Legal

Privacy Policy

Last updated: June 10, 2026  ·  ZapWorld LLC

Jump to section

Introduction

trip·all·out ("we," "us," or "our") is a hotel meta-search engine operated by ZapWorld LLC, a limited liability company organized under the laws of the United States. This Privacy Policy describes how we collect, use, disclose, and safeguard information about you when you visit or use our website and search service (the "Service").

We take privacy seriously. This document is written in plain language, not legalese, because we believe you have a right to understand exactly how your data is handled. We will never sell your personal information to third parties. We will not build behavioral advertising profiles based on your hotel searches. Our business model is affiliate commission, paid by booking partners when a reservation is completed - your searches fund the Service, and nothing more.

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of it, please discontinue use of the Service and contact us at business@zapworld.co if you have questions.

Information We Collect

We collect two categories of information: data you actively provide and data that is automatically generated by your use of the Service.

Search activity

When you use our hotel search tool, we log the destination you entered, the check-in and check-out dates you selected, and the number of guests. This data is passed directly to our search provider (Hotellook) to retrieve rates. We do not retain raw search queries beyond 90 days.

Technical data collected automatically

Our web servers and analytics tools automatically receive and record your IP address, browser type and version, operating system, device type (desktop, mobile, tablet), the page you visited before arriving at our site, pages you viewed on the Service, the amount of time you spent on each page, and approximate geographic location derived from your IP address (city level only). This information is used to maintain the Service, diagnose errors, detect abuse, and improve search performance.

Voluntarily provided information

If you subscribe to our price-alert emails, we collect and store your email address, the date and time you subscribed, and a record of your consent. If you contact us directly, we retain the contents of your message and any contact information you include. We do not require account registration to use the search Service.

How We Use Your Data

We use the data we collect for the following specific purposes:

  • Service delivery: To pass your search parameters to Hotellook and affiliated booking data providers so that we can display hotel availability and comparative pricing.
  • Search improvement: To analyze aggregated, anonymized usage patterns, identify popular destinations, and improve the relevance and speed of search results.
  • Price alerts: If you have opted in, to send you email notifications when room rates for a destination you searched drop below a price threshold. You may unsubscribe from price alert emails at any time by clicking the "Unsubscribe" link at the bottom of any alert email.
  • Security and fraud prevention: To identify and block malicious bots, scraping activity, and unauthorized access attempts that could degrade the Service for all users.
  • Legal compliance: To respond to lawful requests from government authorities, court orders, or subpoenas, and to satisfy our obligations under applicable law, including tax reporting requirements related to affiliate revenue.
  • Customer support: To respond to inquiries you send to business@zapworld.co. We do not use your support correspondence for marketing purposes.

We do not use your search history to target advertisements at you on this site or on other websites. We do not combine your search data with data purchased from third-party data brokers. We do not make automated decisions about you that produce legal or similarly significant effects.

Cookies and Tracking Technologies

We use cookies, web beacons, and similar browser storage technologies to operate the Service. A cookie is a small text file written to your browser by a website you visit. Some cookies are strictly necessary for the Service to function; others are used for analytics and affiliate attribution. Our full Cookie Policy, which covers all cookie categories in detail, is available at trip·all·out/cookies.

Session cookies

Session cookies expire when you close your browser tab or window. They maintain your session state during a search (for example, preserving your currency selection and guest count as you navigate between results). Without session cookies, each page load would treat you as a new visitor.

Persistent cookies

Persistent cookies remain on your device until they expire or you delete them. We use them to remember display preferences such as your preferred currency and language. We do not use persistent cookies to reconstruct your search history beyond a single session.

Analytics cookies (Google Analytics 4)

We use Google Analytics 4 (GA4) to measure aggregate traffic and engagement. GA4 places cookies under the google.com domain that collect anonymized information about session duration, pages visited, and geographic region. We have enabled IP anonymization in our GA4 configuration, meaning your full IP address is never stored by Google on our behalf. You can opt out of GA4 tracking by installing the Google Analytics Opt-out Browser Add-on.

Affiliate tracking cookies

When you click a hotel rate link and are redirected to a booking partner's website (such as Booking.com, Expedia, or Hotels.com via the Hotellook network), the partner's website may set its own affiliate tracking cookie to record that you arrived via trip·all·out. This cookie enables the partner to credit us with a commission if you complete a booking. These cookies are set by the third-party partner and are governed by their respective privacy and cookie policies.

Location Data

trip·all·out includes an optional "Around me" feature in its search widget. When you tap or click the crosshair icon, your browser requests your device's precise location using the standard Web Geolocation API. A permission prompt will appear — your browser will not share your location without your explicit approval.

If you grant permission, the following happens:

  • Your device's GPS or Wi-Fi coordinates (latitude and longitude) are obtained by your browser. This happens entirely on your device — the raw coordinates are not sent to trip·all·out's servers.
  • Your browser sends the coordinates directly to BigDataCloud's reverse geocoding API (a third-party service) to determine your current city name. BigDataCloud's API is called client-side; we do not proxy or log the coordinates.
  • The city name returned by BigDataCloud is used to pre-fill the destination search field. It is not stored, logged, or associated with your identity by us.
  • The city name is then passed to our autocomplete API (powered by KAYAK) to suggest the matching destination, exactly as if you had typed the city name yourself.

This feature is entirely optional. You may type your destination manually at any time without granting location access. If you deny the browser permission prompt, the feature simply does nothing — no fallback data collection occurs.

