UrTravelPro ← Back to home

This Cookie Policy explains how Pride Travelers, LLC d/b/a UrTravelPro ("we," "us," or "our") uses cookies and similar technologies across the UrTravelPro Platform and its applications, including UrTravelPro Books, UrTravelPro Marketing, and UrTravelPro Compass (each, an "App"; collectively, the "Service"). This policy is part of, and incorporated into, our Privacy Policy.

Contents

  1. What Are Cookies
  2. Cookies We Set
  3. Third-Party Cookies (Service Providers)
  4. Books — App-Specific Cookies
  5. Marketing — App-Specific Cookies & Tracking
  6. Compass — App-Specific Cookies
  7. Trips — App-Specific Cookies
  8. Cookies We Do NOT Use
  9. Why We Don't Show a Cookie Banner
  10. Managing Cookies
  11. Do Not Track
  12. Changes to This Policy
  13. Contact

1. What Are Cookies

Cookies are small text files stored on your device by your web browser when you visit a website. They are widely used to make websites function, remember preferences, secure sessions, and provide information to site operators. This policy also covers similar technologies (local storage, pixel tags, web beacons) where we use them.

2. Cookies We Set

Across every App and across the urtravelpro.com marketing site, we set only strictly necessary cookies that are essential for the Service to function. We do not set any advertising, behavioral profiling, or cross-site tracking cookies of our own on any App.

Cookie / storage key Purpose Type Duration
laravel_session Maintains your authenticated session. Stores your session identifier so you remain signed in as you navigate the App. Essential Session (expires on browser close or after up to 2 hours of inactivity; App-dependent)
XSRF-TOKEN Cross-Site Request Forgery protection. Ensures form submissions and API requests originate from the legitimate application, not a malicious third party. Essential / Security Session-bound
theme (localStorage) Remembers your dark mode / light mode preference. Stored in your browser's localStorage, NOT as a cookie, and is never sent to our servers. Preference Persistent (until you clear browser data)
Organization preference (cookie or localStorage, App-dependent) Remembers the last organization you selected so you don't have to re-pick on every page load. Only present if you have access to multiple organizations. Functional Up to 1 year

Single Sign-On across the Apps is handled by UrTravelPro Core (core.urtravelpro.com) using its own session cookie scoped to its own domain. When you sign into any App via SSO, Core may set or read its own session cookie to determine whether you are already signed in across the Platform.

3. Third-Party Cookies (Set by Service Providers)

To deliver certain features, the Service loads widgets, scripts, and embedded resources hosted by trusted third-party providers. When those load in your browser, the providers may set their own cookies on their own domains. These cookies are necessary for the related features to function and cannot be disabled without breaking those features. We do not control or have access to these cookies — they are governed by each provider's own cookie policy.

Provider When loaded Purpose Domain
Stripe When you visit the billing dashboard, open Stripe Checkout, or update your payment method (paid plans only, any App) Fraud prevention and proper functioning of Stripe Checkout js.stripe.com, checkout.stripe.com
Plaid When you click Add Bank Feed and the Plaid Link widget loads (Books, paid plans only) Bank connection security, fraud prevention, OAuth flow handling cdn.plaid.com, *.plaid.com
Cloudflare On every page request Bot protection, DDoS mitigation, security challenge handling *.urtravelpro.com
Google reCAPTCHA v3 On public form-submission pages in Trips (when a client fills out and submits a form an agent shared with them) and on certain contact-sales / inquiry forms across the Platform Bot detection. Google scores each submission for likelihood of being automated; low-scoring submissions are rejected. *.google.com, *.gstatic.com

If you never use a paid plan, you will never trigger Stripe cookies. If you never connect a bank feed, you will never trigger Plaid cookies. reCAPTCHA only loads on the specific public form pages where it runs. These third-party cookies are only set in response to actions you choose to take.

4. Books — App-Specific Cookies

Inside UrTravelPro Books we set only the essential, security, and preference cookies listed in Section 2. The only optional third-party cookies that may be triggered inside Books are the Stripe and Plaid cookies described in Section 3, and only if you actively use those features.

