Cookie Policy
This Cookie Policy explains how Pride Travelers, LLC d/b/a UrTravelPro ("we," "us," or "our") uses cookies and similar technologies across the UrTravelPro Platform and its applications, including UrTravelPro Books, UrTravelPro Marketing, and UrTravelPro Compass (each, an "App"; collectively, the "Service"). This policy is part of, and incorporated into, our Privacy Policy.
Contents
- What Are Cookies
- Cookies We Set
- Third-Party Cookies (Service Providers)
- Books — App-Specific Cookies
- Marketing — App-Specific Cookies & Tracking
- Compass — App-Specific Cookies
- Trips — App-Specific Cookies
- Cookies We Do NOT Use
- Why We Don't Show a Cookie Banner
- Managing Cookies
- Do Not Track
- Changes to This Policy
- Contact
1. What Are Cookies
Cookies are small text files stored on your device by your web browser when you visit a website. They are widely used to make websites function, remember preferences, secure sessions, and provide information to site operators. This policy also covers similar technologies (local storage, pixel tags, web beacons) where we use them.
2. Cookies We Set
Across every App and across the urtravelpro.com marketing site, we set only strictly necessary cookies that are essential for the Service to function. We do not set any advertising, behavioral profiling, or cross-site tracking cookies of our own on any App.
| Cookie / storage key | Purpose | Type | Duration |
|---|---|---|---|
laravel_session |
Maintains your authenticated session. Stores your session identifier so you remain signed in as you navigate the App. | Essential | Session (expires on browser close or after up to 2 hours of inactivity; App-dependent) |
XSRF-TOKEN |
Cross-Site Request Forgery protection. Ensures form submissions and API requests originate from the legitimate application, not a malicious third party. | Essential / Security | Session-bound |
theme (localStorage) |
Remembers your dark mode / light mode preference. Stored in your browser's localStorage, NOT as a cookie, and is never sent to our servers. | Preference | Persistent (until you clear browser data) |
| Organization preference (cookie or localStorage, App-dependent) | Remembers the last organization you selected so you don't have to re-pick on every page load. Only present if you have access to multiple organizations. | Functional | Up to 1 year |
Single Sign-On across the Apps is handled by UrTravelPro Core (core.urtravelpro.com) using its own session cookie scoped to its own domain. When you sign into any App via SSO, Core may set or read its own session cookie to determine whether you are already signed in across the Platform.
3. Third-Party Cookies (Set by Service Providers)
To deliver certain features, the Service loads widgets, scripts, and embedded resources hosted by trusted third-party providers. When those load in your browser, the providers may set their own cookies on their own domains. These cookies are necessary for the related features to function and cannot be disabled without breaking those features. We do not control or have access to these cookies — they are governed by each provider's own cookie policy.
| Provider | When loaded | Purpose | Domain |
|---|---|---|---|
| Stripe | When you visit the billing dashboard, open Stripe Checkout, or update your payment method (paid plans only, any App) | Fraud prevention and proper functioning of Stripe Checkout | js.stripe.com, checkout.stripe.com |
| Plaid | When you click Add Bank Feed and the Plaid Link widget loads (Books, paid plans only) | Bank connection security, fraud prevention, OAuth flow handling | cdn.plaid.com, *.plaid.com |
| Cloudflare | On every page request | Bot protection, DDoS mitigation, security challenge handling | *.urtravelpro.com |
| Google reCAPTCHA v3 | On public form-submission pages in Trips (when a client fills out and submits a form an agent shared with them) and on certain contact-sales / inquiry forms across the Platform | Bot detection. Google scores each submission for likelihood of being automated; low-scoring submissions are rejected. | *.google.com, *.gstatic.com |
If you never use a paid plan, you will never trigger Stripe cookies. If you never connect a bank feed, you will never trigger Plaid cookies. reCAPTCHA only loads on the specific public form pages where it runs. These third-party cookies are only set in response to actions you choose to take.
4. Books — App-Specific Cookies
Inside UrTravelPro Books we set only the essential, security, and preference cookies listed in Section 2. The only optional third-party cookies that may be triggered inside Books are the Stripe and Plaid cookies described in Section 3, and only if you actively use those features.
Books does not use analytics or advertising cookies of any kind.
