🍪 Legal Document · Last Updated May 2025

Cookie Policy
What We Track,
What We Don't.

We use cookies sparingly and purposefully. This policy explains every cookie on HealingTourist — what it does, how long it lasts, and how you control it. Your medical privacy comes first: we will never use cookies to profile your health interests for advertising.

4 types Cookie categories
1 required Strictly necessary only
0 Health data tracked for ads
100% Opt-out available
Effective DateJanuary 1, 2025
Last UpdatedMay 1, 2025
Version1.3
ComplianceGDPR · ePrivacy · CCPA · PECR
🔒
Essential
Always On
⚙️
Functional
Optional
📊
Analytics
Optional
📢
Marketing
Opt-In Only
⚙️ Your Cookie Preferences
Choose which categories of cookies you allow. Your preferences are saved in your browser for 12 months and can be changed at any time.
🔒 Strictly Necessary Cookies
Required for the website to function. Includes login sessions, security tokens, form submissions, and your cookie consent record. Cannot be disabled.
Always On
⚙️ Functional Cookies
Remember your language preference, country, saved inquiry details, and other convenience settings to improve your browsing experience.
Enabled
📊 Analytics Cookies
Help us understand how visitors use HealingTourist using anonymised, aggregated data. No personal or health information is collected. Powered by Cloudflare Analytics (privacy-first, no fingerprinting).
Enabled
📢 Marketing Cookies
Used to measure the effectiveness of non-medical advertising campaigns. We never use marketing cookies to target ads based on your health searches or medical interests. Disabled by default — requires your explicit opt-in.
Disabled
✅ Your cookie preferences have been saved for 12 months. You can update them anytime.
1

What Are Cookies?

Cookies are small text files that websites place on your device — computer, smartphone, or tablet — when you visit them. They are widely used to make websites work efficiently, remember your preferences, and provide information to the website owner about how the site is being used.

Cookies are stored in your browser and sent back to the originating website each time you revisit it. They cannot execute programs or deliver viruses to your device. They are not harmful — but they can carry data about you that has privacy implications, which is why we are transparent about every cookie we use.

Types of Cookie by Origin

  • First-party cookies are set directly by HealingTourist and only accessible by HealingTourist. These include your session token, login state, and preference settings.
  • Third-party cookies are set by external services (such as analytics providers or payment processors) that we use. These cookies are accessible by those third parties and governed by their own privacy policies.

Types of Cookie by Duration

  • Session cookies exist only while your browser is open. They are deleted automatically when you close your browser and are used primarily for navigation and security during your current visit.
  • Persistent cookies remain on your device for a set period after your browser is closed — from a few days to several years — unless you delete them manually or they expire.
ℹ️

In addition to traditional cookies, HealingTourist may use related technologies such as local storage (to store your cookie consent choice), session storage (for temporary in-session data), and pixel tags (tiny transparent images used to confirm email opens). This policy covers all such tracking technologies collectively referred to as "cookies" throughout this document.

2

How HealingTourist Uses Cookies

HealingTourist uses cookies for a limited and specific set of purposes. We designed our cookie use around a core principle: your medical privacy comes before our marketing needs.

We use cookies to:

  • Keep you securely logged into your patient portal during your session
  • Remember your language, country, and communication preferences between visits
  • Protect the Platform from cross-site request forgery (CSRF) and other security threats
  • Understand — at an anonymised, aggregate level — how visitors navigate the website so we can improve it
  • Remember your cookie consent choices so we do not ask you repeatedly
  • Facilitate payment processing through PCI-DSS compliant third-party processors
  • Measure the reach of non-medical marketing campaigns where you have opted in
⚠️

What we do not do with cookies: We never use cookies to infer, record, or transmit information about your health conditions, medical searches, treatment interests, or any other health-related activity to third-party advertisers, data brokers, or any other external party. What you research on HealingTourist stays on HealingTourist.

3

Cookie Categories Overview

We organise all cookies on HealingTourist into four categories, consistent with the International Chamber of Commerce (ICC) UK Cookie Guide and GDPR guidance from the European Data Protection Board (EDPB).

Category Consent Required? Can Be Disabled? Health Data Risk Default State
🔒 Essential No — legitimate interest / legal obligation No — site would break None Always active
⚙️ Functional Yes — opt-out available Yes Minimal (preferences only) Active (opt-out)
📊 Analytics Yes — opt-out available Yes None (anonymised only) Active (opt-out)
📢 Marketing Yes — explicit opt-in required Yes Zero health data ever used Disabled (opt-in)
4

Essential Cookies Always Active

Essential cookies are strictly necessary for HealingTourist to function correctly. Without them, core services like logging in, submitting forms, and navigating securely cannot work. These cookies are set on the basis of legitimate interest (for security) and legal obligation (for consent record-keeping), and therefore do not require your consent under GDPR or CCPA.