Books does not use analytics or advertising cookies of any kind.

5. Marketing — App-Specific Cookies & Tracking

5.1 Cookies inside the Marketing App (for agents)

Inside the Marketing App that you use as an agent to build and send campaigns, we set only the essential, security, and preference cookies listed in Section 2. We do not set advertising or analytics cookies on the agent-facing surface. The only external resources loaded by the agent-facing surface are web fonts from fonts.bunny.net, which does not use cookies or tracking.

5.2 Open-tracking pixels in emails you send

Each campaign email contains a tiny, invisible 1×1 pixel image hosted on our servers. When the recipient's email client loads images, our server records the open event with a timestamp. The tracking pixel itself does not set cookies on the recipient's device — it simply records that the image was requested.

Recipients can prevent open tracking by disabling automatic image loading in their email client. Some clients (such as Apple Mail Privacy Protection and certain corporate gateways) may pre-load images automatically, which can cause opens to be recorded even if the recipient never actually viewed the email.

5.3 Click-tracking links in emails you send

Links in your campaign emails are wrapped with tracking URLs that pass through our servers before redirecting to the original destination. When a recipient clicks a tracked link, our server records the click event (with timestamp) and immediately redirects to the intended URL. No cookies are set during this redirect.

5.4 Unsubscribe links

Every campaign email includes an unsubscribe link. When clicked, the recipient is taken to a confirmation page on our site. The unsubscribe URL is cryptographically signed to prevent tampering. No cookies are required to process an unsubscribe — the signed URL contains all necessary information.

5.5 Landing pages and form submissions

Public landing pages. Landing pages created through the Marketing App are publicly accessible and do not require authentication. Visiting a landing page does not set any cookies. We may record the visitor's IP address, browser user agent, and referring URL for analytics purposes.

Form submissions. When a visitor submits a form (on a Marketing landing page or one embedded on a third-party website), we record the submitted data along with the visitor's IP address, user agent, and referring URL. These are captured server-side via standard HTTP request headers — not via cookies or client-side tracking scripts. This data is used to verify consent origin and to comply with email marketing regulations.

5.6 IP address collection (compliance audit trail)

The Marketing App collects IP addresses in the following contexts as part of the consent audit trail required under CAN-SPAM, CASL, GDPR, and similar laws:

IP addresses collected for these compliance purposes are not used for advertising, profiling, or geo-targeting; they are retained as long as the consent record itself is retained.

5.7 Sender responsibilities

The technologies described in Sections 5.2 – 5.5 are inserted into the marketing messages and forms YOU send and operate. You are the sender; you are responsible for disclosing this tracking in your own privacy notices and for complying with applicable law (CAN-SPAM, CASL, GDPR, ePrivacy, and so on). The Marketing App provides the infrastructure; it does not relieve you of your sender-side compliance obligations.

5.8 SMS

SMS messages do not use cookies. Delivery status, opt-out keywords (STOP / HELP), and reply correlation are handled by the wireless carriers and our SMS provider. IP address is not collected for SMS recipients (the phone number is the identifier).

6. Compass — App-Specific Cookies

6.1 Inside the Compass App (for agents)

Inside the Compass App that you use to author and publish content, we set only the essential, security, and preference cookies listed in Section 2.

6.2 On content you publish through Compass (for readers)

When a reader visits content you have published through Compass (whether on a Compass-hosted URL or on a custom domain pointed at our infrastructure), we set only essential cookies needed to serve the page and aggregate analytics for reporting. We do not set advertising or cross-site tracking cookies on published Compass content.

Embedded media (for example, a YouTube video you embed in a guide, a Vimeo player, or a third-party social-media embed) may set cookies on its own domain when it loads in the reader's browser. Those embedded providers' cookies are governed by their own policies, not by us. If you embed third-party media in your published content, you are responsible for disclosing this in your own reader-facing privacy notice.