We do not retain your coordinates or city at any point. We do not use location data for advertising, profiling, or any purpose other than pre-filling the search field in the immediate session. BigDataCloud processes the coordinates under its own privacy policy (see Third-Party Services below).

Third-Party Services

Operating a meta-search engine requires integrating several third-party services. Below is a transparent account of who we share data with and why.

Hotellook (search data provider)

Hotellook is our primary hotel search API provider. When you initiate a search, your destination, check-in and check-out dates, and guest count are transmitted to Hotellook's servers to retrieve price results from their network of booking partners. Hotellook does not receive your IP address directly from us. Hotellook processes this search data under its own privacy policy, a link to which is available on the Hotellook website.

Google Analytics 4

As described above, we use GA4 for aggregate site analytics. Data is processed by Google LLC under a Data Processing Addendum we have entered into with Google, as required under GDPR. Google may process this data on servers located in the United States and other countries. We rely on standard contractual clauses as the transfer mechanism.

Cloudflare (CDN and security)

We use Cloudflare for content delivery, DNS, and DDoS protection. Cloudflare processes IP addresses and request metadata at the network edge to filter malicious traffic before it reaches our servers. Cloudflare's privacy policy governs how they handle this data. Cloudflare does not use your data for advertising purposes.

BigDataCloud (reverse geocoding)

When you use the "Around me" feature, your browser sends your device's GPS coordinates directly to BigDataCloud's reverse geocoding API to determine your current city. This request is made client-side — trip·all·out's servers never receive or log your coordinates. BigDataCloud is a Netherlands-based data services company. Their API is called without any identifier linking the request to your trip·all·out session. Please review BigDataCloud's privacy policy for details on how they process reverse geocoding requests.

Booking partners

When you click through to a hotel booking on a partner's website, you leave the trip·all·out Service and enter a third-party environment. The booking partner collects data necessary to process your reservation, including name, payment information, and contact details. We do not receive this booking data and are not a party to your contract with the hotel or booking partner. Please review the partner's privacy policy before completing a reservation.

Data Retention

We retain personal data only for as long as necessary to fulfill the purpose for which it was collected, or as required by law. Specific retention periods are as follows:

  • Server logs (IP address, search parameters, page request data): deleted after 90 days.
  • Email subscriber records: retained until you unsubscribe or submit a deletion request, at which point we remove your address from all mailing lists within 10 business days.
  • Google Analytics data: 26 months (the GA4 default retention window we have configured). After this period, individual session data is deleted by Google.
  • Customer service correspondence: 24 months from the date of your last message, unless a longer retention period is required by law.
  • Affiliate click records: as required by our affiliate agreements, typically 45 to 90 days.

When a retention period expires, data is deleted or irrecoverably anonymized. We do not archive personal data "just in case" beyond these periods.

Your Privacy Rights

EEA and UK residents (GDPR)

If you are located in the European Economic Area or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You may ask us to correct inaccurate or incomplete personal data.
  • Right to erasure: You may request deletion of your personal data where we have no lawful basis to retain it.
  • Right to restrict processing: You may ask us to stop processing your data while a dispute or review is pending.
  • Right to data portability: Where we process your data by automated means on the basis of consent or contract, you may request a structured, machine-readable copy.
  • Right to object: You may object to processing based on our legitimate interests, including direct marketing.

To exercise any GDPR right, email us at business@zapworld.co with the subject line "GDPR Request." Please include enough information to identify your data (such as the email address you used to subscribe). We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.

California residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives you the following rights:

  • Right to know: You may request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months.
  • Right to delete: You may request that we delete personal information we have collected, subject to certain exceptions.
  • Right to correct: You may request correction of inaccurate personal information we maintain about you.
  • Right to opt out of sale or sharing: We do not sell personal information as defined under CCPA, nor do we share it for cross-context behavioral advertising.

To submit a CCPA request, email business@zapworld.co with the subject line "CCPA Request." We will not discriminate against you for exercising any of these rights.

Children's Privacy

The Service is not directed at children under the age of 16, and we do not knowingly collect personal information from children under 16. If you believe that a child under 16 has provided personal information to us, please contact us immediately at business@zapworld.co with the subject line "Child Privacy." We will investigate and delete any such data promptly.

If you are a parent or guardian and believe your child has used the Service, we encourage you to review this policy with them and contact us if you have concerns.

International Data Transfers

ZapWorld LLC is based in the United States. If you access the Service from outside the United States, your data may be transferred to, stored, and processed in the United States and other countries where our service providers maintain infrastructure.

For transfers of personal data from the EEA or UK to the United States, we rely on Standard Contractual Clauses approved by the European Commission as the legal mechanism to ensure adequate protection. For transfers involving Google Analytics, we have entered into Google's standard data processing terms which include the applicable SCCs.

Changes to This Policy

We may revise this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we do, we will update the "Last updated" date at the top of this page. For material changes - those that significantly affect how we collect or use personal data - we will post a prominent notice on the Service's homepage for at least 30 days before the changes take effect.

We encourage you to review this page periodically. Your continued use of the Service after the effective date of a revised policy constitutes your acceptance of the changes.

Contact

If you have questions, concerns, or requests related to this Privacy Policy or your personal data, please reach out to us:

ZapWorld LLC - Privacy Inquiries

Email: business@zapworld.co
Subject line: Privacy Inquiry

Related Policies

Disclaimer
Price accuracy, affiliate relationships, and liability limits.
Terms of Service
Rules governing your use of the trip·all·out platform.
Cookie Policy
How we use cookies and how to manage your preferences.