Cookie NamePurposeDurationFirst / Third Party
ht_session Maintains your logged-in session in the patient portal. Expires when you close your browser or after 8 hours of inactivity. Session First-party
ht_csrf_token Cross-site request forgery protection token. Prevents malicious third-party sites from submitting unauthorised requests on your behalf. Session First-party
ht_consent Stores your cookie consent choices so we do not display the consent banner on every visit. Contains only a consent record — no personal data. 12 months First-party
ht_auth_token Secure authentication token used during login flows. Encrypted and invalidated upon logout. Session First-party
__cf_bm Cloudflare bot management cookie. Distinguishes between human visitors and automated bots to protect the Platform from abuse. Set by Cloudflare (our CDN and DDoS protection provider). 30 minutes Third-party (Cloudflare)
cf_clearance Cloudflare security challenge clearance. Confirms that you have passed a Cloudflare security check (e.g. CAPTCHA). Prevents repeated security challenges in the same session. 30 minutes Third-party (Cloudflare)
5

Functional Cookies Optional

Functional cookies remember choices you make and provide enhanced, personalised features. They make using HealingTourist more convenient — for example, remembering the country you're from so we pre-populate relevant content, or saving your progress through a multi-step inquiry form.

Functional cookies do not track you across other websites and do not share any data with third-party advertisers. The legal basis for these cookies is your consent. You can withdraw consent at any time via the preference panel above.

Cookie NamePurposeDurationFirst / Third Party
ht_country Remembers the country you selected or were detected in, to show relevant treatment cost comparisons and local contact information without re-asking each visit. 12 months First-party
ht_language Stores your language preference if you select a language other than English. Used to serve the site in your preferred language on return visits. 12 months First-party
ht_inquiry_draft Temporarily saves your progress in a multi-step inquiry or second opinion form so you can resume if you navigate away before completing. Cleared when inquiry is submitted or after 7 days. 7 days First-party
ht_currency Remembers your preferred display currency for cost comparison tables (USD, GBP, AUD, EUR). Does not process any payment information. 12 months First-party
6

Analytics Cookies Optional

Analytics cookies help us understand how HealingTourist is used — which pages are visited most, where users come from, and where they encounter difficulty. This allows us to improve the Platform. All analytics data is anonymised and aggregated before we ever view it. We cannot identify any individual from our analytics data.

🛡️

Privacy-first analytics: HealingTourist uses Cloudflare Web Analytics as our primary analytics tool. Unlike Google Analytics, Cloudflare Analytics does not use cookies for measurement, does not fingerprint individual users, does not track users across websites, and does not share data with advertising networks. For any supplemental analytics, we use server-side, cookieless measurement where possible. We do not use Google Analytics on medical inquiry pages, the patient portal, or any page where health information may be entered.

Cookie / Tool NameProviderPurposeDurationData Shared?
_cfzs / __cfwaitingroom Cloudflare Cloudflare Web Analytics — cookieless, privacy-preserving measurement of page views, referral sources, and device types. No personal data collected. Session Anonymised aggregates only
ht_page_view HealingTourist (first-party) Counts unique page visits for internal reporting only. Stores a randomly generated session ID — no personal identifiers. Automatically expires each session. Session Never shared
ht_ab_test HealingTourist (first-party) Records which version of A/B-tested page elements you see, so we can measure which design improvements work better. Contains only a test group letter (e.g., "A" or "B"). 30 days Never shared
🚫

Analytics cookies are never placed on: the patient portal login page, any page where you upload medical documents, the second opinion submission form, the medical inquiry form, or any page displaying your personal health information. Analytics are restricted to public-facing, informational pages only.

7

Marketing Cookies Opt-In Required

Marketing cookies may be used to measure the effectiveness of HealingTourist's non-medical awareness campaigns — for example, understanding how many people clicked an ad for "affordable healthcare abroad" before visiting our website. These cookies are disabled by default and are only activated if you explicitly choose to enable them.

❤️

Our commitment on marketing and health: HealingTourist will never use marketing cookies to build profiles based on health conditions, medical searches, or treatment interests. We will never share data from marketing cookies with advertising networks in a way that could allow those networks to infer your health status or medical needs. If you enable marketing cookies, they measure campaign reach only — never your medical activity.

Cookie NameProviderPurposeDurationHealth Data?
_fbp Meta (Facebook) Measures reach of Facebook/Instagram awareness campaigns promoting HealingTourist as a general service. Only activated if you opt in. Governed by Meta's Privacy Policy. 90 days Never — restricted to campaign reach only
_gcl_au Google Google Ads conversion measurement — records if a user reached our site after clicking a non-medical Google ad. Only activated if you opt in. No health-related keywords are used in campaigns tracked by this cookie. 90 days Never
ht_ref_campaign HealingTourist (first-party) Records the marketing campaign source (e.g., "summer-awareness-2025") that brought you to the site, for internal campaign measurement. Contains only a campaign identifier — no personal data. 30 days Never
8

Third-Party Cookies & Embedded Content

Some third-party services integrated into HealingTourist may set their own cookies. We review every third-party integration for privacy compliance before implementation, but we cannot fully control the behaviour of third-party cookies once set. We provide details of all known third-party cookie providers below.

Payment Processing

When you proceed to payment for facilitation services, you are redirected to a PCI-DSS compliant payment processor. That processor may set cookies necessary for the secure operation of the payment flow. These cookies are essential for the payment transaction and are governed by the payment processor's own privacy and cookie policy. HealingTourist never has access to your payment card data.

Video Consultation Platform

Secure video consultations are conducted through an end-to-end encrypted, HIPAA-compliant video platform. When you join a consultation, the video platform may set technical session cookies necessary for the call to function. These cookies are session-only, contain no health data, and are deleted when the call ends.

Cloudflare (CDN & Security)

HealingTourist's website is served through Cloudflare's content delivery network and protected by Cloudflare's security services. Cloudflare sets a small number of cookies for security and performance purposes (detailed in Section 4). Cloudflare's cookie use is governed by the Cloudflare Privacy Policy.

Embedded Maps

If hospital location maps are displayed on the Platform, they may be served by a mapping provider that sets cookies when the map is loaded. We use privacy-preserving map embedding settings where available to minimise cookie placement without your consent.

⚠️

Third-party privacy policies: Third-party cookies are subject to the privacy policies of those third parties, not HealingTourist's Privacy Policy. We encourage you to review the privacy policies of any third-party service you interact with through our Platform. HealingTourist is not responsible for the privacy practices of third-party providers.

9

Health Data & Cookies — Our Absolute Commitment

Because HealingTourist handles deeply sensitive medical information, we apply a higher standard to cookie use than most websites. The following commitments are absolute and unconditional:

HealingTourist's Unconditional Health & Cookie Commitments:

1. We will never use cookies to record, infer, or transmit the medical conditions, diagnoses, or health interests of any user to any third party.

2. We will never place analytics or marketing cookies on any page that handles protected health information (PHI), including all pages of the patient portal, second opinion submission forms, medical inquiry forms, and document upload pages.

3. We will never share cookie data with health insurance companies, employers, data brokers, or government entities in a way that reveals your health-related use of our Platform.

4. We will never use retargeting advertising based on the specific medical procedures, conditions, or treatment types you have researched on HealingTourist.

5. We will never sell cookie data, including anonymised or aggregate data derived from health-related page visits, to any third party.

Special Category Data Under GDPR

Under GDPR Article 9, health data is classified as "special category" personal data requiring explicit consent and heightened protection. HealingTourist does not use cookies to process special category health data. Any health information you share with us is processed under our Privacy Policy, not through cookie-based tracking, and is subject to HIPAA-grade protections described in that document.

Washington My Health MY Data Act

For Washington State residents, the My Health MY Data Act restricts the collection and sharing of consumer health data through tracking technologies, including cookies. HealingTourist's cookie practices comply with this Act. We do not use cookies to collect "consumer health data" as defined by the Act, including data inferring health conditions from your browsing activity on our site.

10

Your Cookie Rights

Depending on your location, you have specific legal rights regarding cookies and tracking technologies.

GDPR (EU)
UK GDPR & PECR
CCPA / CPRA (California)
ePrivacy Directive
Washington My Health MY Data
India DPDP Act 2023

Under GDPR & UK GDPR (EU & UK Residents)

  • Right to withdraw consent: You may withdraw your consent to non-essential cookies at any time via the preference panel above or by clearing your cookies in your browser. Withdrawal does not affect the lawfulness of processing before withdrawal.
  • Right to object: You may object to processing of your personal data through cookies on grounds relating to your particular situation.
  • Right to access: You may request details of what cookie data has been collected about you.
  • Right to erasure: You may request deletion of cookie-derived personal data we hold about you.

