Cookie Policy
Last Updated: June 2026
1. Introduction
This Cookie Policy explains how Cytel Inc. and our affiliates, subsidiaries and business lines (collectively “Cytel, “we, “us”) use cookies and similar technologies across our Online Platforms. It explains what these technologies are, why we use them, and your rights to control our use of them.
This Cookie Policy forms part of our Privacy Policy and is automatically incorporated therein. Capitalized terms not defined here have the meanings given in the Privacy Policy.
In some cases, we may use cookies and other tracking technologies to collect Personal Data, or information that becomes Personal Data if combined with other information. Please review our Privacy Policy for full details of how we process your Personal Data
2. What are Cookies?
Cookies are small data files placed on your device when you visit a website, widely used to make websites work efficiently and to provide reporting information.
Cookies set by Cytel are called “first-party cookies”. Cookies set by parties other than Cytel are called “third-party cookies” – they enable third-party features on or through our website and can recognize your device across different websites.
3. Your Consent and Cookie Choices
Important: Except for strictly necessary cookies, we will only place cookies on your device with your prior consent, obtained through our cookie consent banner. You may withdraw or change your consent at any time by clicking the “Consent Preferences” link in the footer of any page on our website.
When you first visit our Online Platforms, a cookie consent banner will be displayed. You can choose to:
- Accept all cookies
- Accept only strictly necessary cookies
- Customize your preferences by category (Necessary, Functional, Analytics, Performance, Advertisement).
- Reject all non-essential cookies (Necessary cookies remain active as they are required for the site to function).
Your preferences will be saved. You can change them at any time via the Cookie Settings link. Please note that blocking certain cookies may affect the functionality of our Online Platforms.
We use a Consent Management Platform (CMP) to record your consent. A record of your consent choice, its date and scope, is retained for audit and compliance purposes.
4. Why Do We Use Cookies?
We use first-party and third-party cookies for several reasons, described in the sections below. We also use Google Tag Manager (GTM) to manage and deploy tracking scripts on our Online Platforms. GTM may load third-party tags including analytics and marketing pixels depending on your consent preferences.
5. Cookie Inventory
The specific types of cookies served through our Online Platforms and the purposes they perform are described below.
Cooke durations are as detected at the time of our last scan. Third-party cookie durations may change when vendors update their products. Please refer to the relevant third-party privacy notice for the most current information.
5.1 Necessary Cookies
Necessary cookies are required to enable basis features of this site. They are always active, do not store personally identifiable data, and do not require your consent.
| Necessary — Cytel Website (cytel.com) | ||
| Cookie Name | Description | Expiry |
| __cf_bm | Cloudflare — supports Cloudflare Bot Management to distinguish legitimate users from automated bots. | 1 hour |
| wpEmojiSettingsSupports | WordPress — detects whether the user’s browser can display emojis properly. | Session |
| _gcl_au | Google Tag Manager — used to experiment with advertisement efficiency of websites using Google services. | 3 months |
| _GRECAPTCHA | Google reCAPTCHA — identifies bots to protect the website against malicious spam attacks. | 6 months |
| rc::a | Google reCAPTCHA — distinguishes between humans and bots to protect against spam. | Never expires |
| rc::b | Google reCAPTCHA — distinguishes between humans and bots to protect against spam. | Session |
| rc::c | Google reCAPTCHA — distinguishes between humans and bots to protect against spam. | Session |
| rc::f | Google reCAPTCHA — distinguishes between humans and bots to protect against spam. | Never expires |
| cookietest | Browser detection — determines whether the user’s browser accepts cookies, essential for website functionality. | Session |
| cookieyes-* | Consent Management Platform (CMP) — stores the user’s cookie consent preferences and timestamp for this domain. | 1 year |
| Necessary — MyCytel Portal & East Horizon | ||
| Cookie Name | Description | Expiry |
| __hs_opt_out | HubSpot — remembers user’s choice not to be asked again about cookie acceptance. | 2 years |