5. Marketing — App-Specific Cookies & Tracking
5.1 Cookies inside the Marketing App (for agents)
Inside the Marketing App that you use as an agent to build and send campaigns, we set only the essential, security, and preference cookies listed in Section 2. We do not set advertising or analytics cookies on the agent-facing surface. The only external resources loaded by the agent-facing surface are web fonts from fonts.bunny.net, which does not use cookies or tracking.
5.2 Open-tracking pixels in emails you send
Each campaign email contains a tiny, invisible 1×1 pixel image hosted on our servers. When the recipient's email client loads images, our server records the open event with a timestamp. The tracking pixel itself does not set cookies on the recipient's device — it simply records that the image was requested.
Recipients can prevent open tracking by disabling automatic image loading in their email client. Some clients (such as Apple Mail Privacy Protection and certain corporate gateways) may pre-load images automatically, which can cause opens to be recorded even if the recipient never actually viewed the email.
5.3 Click-tracking links in emails you send
Links in your campaign emails are wrapped with tracking URLs that pass through our servers before redirecting to the original destination. When a recipient clicks a tracked link, our server records the click event (with timestamp) and immediately redirects to the intended URL. No cookies are set during this redirect.
5.4 Unsubscribe links
Every campaign email includes an unsubscribe link. When clicked, the recipient is taken to a confirmation page on our site. The unsubscribe URL is cryptographically signed to prevent tampering. No cookies are required to process an unsubscribe — the signed URL contains all necessary information.
5.5 Landing pages and form submissions
Public landing pages. Landing pages created through the Marketing App are publicly accessible and do not require authentication. Visiting a landing page does not set any cookies. We may record the visitor's IP address, browser user agent, and referring URL for analytics purposes.
Form submissions. When a visitor submits a form (on a Marketing landing page or one embedded on a third-party website), we record the submitted data along with the visitor's IP address, user agent, and referring URL. These are captured server-side via standard HTTP request headers — not via cookies or client-side tracking scripts. This data is used to verify consent origin and to comply with email marketing regulations.
5.6 IP address collection (compliance audit trail)
The Marketing App collects IP addresses in the following contexts as part of the consent audit trail required under CAN-SPAM, CASL, GDPR, and similar laws:
- Consent records — when a contact is added manually or submits a form, the operator's or visitor's IP address is recorded as part of the consent audit trail
- Subscription / unsubscription events — the IP address is recorded when a contact subscribes or unsubscribes
- Form submissions — the visitor's IP address is recorded with each submission
- Resubscription events — when a previously-unsubscribed contact is resubscribed with new consent, the IP address of the operator confirming the consent is recorded
IP addresses collected for these compliance purposes are not used for advertising, profiling, or geo-targeting; they are retained as long as the consent record itself is retained.
5.7 Sender responsibilities
The technologies described in Sections 5.2 – 5.5 are inserted into the marketing messages and forms YOU send and operate. You are the sender; you are responsible for disclosing this tracking in your own privacy notices and for complying with applicable law (CAN-SPAM, CASL, GDPR, ePrivacy, and so on). The Marketing App provides the infrastructure; it does not relieve you of your sender-side compliance obligations.
5.8 SMS
SMS messages do not use cookies. Delivery status, opt-out keywords (STOP / HELP), and reply correlation are handled by the wireless carriers and our SMS provider. IP address is not collected for SMS recipients (the phone number is the identifier).
6. Compass — App-Specific Cookies
6.1 Inside the Compass App (for agents)
Inside the Compass App that you use to author and publish content, we set only the essential, security, and preference cookies listed in Section 2.
6.2 On content you publish through Compass (for readers)
When a reader visits content you have published through Compass (whether on a Compass-hosted URL or on a custom domain pointed at our infrastructure), we set only essential cookies needed to serve the page and aggregate analytics for reporting. We do not set advertising or cross-site tracking cookies on published Compass content.
Embedded media (for example, a YouTube video you embed in a guide, a Vimeo player, or a third-party social-media embed) may set cookies on its own domain when it loads in the reader's browser. Those embedded providers' cookies are governed by their own policies, not by us. If you embed third-party media in your published content, you are responsible for disclosing this in your own reader-facing privacy notice.
Trips — App-Specific Cookies
Inside the Trips App (for agents)
Inside the Trips App that you use as an agency to manage trips, contacts, proposals, invoices, and the client portal, we set only the essential, security, and preference cookies listed in Section 2. The agent surface does not set advertising or analytics cookies. Web fonts on the public landing page load from fonts.bunny.net, which does not use cookies or tracking.
