Conference & digital policies.

MEDIMUN's code of conduct, privacy, cookies, and terms — the policies that govern participation and use of our platform.

Cookie Policy

Last updated: 16 June 2026 · Version 2.0

In short: we do not use advertising or cross-site tracking cookies, and we do not run cookie-based analytics. If you simply browse www.medimun.org without logging in, we set no non-essential cookies — which is why you will not see a cookie consent banner. When you log in to MediBook, we set a small number of strictly necessary cookies so that you can stay securely signed in.

1. Who We Are

This Cookie Policy is issued by MEDIMUN, a non-profit educational programme organised by The English School, located at Presidential Palace Road and Kyriacou Matsi, Strovolos 1082, Nicosia, Cyprus. The English School is the Data Controller.

For cookie-related questions: 📧 info@medimun.org

This policy should be read together with our Privacy Policy.

2. What Are Cookies and Similar Technologies?

Cookies are small text files that a website stores on your device. They are widely used to make websites work, to keep you logged in, and to remember preferences.

Similar technologies include:

Local storage and session storage — browser storage used by web applications to remember information (for example, a display preference) without sending it to a server on every request;
Pixels / tags — small markers used to measure activity (we do not use third-party tracking pixels).

In this policy, "cookies" includes these similar technologies where the context applies.

We distinguish between:

First-party cookies — set by medimun.org;
Third-party cookies — set by a service loaded within a page (for example, an embedded payment or document viewer);
Strictly necessary cookies — required for the site or a security/authentication feature to function, and exempt from consent under the ePrivacy rules;
Non-essential cookies — used for analytics, preferences, or advertising. We do not set non-essential cookies.

3. Our Cookie Approach

MEDIMUN does not use tracking, advertising, or analytics cookies.

If you visit www.medimun.org without logging in, no cookies are set on your device beyond what is strictly required for basic, secure site functionality.
Our audience measurement is cookieless (see Section 5).
Because we do not set non-essential cookies, we do not display a cookie consent banner. This approach is, by design, privacy-protective for a platform used largely by minors.

4. Essential Cookies We Use

4.1 Authentication and Security Cookies (Set on Login)

When you log in to MediBook, our authentication system (Auth.js / NextAuth) sets a small number of strictly necessary cookies. Without them, you cannot remain logged in.

authjs.session-token (named __Secure-authjs.session-token over HTTPS) Stores your encrypted, signed session token so you remain securely logged in. Type: Essential / Authentication — Duration: Session / short-lived.
authjs.csrf-token (named __Host-authjs.csrf-token over HTTPS) A Cross-Site Request Forgery protection token that prevents unauthorised form submissions. Type: Essential / Security — Duration: Session.
authjs.callback-url (named __Secure-authjs.callback-url over HTTPS) Remembers where to return you after you complete sign-in. Type: Essential / Functional — Duration: Short-lived.

These cookies are:

strictly necessary — without them, secure authentication is not possible;
first-party — set by medimun.org, not by advertisers;
secure and host/secure-scoped — protected with the Secure, HttpOnly (where applicable), and SameSite attributes;
not used for tracking or profiling, and not sold or shared for advertising.

4.2 Bot Protection (Sign-up and Public Forms)

On account-creation flows and certain public forms, we use Google reCAPTCHA to prevent automated abuse, spam, and fraudulent registrations. reCAPTCHA is provided by Google and may set or read a cookie (for example, _GRECAPTCHA) on Google's domain, and processes limited technical data, to distinguish humans from bots.

We treat reCAPTCHA as strictly necessary for security and fraud prevention on the flows where it appears; it is not used for advertising. Your interaction with reCAPTCHA is subject to Google's Privacy Policy and Terms.

4.3 Functional Browser Storage

MediBook may use local storage in your browser for functional preferences that improve your experience — for example, remembering your light/dark theme choice. This information is first-party, stays on your device, is not a tracking cookie, and is not transmitted to advertisers.

5. Audience Measurement (Cookieless)

We use Vercel Web Analytics, provided by Vercel Inc., to understand aggregate usage of our website and platform. Vercel Web Analytics:

Does not set any cookie on your device and does not use local storage for tracking;
Produces anonymised, aggregated statistics (such as page views and feature performance) from request metadata;
Does not build advertising profiles, does not track you across other websites, and does not use persistent cross-session identifiers;
Is operated by Vercel Inc. as our sub-processor under a data processing agreement, on EU-region infrastructure where applicable.

Because this measurement operates without cookies, it does not require cookie consent under the ePrivacy rules. We do not use Google Analytics, Meta Pixel, Hotjar, or any other cookie-based analytics.

6. Cookies We Do Not Use

We explicitly do not use:

Advertising or targeting cookies of any kind;
Third-party analytics cookies (for example, Google Analytics or Meta Pixel);
Social-media cookies or sharing widgets that track users;
Behavioural profiling cookies;
Cross-site tracking technologies of any kind.

7. Third-Party Services That May Set Their Own Storage

Some third-party services integrated into MediBook may set their own cookies or storage entries when you actively interact with them:

Stripe — payment processing (school invoices only). Active when a School Director accesses payment pages; Stripe uses cookies for fraud prevention and to operate its checkout. See the Stripe Privacy Policy.
Google reCAPTCHA — active when you interact with reCAPTCHA on sign-up or public forms. See the Google Privacy Policy.

MEDIMUN has no control over the cookies set by these third parties on their own domains. Please refer to their respective privacy and cookie policies for details.

8. Managing Cookies

8.1 Browser Settings

You can control and delete cookies through your browser settings. General entry points:

Chrome: Settings → Privacy and Security → Third-party cookies / Site data
Firefox: Settings → Privacy & Security → Cookies and Site Data
Safari: Settings → Privacy → Manage Website Data
Edge: Settings → Cookies and site permissions

Note: deleting or blocking our essential authentication cookies will log you out of MediBook and prevent you from logging back in until you re-authenticate.

8.2 Logging Out

Logging out of MediBook clears your session cookie and ends your authenticated session. We recommend logging out on shared or public devices.

9. Do Not Track and Global Privacy Control

Some browsers send a "Do Not Track" (DNT) or "Global Privacy Control" (GPC) signal. Because we do not track you with cookies, do not run cookie-based analytics, and do not sell or share personal data for advertising, these signals have no non-essential processing to switch off. We respect the spirit of DNT and GPC in the design of our platform.

10. Changes to This Policy

We may update this Cookie Policy from time to time — for example, if we change our infrastructure or add a feature. When we make material changes, we will notify registered users by email and update the "Last updated" date and version at the top. Continued use of the Platform after the effective date constitutes acceptance of the updated policy.

11. Contact

For any cookie or privacy-related question:

MEDIMUN 📧 info@medimun.org 🌐 www.medimun.org

Data Controller The English School Presidential Palace Road and Kyriacou Matsi Strovolos 1082, Nicosia, Cyprus