| __hs_do_not_track | HubSpot — prevents the tracking code from sending data to HubSpot while still allowing anonymised data. | 2 years |
| __hs_testcookie | HubSpot — tests whether the visitor’s browser supports cookies. | Session |
| hs_ab_test | HubSpot — ensures visitors consistently see the same A/B test page version. | Session |
| hs_lang_switcher_choice | HubSpot — redirects visitors to their previously selected language version. | Session |
| <id>_key | HubSpot — set for password-protected pages so future visits from the same browser do not require login. | Session |
| hs-messages-is-open | HubSpot — saves whether the chat widget is open. Resets after 30 minutes of inactivity. | 30 minutes |
| hs-messages-hide-welcome-message | HubSpot — prevents the chat welcome message from reappearing after dismissal. | 1 day |
| _gid | Google Analytics — distinguishes users and sessions. | 24 hours |
| ai_session | Azure Application Insights — tracks session activity across pages and features. | 30 minutes |
| ai_user | Azure Application Insights — detects app usage via anonymous user IDs. | 1 year |
| Necessary — East Bayes | ||
| Cookie Name | Description | Expiry |
| _utma | Google Analytics — tracks visit frequency, first and last visit timestamps. | 2 years |
| _utmz | Google Analytics — tracks visitor source, search engine, links clicked and keywords. | 2 years |
| ai_session | Azure Application Insights — tracks session activity. | 30 minutes |
| ai_user | Azure Application Insights — detects app usage via anonymous IDs. | 1 year |
| okta_access_token | Okta — verifies a user’s right to access resources based on scopes and claims in their access token. | 1 hour |
| okta_id_token | Okta — contains information about the authentication event and claims about the authenticated user. | 1 hour |
| okta_refresh_token | Okta — contains public keys used to verify token signatures from Cytel authorisation servers. | 90 days |
| Necessary — OKGO | ||
| Cookie Name | Description | Expiry |
| ASP.NET_SessionId | Microsoft ASP.NET — identifies the user’s session on the server. | Session |
| Necessary — LiveHTA | ||
| Cookie Name | Description | Expiry |
| ARRAffinity | Microsoft Azure — routing cookie ensuring consistent browsing experience. Does not collect personal information. | Session |
| ARRAffinitySameSite | Microsoft Azure — companion same-site routing cookie to ARRAffinity. | Session |
| AspNetCore.Identity.Application | Microsoft ASP.NET Core — used for user authentication and session management. | Session |
| .AspNetCore.Antiforgery | Microsoft ASP.NET Core — provides cross-site request forgery (CSRF) protection. | Session |
5.2 Functional Cookies
Functional cookies enable features such as social media sharing and third-party integrations. These cookies require your consent.
| Functional Cookies — Cytel Website | ||
| Cookie Name | Description | Expiry |
| li_gc | LinkedIn — stores visitor’s consent for using cookies for non-essential purposes on LinkedIn-enabled pages. | 6 months |
| lidc | LinkedIn — facilitates data centre selection to optimise page load performance for LinkedIn features. | 1 day |
| ytidb::LAST_RESULT_ENTRY_KEY | YouTube — stores the last search result entry clicked by the user to improve future YouTube search results in embedded players. | Never expires |
| Language preference | Cytel — remembers your preferred language selection for future visits. | 1 year |
| HubSpot chat (hs-messages-*) | HubSpot — saves chat widget state and conversation history for returning visitors. | 30 minutes to 10 years |
5.3 Analytics Cookies
Analytics cookies help us understand how visitors use our Online Platforms by collecting information on visitor numbers, bounce rate, traffic sources and page performance. These cookies require your consent.
| Analytics Cookies — Cytel Website | ||
| Cookie Name | Description | Expiry |
| _ga | Google Analytics 4 — calculates visitor, session and campaign data; tracks site usage for analytics reports. Stores information anonymously with a randomly generated number. | 1 year 1 month |
| _ga_* | Google Analytics 4 — stores and counts page views for the GA4 analytics property. | 1 year 1 month |
| _gat | Google Analytics — used to throttle request rate to Google Analytics. | 1 minute |
| Google Tag Manager | Container script managing deployment of analytics and other tags based on consent preferences. | N/A — container only |
| Azure Application Insights | Microsoft — monitors application performance, errors and usage patterns. | Session to 1 year |
5.4 Advertisement Cookies
Advertisement cookies provide visitors with customised advertisements based on pages previously visited and analyse advertising campaign effectiveness. These cookies require your consent.
