COOKIE POLICY INSULET CUSTOMER PORTAL AND IDENTITY MANAGEMENT

Last revised 01 February 2022

This document describes how Insulet Corporation and its affiliated businesses (collectively “Insulet”, "we" and "our") use cookies and other tracking technologies when you visit or use the Customer Portal and Identity Management applications. For more information on how we use your personal data and the options you have to control your personal data, please read our privacy policy.

What are Cookies?

Like many other websites, our website uses cookies. A cookie is a small text file that is placed on your browser or your computer when you use the website. Cookies may store information such as your IP address, Device ID or other identifiers, your browser type, and information about the content you view and interact with. They do not affect your device but are widely used in order to make websites work properly or work more efficiently. The cookies we use are essential for the website to work.

The Types of Cookies We Use

Generally speaking, we use first and third-party session and persistent and session cookies. The cookies set by us are called "first-party cookies" and the cookies set by our third-party partners and service providers are called "third-party cookies."

Session cookies are temporary cookies that remain on your device until you close your web browser. Many session cookies are essential to make our websites work correctly, as they typically enable you to move around our websites and use our features.

Persistent cookies remain on your device after you close your browser or until you manually delete it (for the former, how long the cookie remains on your device will depend on the duration or "lifetime" of the specific cookie and your browser settings). Persistent cookies help us recognize you as an existing user of our websites, so it’s easier and convenient to return to, or to interact with, our websites without signing in again.

Strictly Necessary cookies - Insulet Customer Portal

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will then not work. In the table below you can find an overview of the strictly necessary cookies for the Insulet Customer Portal.

Cookie Subgroup	Cookies	Cookies used	Purpose	Lifespan
force.com	BrowserId_sec	Third party	Used for security protections.	1 Year
https://myaccount-intl.omnipod.com	inst	Third party	Used to redirect requests to an instance when bookmarks and hardcoded URLs send requests to a different instance. This type of redirect can happen after an org migration, a split, or after any URL update.	Session
	clientSrc	Third party	Used for security protections.	Session
	force-proxy-stream	Third party	Ensure client requests hit the same proxy hosts and are more likely to retrieve content from cache.	3 Hours
	force-stream	Third party	Used to redirect server requests for sticky sessions.	180 Minutes
	oid	Third party	Stores the last logged in org for redirecting requests. Used for logging whether the cookie is present in site and community guest-user requests.	2 Years
	renderCtx	Third party	Used to store site parameters in the session for reuse across requests by a single client for functionality and performance reasons.	Session
	sfdc-stream	Third party	Used to properly route server requests within Salesforce infrastructure for sticky sessions.	3 Hours
	sid	Third party	SessionID.	Session
	sid_Client	Third party	Used to detect and prevent session tampering.	Session

Strictly necessary cookies - Insulet Identity Management

Cookie Subgroup	Cookies	Cookies used	Purpose	Lifespan
InsuletID.com	MfaDeviceToken	First Party	Essential for Multi factor Authentication (MFA) behavior which is required for Security.	Session
InsuletID.com	referrerIdentifier	First Party	Essential for required app behavior.	Session
Asp.net (Microsoft)	iafcn	Third party	Essential to prevent Cross-Site Request Forgery (XSRF/CSRF) attacks.	Session
	AspNetCore.Culture	Third party	Essential to provide localization to the end user.	1 Year
	AspNetCore. OpenIdConnect.Nonce.* - protocol	Third party	Essential for OpenID connect / Single Sign On (SSO). This is required for security purposes.	Session
	AspNetCore.Correlation.Okta	Third party	Essential for OpenID connect / SSO. This is required for security purposes.	Session
Amazon Web Services Elastic Load Balancer (ELB)	AWSELBCORS	Third party	Essential for AWS ELB sticky sessions. This ensures that all requests from the user during the session are sent to the same AWS instance.	Session
Amazon Web Services Elastic Load Balancer (ELB)	AWSELB	Third party	Essential for AWS ELB sticky sessions. This ensures that all requests from the user during the session are sent to the same AWS instance.	Session

Changes to the Cookie Policy

We may modify or update this cookie policy from time to time. You will be able to see when we last updated the cookie policy because we will include a revision date. Changes and additions to this cookie policy are effective from the date on which they are posted. We encourage you to read this cookie notice from time to time to make sure you aware of the most updated information on how we use cookies. We will take reasonable steps to inform you of changes that will have a substantial impact on your rights.

If you have any questions about our cookie policy, please send an email to [email protected] or submit a request via our Privacy Request form.