Cookies Policy
Novapulse by Coconut Ventures LLC
Effective Date: March 10, 2026
1. What Are Cookies?
Cookies are small text files placed on your device when you visit a website. They help websites remember your preferences, understand how you use the site, and improve your overall experience. Some cookies are essential for the website to function, while others help us analyze usage patterns.
This Cookies Policy explains what cookies Novapulse (novapulse.care), operated by Coconut Ventures LLC, uses, why we use them, and how you can manage your preferences.
2. How Novapulse Uses Cookies
Novapulse uses a limited set of cookies, consistent with our commitment to privacy and compliance with HIPAA and SOC 2 standards. We use cookies strictly for operational and analytical purposes. We do not use cookies for advertising or third-party ad targeting.
3. Types of Cookies We Use
3.1 Essential Cookies (Strictly Necessary)
These cookies are required for the core functionality of Novapulse and cannot be disabled. They enable:
- User authentication and secure session management
- CSRF (Cross-Site Request Forgery) protection
- Load balancing and server routing
- Cookie consent preference storage
| Cookie Name | Purpose | Duration |
|---|---|---|
| session_id | Maintains authenticated user session | Session |
| csrf_token | Prevents cross-site request forgery attacks | Session |
| cookie_consent | Stores user cookie preferences | 12 months |
| __cf_bm | Cloudflare bot management (if applicable) | 30 minutes |
3.2 Analytics Cookies (Performance)
These cookies help us understand how users interact with Novapulse so we can improve our platform. Analytics data is collected in aggregate and does not identify individual patients or their health information. We use Google Analytics for this purpose:
| Cookie Name | Purpose | Duration |
|---|---|---|
| _ga | Google Analytics: Distinguishes unique users | 2 years |
| _ga_* | Google Analytics: Maintains session state | 2 years |
| _gid | Google Analytics: Distinguishes users (24hr) | 24 hours |
Important: Analytics cookies never collect, process, or store any PHI or voicemail content. Analytics are limited to platform usage metrics (page views, feature adoption, session duration).
4. Cookies and Protected Health Information (PHI)
Novapulse does not store any Protected Health Information (PHI) in cookies.
Voicemail content, patient names, health information, and all other PHI are stored exclusively in encrypted server-side databases and are never placed in browser cookies, local storage, or any client-side storage mechanism.
5. Managing Your Cookie Preferences
5.1 Cookie Consent Banner
When you first visit Novapulse, you will see a cookie consent banner that allows you to accept or reject non-essential (analytics) cookies. Essential cookies cannot be disabled as they are required for the platform to function.
5.2 Browser Settings
You can also manage cookies through your browser settings. Most browsers allow you to:
- View cookies currently stored on your device
- Block all or specific cookies
- Delete existing cookies
- Set preferences for specific websites
Please note that disabling essential cookies may prevent Novapulse from functioning correctly, including disrupting your authenticated session.
5.3 Analytics Opt-Out
You can opt out of analytics tracking through:
- Google Analytics: Install the Google Analytics Opt-out Browser Add-on (tools.google.com/dlpage/gaoptout).
- Do Not Track: Novapulse respects the Do Not Track (DNT) browser signal. When DNT is enabled, analytics cookies will not be set.
6. Third-Party Cookies
Google Analytics, described above, may set its own cookies. Google has its own privacy policy governing the use of these cookies:
- Google Analytics: policies.google.com/privacy
We have configured Google Analytics to anonymize IP addresses and to not collect any data that could be classified as PHI.
7. Cookie Security Measures
Consistent with our SOC 2 and HIPAA compliance programs, all cookies used by Novapulse adhere to the following security standards:
- Secure Flag: All cookies are transmitted only over HTTPS connections.
- HttpOnly Flag: Session cookies are not accessible via JavaScript, mitigating XSS risks.
- SameSite Attribute: Cookies are set with SameSite=Strict or SameSite=Lax to prevent CSRF attacks.
- Encryption: Session identifiers are cryptographically generated and do not contain user data.
- Expiration: Session cookies expire when the browser is closed or after a defined inactivity timeout.
8. Changes to This Cookies Policy
We may update this Cookies Policy to reflect changes in our practices or for legal, operational, or regulatory reasons. Updates will be posted at novapulse.care with a revised effective date. Material changes will be communicated via email or in-app notification.
9. Contact Us
If you have questions about our use of cookies, please contact us:
Coconut Ventures LLC
Louisville, Kentucky, USA
Email: privacy@novapulse.care
Website: novapulse.care