Legal

Cookie Policy

Last updated: June 10, 2026  ·  ZapWorld LLC

Jump to section

What Are Cookies?

Cookies are small text files stored on your device by your web browser when you visit a website. They are nearly universal across the web and serve several core functions: keeping you logged in, remembering your preferences, and helping site operators understand how their pages are used.

Cookies fall into two broad categories based on their lifespan. A session cookie lives only for the duration of a browser session - it is deleted the moment you close the tab or window. A persistent cookie remains on your device until it reaches its expiry date or you manually delete it from your browser settings.

Beyond traditional cookies, this policy also covers related technologies: web beacons (tiny 1x1 pixel images embedded in web pages or emails), local storage (a browser-native key-value store with no expiry), and session storage (same as local storage, cleared when the browser tab closes). We refer to all of these collectively as "cookies" throughout this document.

Cookies can also be classified by who sets them. A first-party cookie is set directly by trip·all·out when you visit our site. A third-party cookie is set by a different domain - such as Google Analytics or a booking partner - through code embedded on our pages.

Essential Cookies

Essential cookies are strictly necessary for the Service to operate. Without them, basic functions - search results loading, your currency selection persisting between pages, and session security - would not work. Because they are technically required, they are placed regardless of your consent choice and cannot be disabled through our preference center. (You can still block them through browser settings, but this will break core functionality.)

CookiePurposeDuration
__sessionMaintains your search session and prevents repeated API callsSession
currency_prefStores your selected display currency across page loads30 days
__cf_bmCloudflare bot-management token, distinguishes humans from bots30 minutes
__cflbCloudflare load-balancing cookie, routes your requests consistentlySession

Analytics Cookies

We use analytics cookies to understand how visitors interact with the Service in aggregate. This data helps us answer questions like: which destinations are searched most often, which pages have high exit rates, and whether users on mobile devices are completing searches at the same rate as desktop users. None of this analysis is tied to your name, email, or any other directly identifying information.

Google Analytics 4

Google Analytics 4 (GA4) is our web analytics platform. GA4 places cookies in your browser that collect information about your session: pages visited, time on site, scroll depth, button clicks, and general geographic region (country and city level, derived from your IP address, which is then anonymized). We have configured GA4 with the following privacy settings:

  • IP anonymization enabled (the last octet of IPv4 addresses is replaced with zeros before storage).
  • Advertising features disabled (we do not use GA4 for remarketing or audience building).
  • Data retention set to 26 months, after which individual session records are automatically deleted.
  • Google Signals disabled (no cross-device tracking through Google accounts).
CookiePurposeDuration
_gaDistinguishes unique users; contains a randomly generated client ID2 years
_gidDistinguishes users; resets daily, used for same-day deduplication24 hours
_ga_XXXXXXXXPersists session state for the GA4 measurement ID2 years

Advertising and Affiliate Tracking

trip·all·out does not run display advertising campaigns and does not place advertising cookies in your browser for the purpose of showing you targeted ads on other websites. We do not use retargeting pixels, Facebook Pixel, Google Ads tags, or similar ad-tech tracking on our website.

What we do use is affiliate attribution tracking. When you click a rate link and are redirected to a booking partner's website, a referral identifier is passed in the URL (a query parameter such as marker= or aid=). The booking partner then stores a cookie in your browser to track whether you complete a booking, so they can credit us with a commission.

These affiliate cookies are set by the booking partner's domain, not by trip·all·out. They are covered by the partner's own privacy and cookie policy, not this one. They typically expire 30 to 90 days after the click, which is the standard attribution window in travel affiliate programs.

Third-Party Cookies

In addition to the cookies described above, certain third-party services integrated into the Service may set their own cookies. We do not directly control these cookies and cannot grant or revoke consent on the third party's behalf. The main third-party services and their cookie behaviors are:

Hotellook (search API)

Our search results are powered by Hotellook's API. API calls are server-to-server, meaning your browser does not directly communicate with Hotellook's servers during a search. Hotellook does not set cookies directly in your browser through our Service. However, if you follow a link to a booking partner via Hotellook's redirect infrastructure, standard affiliate cookies may be set as described above.

Cloudflare (network services)

Cloudflare sits between your browser and our servers for security and performance purposes. Cloudflare sets a small number of short-lived security cookies (including__cf_bm) that do not track your browsing activity across websites. These are functional cookies required for DDoS protection and bot mitigation.

Google (analytics and fonts)

Our website uses Google Fonts loaded via the Next.js font optimization system, which self-hosts font files at our own domain rather than fetching them from Google's servers at runtime. This means no Google Font cookies are placed by loading our pages. GA4 analytics cookies are described in the Analytics section above.

How to Opt Out

Beyond our own consent manager, you have several tools available to control cookies at the browser level:

  • Browser settings: Every modern browser lets you view, block, and delete cookies. Find the relevant setting under Privacy or Security in your browser preferences.
  • Google Analytics opt-out: Install the Google Analytics Opt-out Browser Add-on (available at tools.google.com/dlpage/gaoptout) to prevent GA4 from collecting data about your visits to any website using Google Analytics.
  • Do Not Track (DNT): We honor browser-level Do Not Track signals. If your browser sends a DNT: 1 header, we disable non-essential analytics cookie collection for your session. Note that third-party partners may not honor DNT.
  • Private / Incognito mode: Browsing in private mode prevents cookies from being written to persistent storage. Session cookies still function but are deleted when you close the window.

Blocking essential cookies will degrade the Service significantly. Blocking only analytics and advertising cookies has no impact on search functionality.

For questions about our cookie practices, email us at business@zapworld.co with the subject line "Cookie Inquiry."

Updates to This Policy

We may update this Cookie Policy to reflect changes in the technologies we use, applicable regulations, or our internal practices. When we do, we will update the "Last updated" date at the top of this page. If the changes are material - for example, if we begin using a new category of cookies - we will notify you via a banner on the Service the next time you visit.

We encourage you to review this page periodically so you remain informed about how we use cookies. For questions, contact us at business@zapworld.co.

Related Policies

Privacy Policy
Full details on how we collect and handle your personal data.
Disclaimer
Price accuracy, affiliate relationships, and liability limits.
Terms of Service
Rules governing your use of the trip·all·out platform.