Short version: We use a handful of first-party cookies to keep you signed in safely
and remember your preferences. We do not use any third-party analytics, advertising,
retargeting, or tracking cookies. We do not sell or share your personal information.
You can review or change your preferences at any time using the button below.
Why We Use Cookies
YourMD Telehealth uses first-party cookies to:
Authenticate users securely and maintain HIPAA-compliant session continuity
Protect against cross-site request forgery (CSRF) and session fixation attacks
Optionally remember trusted devices so you don’t have to complete MFA on every login
Optionally remember your facility / role preference
Remember your own cookie preferences so we don’t show the banner on every visit
We do not use third-party cookies. We do not load tracking pixels. We do not sell or share your browsing data with any advertising network.
Cookie Categories
Strictly Necessary Always on
Required for the platform to function securely. Cannot be disabled. You cannot use YourMD Telehealth without accepting these.
YOURMD_SECURE_SESSION — PHP session identifier for authenticated login state
ymd_cookie_consent — your cookie preferences (this one!)
Functional Opt-in
Remember convenience preferences across sessions. Off by default — enable via the preferences button above.
YOURMD_AUTH_TOKEN — 30-day remember-me token (only set if you check “Keep me signed in” at login)
device_token — trusted device recognition, lets you skip MFA on known devices for up to 30 days
pc_facility — remembered facility selection for multi-facility providers
Analytics Not used
We do not currently use any analytics cookies. No Google Analytics. No Matomo. No Adobe Analytics. No Mixpanel. No Hotjar. No session recording. The preference toggle exists for forward-compatibility; if we ever add de-identified usage measurement it will be announced in this document first.
Marketing & Advertising Not used
We do not use marketing or advertising cookies. No Facebook pixel. No Google Ads tag. No LinkedIn Insight Tag. No retargeting. No cross-site tracking. We will never sell or share your browsing data. This is enforced by the lack of any third-party script loads on our pages — you can verify it in your browser’s developer tools Network tab.
Complete Cookie Inventory
Cookie Name
Category
Purpose
Lifetime
First-party
YOURMD_SECURE_SESSION
Strictly necessary
Authenticated session identifier
30 minutes idle timeout
Yes
YOURMD_CSRF_TOKEN
Strictly necessary
CSRF protection token
Session
Yes
YOURMD_PACKET_REF
Strictly necessary
Session integrity reference
Session
Yes
ymd_cookie_consent
Strictly necessary
Your cookie preferences
12 months
Yes
YOURMD_AUTH_TOKEN
Functional (opt-in)
“Remember me” at login
30 days
Yes
device_token
Functional (opt-in)
Trusted device recognition for MFA
30 days
Yes
pc_facility
Functional (opt-in)
Facility preference
365 days
Yes
Your Choices
Cookie preferences button: click the button at the top of this page (or the “Cookie preferences” link in our site footer) to review or change which categories you’ve allowed.
Browser settings: every modern browser lets you block or delete cookies from its privacy settings. Deleting cookies will sign you out of YourMD and you’ll need to complete MFA again.
Strictly necessary cookies: cannot be disabled because the platform cannot function without them (login, CSRF protection, session integrity). Rejecting functional cookies still lets you use everything — you just won’t get remember-me or trusted-device conveniences.
No third-party cookies: we do not set or permit any third-party cookies. Open the Network tab in your browser’s developer tools — every request you see goes to telehealth.yourmd.online.
California residents: under the CCPA/CPRA, you have the right to opt out of the sale or sharing of your personal information. We do not sell or share your personal information, so there is nothing to opt out of. The preferences panel is provided for completeness.
EU / UK residents: under GDPR and the ePrivacy Directive, your consent to non-essential cookies is entirely voluntary. You can withdraw it at any time via the preferences button.
Cookie Security
We implement industry-standard security measures for all cookies:
Secure flag: Cookies are only transmitted over HTTPS
HttpOnly flag: Prevents client-side script access
SameSite attribute: Protects against CSRF attacks
Encryption: Sensitive cookie data is encrypted
Updates to This Policy
We may update this Cookie Disclosure as our platform evolves. Check this page periodically for changes. Your continued use of the platform constitutes acceptance of any updates.
Questions?
For questions about our use of cookies or tracking technologies, contact:
