Cookie policy · Effective July 14, 2026
Optional cookies are off.
This policy lists the storage UpTrip uses now and the cookies used by account features. Optional tools cannot load until you allow their category.
Your controls
Necessary technology is always on because it records your choice and secures the service, or provides sign-in you request. Preferences, analytics and marketing default off. Rejecting is as easy as accepting, and you can change your choice from any page.
Current inventory
| Name/provider | Purpose | Category | Duration |
|---|---|---|---|
uptrip_consent / UpTrip | Records consent policy version 2026-07-13.2, enabled category flags and GPC state. The matching detailed record is stored in local storage. | Necessary | 12 months or until cleared/replaced |
__session / UpTrip and Auth0 | Encrypted, HTTP-only account session used after you sign in. It is Secure in production and restricted to same-site requests. | Necessary when sign-in is requested | Up to 1 day without activity and 3 days absolute |
__txn_* / UpTrip and Auth0 | Protects a sign-in or registration transaction, including state and the same-origin return path, against interception and request forgery. | Necessary when sign-in or registration is requested | Up to 1 hour |
uptrip_invitation / UpTrip | Moves a one-time invitation bearer out of the email-link fragment into an HTTP-only, same-site claim so it can be bound to the verified account and accepted without exposing it in request URLs. | Necessary when an invitation link is used | Until the invitation expires (no more than 7 days), is accepted, or the cookie is cleared |
uptrip_signup_authorization / UpTrip | Contains a signed invitation row identifier and expiry—but no invitation bearer or email—to prove that UpTrip validated an active invitation before Auth0 registration. It is HTTP-only, Secure in production, same-site and host-only. | Necessary when invited registration is requested | 30 minutes at most, never beyond invitation expiry, and cleared after acceptance or terminal invalidation |
uptrip_auth_recovery / UpTrip | Carries one fixed, non-identifying destination while UpTrip clears an unusable or wrong-account Auth0 session. It cannot hold a URL, email, token, or account identifier and is deleted after the return. | Necessary when session recovery is requested | Up to 2 minutes or until the return completes |
| Optional preference storage | None installed. | Preferences | Not applicable |
| Analytics cookies/storage | None installed. | Analytics | Not applicable |
| Advertising cookies/storage | None installed. | Marketing | Not applicable |
What happens when you change a choice
UpTrip updates the consent cookie and local record, changes page-level category flags, and emits a consent-change event that current or future integrations must obey. Switching a category off prevents future loading and instructs integrations to remove removable identifiers. Browser or provider controls may be needed to erase identifiers already held outside UpTrip.
Global Privacy Control
If your browser exposes Global Privacy Control, analytics and marketing remain off and cannot be re-enabled by the banner. UpTrip treats the signal as an opt-out of sale, sharing, targeted advertising and related profiling. UpTrip does not perform those activities.
Browser controls and third-party links
You can clear cookies and local storage in your browser, but clearing the consent record makes the banner appear again. Following an official hotel, loyalty-program or booking link takes you to another service with its own cookies and privacy terms.
Changes or questions
This inventory is reviewed before any new client-side service is activated. Material additions require an updated policy version and a new choice. Report a mismatch through Your Privacy Choices.
