What Cookies We Use, Why, and How to Control Them
This page explains the cookies and similar technologies used on state-medical-board.org/, what they do, who provides them, and how you control them under U.S. state privacy laws and ePrivacy frameworks.
What’s on this page
1. What Cookies Are
Cookies are small text files that a website places on your device when you visit. They allow the site to remember information across pages and visits โ language preferences, whether you’ve dismissed a notice, whether you’ve agreed to analytics. We also use closely-related browser-storage technologies (localStorage, sessionStorage, web beacons / pixel tags). For brevity we refer to all of them as “cookies” on this page.
2. Legal Framework
Cookie use on state-medical-board.org/ is governed by:
- U.S. state comprehensive privacy laws โ California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), Texas Data Privacy and Security Act (TDPSA), Florida Digital Bill of Rights (FDBR), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), and similar laws in Utah, Oregon, Montana, Iowa, Indiana, Tennessee, NJ, NH, KY, MN, MD, RI, DE
- FTC Section 5 โ prohibition on unfair or deceptive practices, applied by the FTC to cookie disclosure and consent
- Children’s Online Privacy Protection Act (COPPA), 15 U.S.C. ยงยง6501โ6506 โ restrictions on children under 13
- Global Privacy Control (GPC) โ recognised as a valid universal opt-out signal under CCPA/CPRA, CPA, CTDPA, and other state laws
- EU GDPR / UK GDPR and ePrivacy โ for visitors from those jurisdictions
3. Cookie Categories
Strictly necessary
Without these the site won’t work โ security, navigation, the cookie banner itself, your consent record. No consent required.
Functional
Remember preferences (text size, dismissed notices). Improves experience but the site works without them.
Analytics
Aggregated traffic measurement so we can see which guides are useful and where pages need work.
Advertising
Display advertising and frequency capping so you don’t see the same ad repeatedly. Funds the site.
4. First-Party Cookies We Set
| Name | Category | Purpose | Lifetime |
|---|---|---|---|
smb_consent | Strictly necessary | Records your cookie-banner choice so the banner doesn’t reappear on every page | 12 months |
smb_session | Strictly necessary | Maintains a session across pages on a single visit | Session |
smb_csrf | Strictly necessary | Protects forms from cross-site request forgery (CSRF) attacks | Session |
smb_pref | Functional | Remembers light/dark theme preference if you set one | 6 months |
smb_gpc | Strictly necessary | Records that we received and honoured your Global Privacy Control signal | 12 months |
5. Third-Party Services
Where you have given consent, we use the following third-party services. Each provider sets its own cookies under its own privacy policy, which we link to so you can read it directly.
| Service | Purpose | Provider policy |
|---|---|---|
| Google Analytics 4 | Aggregated traffic measurement, popular-pages reporting, retention up to 14 months | policies.google.com/privacy |
| Google AdSense | Display advertising and frequency capping where you have consented | policies.google.com/technologies/ads |
| Cloudflare | Content delivery network and security (bot mitigation, DDoS protection); sets __cf_bm and similar functional cookies | cloudflare.com/privacypolicy |
| YouTube (embedded video, where used) | Embedded video playback, in privacy-enhanced mode where supported | policies.google.com/privacy |
6. Your Consent & Global Privacy Control
When you first visit, you’ll see a cookie banner. You can:
- Accept all โ strictly necessary, functional, analytics, and advertising
- Reject all but strictly necessary โ only what’s essential
- Customise โ opt in to specific categories
If your browser or extension sends the GPC signal, we treat it as a valid opt-out of “sale” and “sharing” of personal information for cross-context behavioural advertising under CCPA/CPRA, the Colorado Privacy Act, the Connecticut Data Privacy Act, and other state laws that recognise universal opt-out mechanisms. The signal is logged in smb_gpc and applied automatically.
You can change your preference at any time via the “Cookie settings” link in the site footer.
7. Industry Opt-Outs
Beyond your browser-level controls, the following industry opt-out tools work across many advertising networks at once:
- NAI Consumer Opt-Out โ Network Advertising Initiative โ optout.networkadvertising.org
- DAA WebChoices โ Digital Advertising Alliance โ youradchoices.com
- DAA AppChoices โ for mobile in-app advertising โ youradchoices.com/appchoices
- Google Ads Settings โ adssettings.google.com
8. Browser-Level Controls
All major browsers let you block, delete, and manage cookies and other site data:
- Chrome โ Settings โ Privacy and security โ Cookies and other site data
- Edge โ Settings โ Cookies and site permissions โ Cookies and site data
- Firefox โ Settings โ Privacy & Security โ Cookies and Site Data
- Safari (macOS) โ Safari โ Settings โ Privacy โ Manage Website Data
- Safari (iOS) โ Settings โ Safari โ Advanced โ Website Data
- Chrome (Android) โ Settings โ Privacy and security โ Clear browsing data
Blocking strictly necessary cookies will break parts of the Site (the banner will reappear, forms won’t submit). Other categories can be blocked safely.
9. Do Not Track
Browsers historically offered a “Do Not Track” (DNT) header. The DNT signal is not standardised and most major sites do not honour it. We do not respond to DNT separately โ we respond to the modern Global Privacy Control (GPC) signal, and to your in-banner preference. If you set both DNT and GPC, the GPC signal is what we act on.
10. Mobile and App SDKs
state-medical-board.org/ is a website only. We do not publish a native mobile app, and we do not embed mobile advertising SDKs in any first-party application. If you use a third-party app to read our content (a news aggregator, RSS reader, or browser app), that app's own cookie/SDK behaviour is governed by the app's own policy, not by ours.
11. Changes to This Policy
We update this policy when our cookie use changes or when applicable law changes. The “Last reviewed” date at the top reflects the current version. Substantive changes โ adding a new category of cookie, a new third-party service, or a new state-law right โ will be flagged on the homepage banner for at least 30 days.
12. Contact
For cookie-related questions or to exercise a state-law right (access, correct, delete, opt out of sale/sharing), email info@state-medical-board.org with subject “Cookie inquiry” or “Privacy request.”
Adjust Your Cookie Preferences
Change what’s enabled at any time via the “Cookie settings” link in the footer, or your browser’s privacy controls.
๐ง Cookie inquiry ๐ Privacy Policy