On the client portal (for travelers)
The client portal — where your travelers sign in to view their trips, itineraries, invoices, files, forms, and messages — sets a separate portal session cookie distinct from the agent session. This isolates client and agent sessions so the two cannot collide on a shared device. The portal cookie is essential, HttpOnly, Secure, and SameSite=Lax, and is cleared when the client signs out or after the configured inactivity window.
Portal accounts use email and password. The first sign-in (and any password reset) is started from a one-time, time-limited claim link delivered by email; once the traveler sets a password, subsequent visits use the standard email-and-password form. The claim link itself is not a cookie — it is a single-use URL token.
When a client follows a public share link (a proposal, invoice, or shared form) and chooses Continue without signing in, we set a small "splash-skipped" preference cookie keyed to that specific share token so the client is not re-prompted for seven days on that same link. The cookie holds the value 1 and reveals no other information; it is HttpOnly and SameSite=Lax.
Custom agency domains
If your agency wires a custom domain to the Trips client portal (for example, portal.your-agency.com), the portal session cookie is set on your domain, not on trips.urtravelpro.com. Cross-host sign-in is handled by a short-lived (90-second), single-use, HMAC-signed handoff token in the URL; the token itself is never stored as a cookie. You become a controller of cookies set on your own domain via our infrastructure; we provide the technical means to set those cookies on your behalf.
Public forms shared with your travelers
When you share a form with a traveler and they open it, the page loads Google reCAPTCHA v3 for bot detection. reCAPTCHA may set cookies on Google's own domains as described in Section 3. No other tracking is added by us. If a form is e-signed, we record the typed name (or drawn signature image), the signer's IP address, user agent, and signing timestamp as part of the audit trail; this is recorded server-side and is not stored in cookies.
Payments through Trips Direct Invoices
If a traveler pays an invoice through Trips, the payment is processed by Stripe via Stripe's embedded Checkout. Stripe loads its own scripts and sets its own cookies on Stripe's domains as described in Section 3. We do not see or store card numbers; we only store the brand and last four digits returned by Stripe for receipt purposes.
7. Cookies We Do NOT Use
We want to be clear about what we don't do:
- We do not use advertising or marketing cookies anywhere in the Service
- We do not use third-party analytics cookies (Google Analytics, Hotjar, Segment, Mixpanel, etc.) inside any App
- We do not use social-media tracking cookies (Facebook Pixel, LinkedIn Insight Tag, X Pixel, etc.)
- We do not profile users across sessions or sell tracking data
- We do not track you across other websites
- We do not use cookies to retarget you with ads
The marketing site at urtravelpro.com may use limited, aggregate analytics consistent with our Privacy Policy; any change will be reflected in this Cookie Policy first.
8. Why We Don't Show a Cookie Banner
Because the cookies we set ourselves are strictly necessary for the Service to function (or are functional preference cookies you can disable in your browser without breaking essential features), we are not required under most privacy laws to obtain your consent before setting them. The third-party cookies described in Section 3 are also strictly necessary for the optional features they support — they only load when you actively use those features.
If we ever add non-essential cookies in the future (for example, behavioral analytics or A/B-testing tools), we will update this policy and implement an appropriate consent mechanism before doing so.
9. Managing Cookies
You can control cookies through your browser settings. Most browsers allow you to:
- View what cookies are stored
- Delete individual or all cookies
- Block cookies from specific or all sites
- Set preferences for certain types of cookies
Major browser cookie guides:
Please note that blocking our essential cookies will prevent you from signing into and using the Service.
10. Do Not Track
Some browsers offer a "Do Not Track" (DNT) signal. Because there is no industry-wide standard for how to respond to DNT signals, we do not currently respond to them differently. We treat all visitors equally — and because we don't engage in cross-site tracking, advertising, or behavioral profiling in the first place, DNT does not meaningfully change how we operate.
11. Changes to This Policy
We may update this Cookie Policy if we change how we use cookies. The updated effective date will appear at the top of this page when changes are made. Material changes will be communicated through the Service or via email to the account owner.
12. Contact
If you have questions about our use of cookies, contact us:
Pride Travelers, LLC
d/b/a UrTravelPro
1559 Oak Hill Trail
Kissimmee, FL 34747
[email protected]