Trips — App-Specific Cookies

Inside the Trips App (for agents)

Inside the Trips App that you use as an agency to manage trips, contacts, proposals, invoices, and the client portal, we set only the essential, security, and preference cookies listed in Section 2. The agent surface does not set advertising or analytics cookies. Web fonts on the public landing page load from fonts.bunny.net, which does not use cookies or tracking.

On the client portal (for travelers)

The client portal — where your travelers sign in to view their trips, itineraries, invoices, files, forms, and messages — sets a separate portal session cookie distinct from the agent session. This isolates client and agent sessions so the two cannot collide on a shared device. The portal cookie is essential, HttpOnly, Secure, and SameSite=Lax, and is cleared when the client signs out or after the configured inactivity window.

Portal accounts use email and password. The first sign-in (and any password reset) is started from a one-time, time-limited claim link delivered by email; once the traveler sets a password, subsequent visits use the standard email-and-password form. The claim link itself is not a cookie — it is a single-use URL token.

When a client follows a public share link (a proposal, invoice, or shared form) and chooses Continue without signing in, we set a small "splash-skipped" preference cookie keyed to that specific share token so the client is not re-prompted for seven days on that same link. The cookie holds the value 1 and reveals no other information; it is HttpOnly and SameSite=Lax.

Custom agency domains

If your agency wires a custom domain to the Trips client portal (for example, portal.your-agency.com), the portal session cookie is set on your domain, not on trips.urtravelpro.com. Cross-host sign-in is handled by a short-lived (90-second), single-use, HMAC-signed handoff token in the URL; the token itself is never stored as a cookie. You become a controller of cookies set on your own domain via our infrastructure; we provide the technical means to set those cookies on your behalf.

Public forms shared with your travelers

When you share a form with a traveler and they open it, the page loads Google reCAPTCHA v3 for bot detection. reCAPTCHA may set cookies on Google's own domains as described in Section 3. No other tracking is added by us. If a form is e-signed, we record the typed name (or drawn signature image), the signer's IP address, user agent, and signing timestamp as part of the audit trail; this is recorded server-side and is not stored in cookies.

Payments through Trips Direct Invoices

If a traveler pays an invoice through Trips, the payment is processed by Stripe via Stripe's embedded Checkout. Stripe loads its own scripts and sets its own cookies on Stripe's domains as described in Section 3. We do not see or store card numbers; we only store the brand and last four digits returned by Stripe for receipt purposes.

7. Cookies We Do NOT Use

We want to be clear about what we don't do:

The marketing site at urtravelpro.com may use limited, aggregate analytics consistent with our Privacy Policy; any change will be reflected in this Cookie Policy first.

8. Why We Don't Show a Cookie Banner

Because the cookies we set ourselves are strictly necessary for the Service to function (or are functional preference cookies you can disable in your browser without breaking essential features), we are not required under most privacy laws to obtain your consent before setting them. The third-party cookies described in Section 3 are also strictly necessary for the optional features they support — they only load when you actively use those features.

If we ever add non-essential cookies in the future (for example, behavioral analytics or A/B-testing tools), we will update this policy and implement an appropriate consent mechanism before doing so.

9. Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to:

Major browser cookie guides:

Please note that blocking our essential cookies will prevent you from signing into and using the Service.

10. Do Not Track

Some browsers offer a "Do Not Track" (DNT) signal. Because there is no industry-wide standard for how to respond to DNT signals, we do not currently respond to them differently. We treat all visitors equally — and because we don't engage in cross-site tracking, advertising, or behavioral profiling in the first place, DNT does not meaningfully change how we operate.

11. Changes to This Policy

We may update this Cookie Policy if we change how we use cookies. The updated effective date will appear at the top of this page when changes are made. Material changes will be communicated through the Service or via email to the account owner.

12. Contact

If you have questions about our use of cookies, contact us:

Pride Travelers, LLC
d/b/a UrTravelPro
1559 Oak Hill Trail
Kissimmee, FL 34747
[email protected]