| Advertisement Cookies — Cytel Website | ||
| Cookie Name | Description | Expiry |
| bcookie | LinkedIn — identifies browser IDs for LinkedIn share buttons and ad tags to support LinkedIn advertising. | 1 year |
| YSC | YouTube — tracks views of embedded YouTube videos on pages. | Session |
| VISITOR_INFO1_LIVE | YouTube — measures bandwidth to determine whether the user gets the new or old YouTube player interface. | 6 months |
| VISITOR_PRIVACY_METADATA | YouTube — stores the user’s cookie consent state for the current domain for YouTube embedded content. | 6 months |
| IDE | Google DoubleClick — stores information about how the user uses the website to present relevant advertisements. | 1 year 24 days |
| test_cookie | DoubleClick.net — determines if the user’s browser supports cookies, used in advertising delivery. | 15 minutes |
| __Secure-ROLLOUT_TOKEN | Source under investigation — no description currently available. Blocked pending classification. Web team to confirm source integration and purpose. | 6 months |
5.5 Consent Banner Cookies
These cookies are set by CookieYes and HubSpot as part of the consent management process and record your consent preferences.
| Consent Banner Cookies — All Platforms | ||
| Cookie Name | Description | Expiry |
| cookieyes-* | Consent Management Platform (CMP) — stores the user’s cookie consent preferences and timestamp for this domain. Updated whenever preferences change. | 1 year |
| __hstc | HubSpot — main visitor tracking cookie containing domain, unique token, timestamps and session number. | 2 years |
| hubspotutk | HubSpot — tracks visitor identity; passed to HubSpot on form submission for contact de-duplication. | 10 years |
| __hssc | HubSpot — tracks sessions to determine whether to increment the session number and timestamps in __hstc. | 30 minutes |
| __hssrc | HubSpot — set to 1 when the session cookie changes, used to detect browser restarts. | Session |
| messagesUtk | HubSpot — recognises visitors who chat via the messages tool so conversation history is preserved on return visits. | 6 months |
6. Other Tracking Technologies
We and our third-party partners may also use web beacons, pixels (or “clear GIFs”) and other tracking technologies. These are tiny graphics files that enable us to, for example, monitor traffic patterns, understand whether you have arrived from an online advertisement, measure campaign effectiveness, and improve site performance.
These technologies may rely on cookies to function. Declining non-essential cookies via the consent banner will also disable these technologies where technically feasible.
7. How Can You Control Cookies?
7.1 Cookie Consent Banner
The primary way to manage your cookie preferences is through our cookie consent banner and Cookie Settings tool, accessible via the link in the footer of every page. You can accept, reject or customize by category at any time.
7.2 Browser Controls
You can set or amend your web browser controls to accept or refuse cookies. If you choose to reject cookies, you may still use our Online Platforms, though access to some functionality may be restricted. Browser controls vary — please visit your browser’s help menu for more information.
7.3 Opting Out of Targeted Advertising
To opt out of targeted online advertising from ad networks, you may visit http://www.aboutads.info/choices/ or http://www.youronlinechoices.com.
7.4 Do Not Track
Some browsers include the ability to transmit “Do Not Track” (DNT) signals. Our Online Platforms do not currently respond to DNT signals as no uniform standard has been adopted. We continue to monitor developments in this area.
8. How Often Will We Update This Cookie Policy?
We conduct a cookie scan and review this Cookie Policy from time to time or where required by operational, legal or regulatory change. The date at the top of this Cookie Policy indicates when it was last updated.
9. Further Information
If you have any questions about our use of cookies or other technologies, please contact us as set out in the “How to Contact Us” section of the Privacy Policy.