This Cookie Policy explains how PayTravel uses cookies and similar technologies (such as the browser's local storage) when you visit our website. Read it together with our Privacy Policy.
1. What are cookies?
Cookies are small text files placed on your device by your browser when you visit a website. They store small amounts of information so the site can recognize your browser on later visits. Local storage is a different but similar technology — also stored by your browser — and is treated the same way under EU ePrivacy rules.
We use four categories:
- Strictly necessary — required for the site to work (e.g., to keep you signed in or to remember your cookie choice). Cannot be disabled.
- Analytics — help us understand how visitors use the site.
- Marketing / advertising — measure advertising effectiveness and enable remarketing.
- Personalization — tailor content based on your activity.
2. Consent Mode v2
We implement Google Consent Mode v2. By default, no analytics or marketing cookies are set. They are only activated after you give consent through our cookie banner. Until you do, our Google tag still loads, but operates in a privacy-preserving "denied" state: Google receives only an anonymized signal that you visited the page, with no advertising or analytics identifiers and no precise location.
3. How to change your preferences
Open the customize modal at any time using the Cookie preferences link in the footer, or the link in the consent banner. You can toggle each category on or off and your new choice takes effect on every page from that point on.
You can also block or delete cookies in your browser settings — instructions for Chrome, Firefox, Safari, Edge.
4. Cookies we use
| Name | Provider | Purpose | Type | Duration | More info |
|---|---|---|---|---|---|
| cookie_consent | PayTravel | Remembers your cookie preferences so we don't show the banner again on every page. | Strictly necessary | 6 months | — |
| better-auth.session_token | PayTravel | Keeps you signed in to the dashboard. | Strictly necessary | Session (until you sign out) | — |
| _ga | Google LLC | Distinguishes unique visitors for Google Analytics 4. | Analytics | 2 years | |
| _ga_T3WNL4R0XY | Google LLC | Persists session state for our specific GA4 property. | Analytics | 2 years | |
| _gid | Google LLC | Distinguishes unique visitors during a 24-hour window. | Analytics | 24 hours | |
| ph_<token>_posthog | PostHog, Inc. | Identifies a unique visitor for product analytics on the dashboard. | Analytics | 1 year | PostHog |
| _clck | Microsoft Corporation | Persists the Microsoft Clarity user ID so we can attribute repeat sessions to the same visitor. | Analytics | 1 year | Microsoft |
| _clsk | Microsoft Corporation | Links the pages viewed during one Clarity session. | Analytics | 1 day | Microsoft |
| __stripe_mid | Stripe Payments Europe, Ltd. | Stripe fraud prevention. Only set on pages that load the Stripe.js library (checkout, payment flows). | Strictly necessary | 1 year | Stripe |
| __stripe_sid | Stripe Payments Europe, Ltd. | Stripe fraud prevention (session). Same scope as __stripe_mid. | Strictly necessary | 30 minutes | Stripe |
Note: Sentry (error and performance monitoring) does not set cookies
for diagnostic capture. Microsoft Clarity may additionally set a MUID cookie if our account is later integrated with
Microsoft Advertising; we will update this Policy if that happens.
5. Local storage and similar technologies
| Key | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
| paytravel:utm | PayTravel | Stores UTM parameters from your arrival URL so we can attribute a later signup or application to the source campaign. | Marketing | 7 days |
6. What happens if you reject?
Basic site functionality continues to work — you can read content,
sign in, submit forms, and complete bookings. We will not set
analytics or marketing cookies, will not collect IP-derived
approximate location data, and will not hash any form-field
identifiers for Google measurement. Google still receives a
privacy-preserving "denied" signal (Consent Mode v2 gcs=G100)
so it knows you visited the page but cannot identify or track you.
7. Third parties
Third-party cookies and storage are loaded via Google Tag Manager and set by the following providers:
- Google LLC (Google Tag Manager + Google Analytics 4) — tag management, analytics, advertising, personalization. Cookie info.
- PostHog, Inc. — product analytics. Privacy policy.
- Microsoft Corporation (Clarity) — session replay and heatmaps. Privacy statement.
- Stripe Payments Europe, Ltd. — payment fraud prevention on checkout pages only. Privacy policy.
International transfers and the legal framework that protects them are described in Section 6 of our Privacy Policy.
8. Contact
Questions about cookies or this Policy: privacy@paytravel.co.
Changelog
- 2026-05-19: Initial Cookie Policy published alongside the rewritten Privacy Policy. Documents Google Analytics 4 cookies, Consent Mode v2 behavior, our consent cookie, and the marketing-attribution local storage key.