Under CCPA / CPRA (California Residents)

  • Right to opt out of sale/sharing: You may opt out of any "sale" or "sharing" of personal information collected through cookies. Note: HealingTourist does not sell cookie data, but this right is preserved.
  • Right to know: You may request disclosure of categories of personal information collected through cookies, the purpose of collection, and categories of third parties with whom it is shared.
  • Right to limit use of sensitive personal information: Cookie data that could constitute sensitive personal information under CPRA is processed only for the purpose for which it was collected.
  • Global Privacy Control (GPC): HealingTourist honours the Global Privacy Control browser signal. If your browser transmits a GPC signal, we treat it as an opt-out from the sale and sharing of personal information through cookies.

To exercise any of these rights in relation to cookie data, contact us at privacy@healingtourist.com with subject line "Cookie Rights Request."

11

How to Manage & Delete Cookies

You have full control over cookies on HealingTourist. There are three ways to manage your cookie preferences:

1. Our Preference Panel

The easiest way is to use the Cookie Preference Panel at the top of this page (or the banner when you first visit the site). Your choices are saved for 12 months. This is the most precise method, as it lets you enable or disable specific categories without affecting essential functionality.

2. Browser Settings

All major browsers allow you to control cookies through their settings. Note that blocking all cookies will prevent essential cookies from working, which will break login and form functionality on HealingTourist.

🔵
Google Chrome
Settings → Privacy & Security → Cookies and other site data
🟠
Mozilla Firefox
Settings → Privacy & Security → Cookies and Site Data
🔷
Microsoft Edge
Settings → Cookies and site permissions → Manage and delete cookies
🩶
Apple Safari
Preferences → Privacy → Manage Website Data
🔴
Opera
Settings → Advanced → Privacy & security → Site Settings → Cookies
📱
Safari (iOS)
Settings → Safari → Privacy & Security → Block All Cookies

3. Opt-Out Tools for Specific Third Parties

⚠️

Please note: Deleting cookies or opting out through browser settings will remove your saved cookie preferences, including your ht_consent cookie. On your next visit, you will be shown the cookie consent banner again. Your cookie preferences are browser-specific — if you use multiple browsers or devices, you will need to set preferences on each one separately.

12

Legal Basis for Cookie Use

HealingTourist processes cookies under the following legal bases, consistent with GDPR Article 6 and the ePrivacy Directive:

Cookie CategoryLegal Basis (GDPR)Legal Basis (CCPA)Consent Required?
🔒 Essential Art. 6(1)(f) Legitimate Interest (security, fraud prevention) + Art. 6(1)(c) Legal Obligation (consent logging) Necessary for service functionality — exempt from opt-out No
⚙️ Functional Art. 6(1)(a) Consent Consent (opt-out right preserved) Opt-out
📊 Analytics Art. 6(1)(a) Consent (anonymised analytics — some jurisdictions allow legitimate interest; we require consent regardless) Consent (opt-out right preserved) Opt-out
📢 Marketing Art. 6(1)(a) Explicit Consent — opt-in required Explicit consent — opt-in required Opt-in

For EU and UK residents, HealingTourist's cookie consent mechanism is designed to meet the standard of freely given, specific, informed, and unambiguous consent as required by GDPR Recital 32 and the UK ICO's guidance. Pre-ticked boxes are not used for optional cookies. Consent and refusal are equally easy to exercise.

13

Changes to This Cookie Policy

We may update this Cookie Policy from time to time to reflect changes in the cookies we use, the purposes for which we use them, or changes in applicable law. When we make changes, we will:

  • Update the "Last Updated" date at the top of this page
  • If changes are material — for example, adding a new category of cookie or a new third-party provider — display a renewed consent banner to all users
  • For EU/UK residents, re-obtain fresh consent where required by GDPR or the ePrivacy Directive
  • Notify registered users by email at least 14 days before material changes take effect

We encourage you to review this Cookie Policy periodically. The date of the most recent revision is always shown prominently. Previous versions of this Cookie Policy are available upon request at privacy@healingtourist.com.

14

Contact Us

For any questions, concerns, or requests related to this Cookie Policy or your cookie preferences, please contact us through the appropriate channel.

🔒 Privacy Officer
privacy@healingtourist.com
Subject: "Cookie Policy Inquiry"
Response within 48 business hours
⚖️ Regulatory Authorities
EU: Your local Data Protection Authority
UK: ICO — ico.org.uk
CA: CPPA — cppa.ca.gov
📬 Postal Address
HealingTourist, LLC
Attn: Privacy Officer
Wilmington, Delaware
United States of America
↑ Back to Top