Effective Date: November 20, 2025
Last Updated: November 20, 2025
This Cookie Policy explains how Lionheart Clinic Pty Ltd (ABN 43 675 012 601) ("Lionheart," "we," "us," or "our") uses cookies and similar tracking technologies on our website and platform (collectively, the "Platform").
By using the Platform, you consent to the use of cookies as described in this Cookie Policy. This Cookie Policy should be read in conjunction with our Privacy Policy and Terms of Service.
Cookies are small text files stored on your device (computer, tablet, or mobile phone) when you visit a website. They help the website remember information about your visit, such as your preferences, login status, and browsing behavior.
Similar technologies include:
These cookies are necessary for the Platform to function and cannot be disabled. They enable core functionality such as user authentication, security, and session management.
| Cookie Name | Purpose | Duration |
|---|---|---|
sb-access-token | User authentication (Supabase) | 1 hour |
sb-refresh-token | Session refresh (Supabase) | 30 days |
| Session cookies | Assessment progress auto-save | Session (expires when browser closes) |
Why essential cookies cannot be disabled: Without these cookies, you would not be able to log in, complete assessments, or book appointments. They are strictly necessary for the Platform to operate.
We plan to use analytics cookies to understand how visitors interact with our Platform, which helps us improve user experience and optimize our services.
| Service | Purpose | Duration |
|---|---|---|
| Google Analytics 4 (GA4) | Track page views, user flow, traffic sources | Up to 2 years |
_ga | Distinguish unique users | 2 years |
_ga_* | Persist session state | 2 years |
Data collected: Pages visited, time spent on pages, browser type, device type, geographic location (city/region level), referral source
Privacy note: Google Analytics does NOT collect personally identifiable information (PII) such as your name, email, or medical data.
We plan to use marketing cookies to track the effectiveness of our advertising campaigns and understand which channels bring visitors to our Platform.
| Service | Purpose | Duration |
|---|---|---|
| Facebook Pixel | Track conversions, build retargeting audiences | 90 days |
_fbp | Store and track visits across websites | 90 days |
| Google Ads | Track ad performance and conversions | Up to 540 days |
_gcl_* | Google Click Identifier for ad attribution | 90 days |
How marketing cookies work: When you visit our Platform from an advertisement (e.g., Facebook ad, Google search ad), a cookie is placed to track whether you complete a desired action (e.g., booking submission, assessment completion). This helps us understand which marketing campaigns are effective.
Privacy note: We do NOT share Protected Health Information (PHI) or medical data with advertising platforms. Marketing cookies only track general website activity, not your medical information.
We use cookies for the following purposes:
Some cookies are set by third-party services we use to provide functionality or analytics. We do not control these third-party cookies.
| Third Party | Purpose | Privacy Policy |
|---|---|---|
| Supabase | Authentication, database, file storage | View Policy |
| Google Analytics | Website analytics (planned) | View Policy |
| Meta (Facebook) | Advertising and retargeting (planned) | View Policy |
| Stripe | Payment processing (no tracking cookies) | View Policy |
Unlike the European Union (GDPR), Australian law does not require explicit cookie consent banners for most cookie types. However, we believe in transparency and want you to understand and control your cookie preferences.
You can control and delete cookies through your browser settings. Here's how:
Note: Blocking or deleting essential cookies will prevent you from using certain features of the Platform, such as logging in or completing assessments.
Google Analytics: You can opt out of Google Analytics tracking by installing the Google Analytics Opt-Out Browser Add-on.
Facebook Ads: Adjust your ad preferences at Facebook Ad Preferences.
Google Ads: Adjust your ad personalization settings at Google Ads Settings.
Some browsers support a "Do Not Track" (DNT) signal. Currently, there is no industry standard for how websites should respond to DNT signals. We do not currently respond to DNT signals, but we will review this as standards develop.
We take the security of cookie data seriously:
Important Privacy Protection:
We NEVER store Protected Health Information (PHI) or medical data in cookies. This includes:
All medical data is stored securely in our database in Sydney, Australia, with AES-256 encryption at rest. Cookies only store:
| Cookie Type | Retention Period |
|---|---|
| Session cookies | Deleted when browser closes |
| Authentication cookies | 30 days (or until logout) |
| Analytics cookies | Up to 2 years |
| Marketing cookies | Up to 540 days |
We may update this Cookie Policy from time to time to reflect:
When we make material changes, we will update the "Last Updated" date at the top of this page and notify you via email (if you have an account).
Current status: Analytics and marketing cookies are PLANNED but not yet implemented. We currently only use essential cookies for authentication and session management.
If you have questions or concerns about our use of cookies, please contact our Privacy Officer:
Privacy Officer: Kenneth Cheung
Email: privacy@lionheartclinic.com.au
Phone: (02) 8552 7393
Address: 112 May Street, St Peters, NSW 2044, Australia
Business Hours: Monday-Friday, 9:00 AM - 5:00 PM AEDT/AEST
For more information about how we protect your privacy and data:
Our cookie practices comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988, including:
For more information about your privacy rights, visit the Office of the Australian Information Commissioner (OAIC): www.oaic.gov.au