Cookie & Analytics Policy

Essential cookies are strictly necessary for the platform to function. They cannot be disabled without breaking core features such as authentication and security. We do not use these cookies for advertising or profiling purposes.

Authentication session cookie

When you sign in, Cavitech AI creates a session cookie managed by Lucia v3. This cookie identifies your authenticated session so you can navigate the platform without re-entering your credentials on every page. The session uses a 14-day sliding expiration—each time you actively use the platform, the expiration window resets, so you stay signed in as long as you return within 14 days. If you do not visit the platform for 14 consecutive days, the session expires and you will need to sign in again.

CSRF protection cookie

A Cross-Site Request Forgery (CSRF) token cookie is set alongside your session to verify that form submissions and API requests originate from our platform and not from a malicious third-party site. This is a standard security measure that protects your account from unauthorised actions.

Region preference cookie

We store a lightweight cookie to remember your selected region or locale preference (for example, South Africa or United Kingdom). This ensures that currency formatting, regulatory references, and language settings persist across your visits without requiring you to re-select them each time.

Our public demo at /demo allows prospective users to explore Cavitech AI without creating an account. Because there is no authenticated session in demo mode, we use browser fingerprinting to manage demo sessions and enforce fair-use rate limits.

How fingerprinting works

We collect a set of browser and device attributes—such as screen resolution, installed fonts, timezone, and browser version—and generate a one-way cryptographic hash. This hash acts as a pseudonymous session identifier. We do not store or reverse-engineer the raw attributes; only the resulting hash value is retained.

Purpose and scope

The fingerprint hash is used solely for two purposes: (1) maintaining continuity within a demo session so that your uploaded X-rays and analysis results persist while you explore, and (2) enforcing rate limits to prevent abuse of the free demo service. It is never linked to personally identifiable information (PII), advertising profiles, or cross-site tracking.

Retention

Fingerprint hashes and associated demo session data are automatically deleted after 30 days of inactivity. If you revisit the demo after that period, a new session will be created.

We collect anonymised, aggregated analytics to understand how Cavitech AI is used, identify performance issues, and prioritise improvements. Analytics data is never used to identify individual users or to track clinical interactions with patient data.

What we collect

• Pages visited and navigation paths within the platform
• Session duration and frequency of visits
• Device type, browser name and version, and operating system
• General geographic location (country or region level, derived from IP address—we do not store your full IP address)

What we do not collect

• Any data from patient X-ray analysis sessions, chat interactions, or clinical reports
• Personally identifiable information such as names, email addresses, or account details via analytics
• Keystroke patterns, form field inputs, or mouse movement recordings

How analytics data is processed

All analytics data is aggregated and anonymised before it is used for reporting. Individual data points cannot be traced back to a specific user. We use this information to measure feature adoption, detect errors or slow-loading pages, and plan product improvements. Analytics data is not sold or shared with third parties for advertising purposes.

You have control over the cookies stored on your device. The approach differs depending on whether a cookie is essential or non-essential.

Browser settings

Most modern browsers allow you to view, manage, and delete cookies through their privacy or settings menus. You can configure your browser to block all cookies, block only third-party cookies, or prompt you before accepting each cookie. Refer to your browser’s help documentation for specific instructions.

Impact of blocking essential cookies

If you block or delete essential cookies (the session, CSRF, and region preference cookies described in Section 01), core platform functionality will be affected. Specifically, you will not be able to sign in or maintain an authenticated session, and you may need to re-select your region preference on every visit.

Cookie consent for EU/UK visitors

If you access Cavitech AI from the European Union or the United Kingdom, you will be presented with a cookie consent banner before any non-essential cookies or analytics tracking are activated. Essential cookies (authentication, CSRF, and region preference) are set without consent as they are strictly necessary for the service to operate, in line with applicable regulations. You can update your consent preferences at any time through the cookie settings link in the platform footer.