored: Timestamp
    • Duration: Session duration
    • Third-party: No (1st party)
  • csrf_token (CSRF Protection)
    • Purpose: Protects against Cross-Site Request Forgery (CSRF) attacks; ensures requests come from legitimate sources. Data stored: Random security token
    • Duration: 24 hours maximum
    • Third-party: No (1st party)

2. Functional local storage (optional)

This data is stored locally in your browser (localStorage) rather than as traditional cookies. It enhances your user experience but is NOT essential.

  • NEXT_LOCALE (Language Preference)
    • Purpose: Remembers your language preference (French or English) so you don't have to select it every visit. Data stored: Two-letter language code (fr or en). Note: This preference is also saved on your user profile server-side.
    • Duration: Persistent until manual deletion
    • Third-party: No (local storage)
  • theme (Theme Preference)
    • Purpose: Remembers your display preference (light mode or dark mode). Data stored: Theme preference (light or dark). Managed by next-themes.
    • Duration: Persistent until manual deletion
    • Third-party: No (local storage)

Cookies we explicitly DO NOT use

For your complete peace of mind, here's a comprehensive list of tracking technologies we DO NOT use:

  • Analytics: Google Analytics, Google Tag Manager, Mixpanel, Amplitude, Segment, Heap Analytics
  • Advertising: Google Ads/AdWords, Facebook Pixel, LinkedIn Insight Tag, Twitter conversion tracking, retargeting pixels
  • Social Media: Facebook social plugins, LinkedIn sharing buttons, Twitter widgets, Instagram embeds
  • Session Recording: Hotjar, FullStory, LogRocket, Smartlook
  • Live Chat (Third-party): Intercom, Drift, Zendesk Chat

Third-party services and cookies

Stripe (Payments)

We minimize third-party cookies. The only external service that may set cookies is our payment processor. During the payment/checkout process only, on Stripe's hosted payment pages (not on M2A DocAssist pages):

  • Name: __stripe_mid - Purpose: Fraud prevention and device fingerprinting - Duration: 1 year
  • Name: __stripe_sid - Purpose: Session management during payment - Duration: 30 minutes
  • Data stored: Anonymous identifiers for fraud detection
  • Privacy Policy: https://stripe.com/privacy

IMPORTANT: These Stripe cookies are set only on Stripe's payment pages when you are adding/updating payment methods. They are NOT present on M2A DocAssist's main application pages.

How to manage your cookies?

Via your browser

All modern browsers allow you to view, manage, and delete cookies:

  • Chrome: Menu (⋮) > Settings > Privacy and security > Cookies > See all site data
  • Firefox: Menu (☰) > Settings > Privacy & Security > Cookies and Site Data > Manage Data
  • Safari: Preferences > Privacy > Manage Website Data
  • Edge: Menu (⋯) > Settings > Cookies and site permissions > Manage and delete cookies

WARNING: If you block ALL cookies, you will NOT be able to log in to M2A DocAssist, as session cookies are essential for authentication.

On M2A DocAssist

Functional cookies (language and theme) can be managed directly in your account: 1. Log in to your M2A DocAssist account, 2. Go to Settings > Preferences, 3. Toggle language and theme preferences. Note: Strictly necessary cookies (session, CSRF) cannot be disabled while using the platform.

Cookie retention and deletion

  • Authentication cookies (auth_token, refresh_token): Deleted after 24 hours of inactivity or 7 days maximum for refresh_token
  • CSRF cookie (csrf_token): Deleted after 24 hours
  • Local storage (theme, NEXT_LOCALE): Persistent until manual deletion via browser developer tools
  • Manual deletion: Possible at any time via your browser's cookie management tools
  • Account deletion: All cookies associated with your account are deleted when you close your account

Changes to this policy

We may update this Cookie Policy from time to time to reflect: changes in cookies we use, new browser technologies, updated privacy regulations, or user feedback and requests. Minor changes will be updated immediately. Material changes (new cookies, new third parties) will be notified via email 30 days before they take effect.

Questions and contact

If you have questions about our use of cookies, or wish to exercise your rights regarding cookie data:

M2atech Solutions Inc. - Data Protection Officer: Abdoulaye Mohamed Ahmed
Email: contact@m2adoc.com | Phone: 506 850 6548 | Website: m2adoc.com | Response time: 5 business days

Quick summary

What we use:

  • 4 essential cookies (auth_token, refresh_token, last_activity, csrf_token)
  • 2 local storage items (language + theme)
  • 0 tracking cookies
  • 0 advertising cookies
  • 0 behavioral analysis cookies

Maximum 4 HTTP cookies on M2A DocAssist pages (all first-party) + 2 localStorage items. Third-party cookies: Only on Stripe payment pages (2 cookies).

By using M2A DocAssist, you accept our use of strictly necessary cookies (session and CSRF protection). Functional cookies (language and theme) are optional and can be disabled in your account settings or browser. If you do not accept cookies, you cannot use M2A DocAssist, as session cookies are essential for authentication and security.
Last updated: December 23, 2024 | Version: 1.2