Cookie Policy

1. What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They enable the site to recognize your device, remember your preferences, and track interactions across sessions. Alongside standard HTTP cookies, we also use related technologies including: HTML5 localStorage and sessionStorage, pixel tags (also called web beacons or tracking pixels), device fingerprinting, and session replay tools.

2. Categories of Cookies We Use

3. First-Party vs. Third-Party Cookies

First-party cookies are set directly by bookingtrip.io under our domain and are fully within our control. Third-party cookies are set by external services embedded on our platform, such as analytics providers, advertising networks, and booking widget vendors. Third-party cookies are governed by the privacy policies of those external entities, not ours. We contractually require all third-party vendors to operate in compliance with applicable privacy law.

4. Affiliate Tracking Disclosure

BookingTrip.io generates revenue through referral commissions. When you search for and click through to a travel product, a proprietary tracking identifier is appended to the outbound URL. This identifier mathematically links your click to a commission payable to BookingTrip.io by the Provider. The tracking identifier does not reveal your name, email, payment details, or any other personal information to us or the Provider beyond session attribution.

5. Session vs. Persistent Cookies

Session cookies are temporary and expire immediately when you close your browser. Persistent cookies remain on your device for a defined duration — from 24 hours to 12 months depending on their purpose. Authentication tokens are set to expire after 30 days of inactivity. Consent preferences are retained for 12 months before re-prompting. You can delete all cookies at any time via your browser's privacy settings.

6. Cookie Duration Reference

7. Third-Party Services Placing Cookies

Third-party services that may place cookies on your device when using our platform include: Google Analytics (performance measurement); Cloudflare (security and DDoS mitigation); Stripe (payment session management); Kiwi.com / Aviasales (booking widget state and affiliate attribution); and advertising networks where marketing consent has been granted. Each of these services maintains its own cookie and privacy policy.

8. Your Consent Rights

On your first visit to BookingTrip.io from a jurisdiction subject to the EU ePrivacy Directive or similar legislation, you will be presented with a cookie consent banner. You may accept all cookies, reject non-essential cookies, or manage preferences category by category. We will not activate non-essential cookies before you have provided affirmative consent. Your preferences are stored and respected on future visits.

9. How to Manage Cookies via Browser Settings

In addition to our consent manager, you may control cookies directly through your browser: Chrome — Settings > Privacy and Security > Cookies; Firefox — Settings > Privacy & Security > Cookies and Site Data; Safari — Preferences > Privacy > Manage Website Data; Edge — Settings > Cookies and Site Permissions. Disabling strictly necessary cookies will prevent core platform functions including search, session management, and checkout from operating correctly.

10. Do Not Track Signals

Some browsers offer a "Do Not Track" (DNT) signal. There is no universally agreed-upon standard for how platforms should respond to DNT signals. BookingTrip.io does not currently alter its data collection practices in response to DNT signals. For meaningful control, we recommend using our cookie consent manager or browser-level cookie blocking.

11. Mobile App and SDK Tracking

If a native mobile application for BookingTrip.io becomes available, it may use mobile advertising identifiers (IDFA on iOS, GAID on Android) and SDKs from analytics providers. You may reset these identifiers or opt out of ad tracking through your device's privacy settings (iOS: Settings > Privacy > Tracking; Android: Settings > Ads).

12. Pixel Tags and Web Beacons

We may use invisible pixel tags embedded in emails and web pages to track email open rates, click-through rates, and page engagement. These tags do not store information on your device but transmit limited information to our servers (your IP address, browser type, and time of action). You may prevent pixel tracking by disabling images in your email client or using a browser-based content blocker.

13. Analytics and Behavioral Insights

We use aggregated behavioral analytics to understand how users navigate our platform, which search results they engage with, and where conversion friction exists. This analysis is used exclusively to improve platform design and is never sold to third parties. All behavioral data is anonymized before analysis and is not associated with identifiable individuals.

14. Cross-Device Tracking

If you access BookingTrip.io from multiple devices while logged into an account, we may link your activities across devices to provide a consistent experience. This cross-device data is used only for service continuity (e.g., restoring a saved search) and is not shared with advertising partners without explicit consent.

15. Privacy Sandbox and the Future of Tracking

As major browser vendors phase out support for third-party cookies (e.g., via Google's Privacy Sandbox initiative), BookingTrip.io is actively evaluating compliant alternatives including server-side attribution models and privacy-preserving API signals. We are committed to maintaining affiliate attribution transparency while respecting evolving browser privacy standards. This Cookie Policy will be updated to reflect any significant technical changes.

16. Children and Cookies

BookingTrip.io does not knowingly deploy tracking or profiling cookies in connection with users under the age of 16. If you believe a minor has interacted with our platform and had cookies collected, please contact privacy@bookingtrip.io and we will purge associated tracking data promptly.

17. Security of Cookie Data

Authentication cookies set by BookingTrip.io are flagged as HttpOnly (inaccessible to client-side JavaScript), Secure (transmitted only over HTTPS), and SameSite=Strict (preventing cross-site request forgery). Sensitive session tokens are rotated after each authentication event to prevent session hijacking.

18. Updates to This Cookie Policy

We may update this Cookie Policy to reflect changes in the technologies we use, regulatory requirements, or platform features. When we make material changes, we will update the effective date at the top of this page and notify users via the platform's cookie consent interface. Continued use of the platform after an update constitutes acceptance of the revised policy.

19. Contact Us

If you have any questions about our use of cookies or this Cookie Policy, please contact us at: privacy@bookingtrip.io. For GDPR-related inquiries, you may also contact our Data Protection Officer at: dpo@bookingtrip.io.